[PATCH v3 15/17] nl80211: Hack for keyidx=1 installs

Alexander Wetzel <alexander@xxxxxxxxxxxxxx> · Sat, 17 Aug 2019 23:14:33 +0200

The Extended Key ID implementation in linux don't allow to install
pairwise keys using keyid 1 with one netlink call.

This will probably change in the near future, but till then this patch
works around keyid 1 install problems when using FILS or FT.

Signed-off-by: Alexander Wetzel <alexander@xxxxxxxxxxxxxx>
---

This is just a hack - at least for now - to work around a shortcoming in
the Extended Key ID API. With this patch all hostapd tests are working
with the existing API, including FT and FILS.

I'm currently trying to get that fixed in the linux kernel. If this
works out as I hope we can simply not merge this patch. (This will still
leave some kernels around which will have problems for FT and FILS,
assuming we don't decide that we ave to stick to keyid zero for those.)

 src/drivers/driver_nl80211.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 9ef376c56..de82fb79d 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -3020,6 +3020,7 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
 	struct nl_msg *key_msg;
 	struct nlattr *types;
 	int need_set_key = 0;
+	int hack = 0;
 	int ret;
 
 	/* Ignore for P2P Device */
@@ -3085,6 +3086,13 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
 		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
 			goto fail;
 
+		/* Hack to allow keyidx=1 key installs with key_type=0 */
+		if (key_idx == 1 && key_type == KEY_TYPE_PAIRWISE &&
+		    alg != WPA_ALG_NONE) {
+			hack = 1;
+			key_type = KEY_TYPE_NO_AUTO_TX;
+		}
+
 		if (key_type == KEY_TYPE_NO_AUTO_TX ||
 		    key_type == KEY_TYPE_SET_TX) {
 			wpa_printf(MSG_DEBUG, "nl80211: %s for "
@@ -3122,6 +3130,19 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
 		wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s)",
 			   ret, strerror(-ret));
 
+	if (!ret && hack) {
+		wpa_printf(MSG_DEBUG,
+			   "nl80211: set key hack for KEY_TYPE_SET_TX");
+		ret = wpa_driver_nl80211_set_key(ifname, bss, 0, addr,
+						 key_idx, NULL, 0, NULL, 0,
+						 KEY_TYPE_SET_TX);
+		if (ret)
+			wpa_printf(MSG_DEBUG,
+				   "nl80211: set_key hack failed; err=%d %s)",
+				   ret, strerror(-ret));
+		return ret;
+	}
+
 	/*
 	 * If we failed or don't need to set the key as default (below),
 	 * we're done here.
-- 
2.22.0


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap






