diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
@@ -286,7 +286,7 @@ static void ieee802_1x_tx_key(struct hostapd_data
*hapd, struct sta_info *sta)
if (hostapd_drv_set_key(hapd->conf->iface, hapd, WPA_ALG_WEP,
sta->addr, 0, 1, NULL, 0, ikey,
hapd->conf->individual_wep_key_len,
- 0)) {
+ KEY_TYPE_DEFAULT)) {
Why would this use KEY_TYPE_DEFAULT instead of KEY_TYPE_PAIRWISE? This
operation is configuring a unicast WEP key for the specific station.
Sure, it was not called pairwise before RSN was added to the standard,
but this is a WEP key that is used for unicast frames only and there is
a separate WEP key from group-addressed frames.
I'm on really thin ice with WEP. But since set_tx is set to one here the
intend seems to be to install the WEP key also as a default WEP key for
the STA. So I mapped it to the equivalent, making sure there is a
default key with WEP. Using KEY_TYPE_PAIRWISE will skip the
NL80211_KEY_DEFAULT call for the key. Now the original code was doing
that... If that's not required we can change it.
I noticed that setting KEY_TYPE_DEFAULT and an sta addr seems to be an
invalid combination. At least the nl80211 driver is not handling this
combination and executes the same code as for KEY_TYPE_PAIRWISE.
So we really should use KEY_TYPE_PAIRWISE here. And maybe add a sanity
check for set_key blocking the not implemented combination.
I've included that in the patch set I was working on and finally will
send out in a few minutes.
diff --git a/tests/hwsim/test_ap_ciphers.py
b/tests/hwsim/test_ap_ciphers.py
@@ -862,7 +862,7 @@ def test_ap_wpa2_delayed_m1_m3_zero_tk(dev, apdev):
- if "OK" not in hapd.request("SET_KEY 3 %s %d %d %s %s 0" %
(addr, 0, 1, 6*"00", 16*"00")):
+ if "OK" not in hapd.request("SET_KEY 3 %s %d %d %s %s %d" %
(addr, 0, 1, 6*"00", 16*"00", 2)):
I'm moving this and the other related changes in 4/17 into a separate
patch (i.e., 4/17 uses 0 for everything as the key_type and does not
have the exception for hostapd_ctrl_set_key()).
Don't understand the reasoning for that, so just a quick explanation
what I do here:
4/17 just added the variable key_type and added the "0" prior to the
"%", so so tests can still be executed. Here I replace the "0" with "2"
- which is KEY_TYPE_PAIRWISE for tests. (And start setting the value
like the other variables.)
Maybe one additional comment here:
It's irrelevant which patch sets the key_type to 2, it just must be done
after 4/17 and prior to 7/17 when we don't want to break the tests
between the patches.
Alexander
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
