Incorrect Michael MIC key (RX, should have been TX) was set for the group key in AP mode. This resulted in all broadcast frames triggering Michael MIC errors and eventual TKIP countermeasures. The change here sets the correct Michael MIC key based on whether the local end is the authenticator (well, AP for now). Signed-off-by: Jouni Malinen <jouni.malinen@xxxxxxxxxxx> Tested-by: Pat Erley <pat-lkml@xxxxxxxxx> --- drivers/net/wireless/ath9k/main.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) --- wireless-testing.orig/drivers/net/wireless/ath9k/main.c 2009-02-26 10:49:43.000000000 +0200 +++ wireless-testing/drivers/net/wireless/ath9k/main.c 2009-02-26 10:51:41.000000000 +0200 @@ -648,8 +648,8 @@ static int ath_keyset(struct ath_softc * } static int ath_setkey_tkip(struct ath_softc *sc, u16 keyix, const u8 *key, - struct ath9k_keyval *hk, - const u8 *addr) + struct ath9k_keyval *hk, const u8 *addr, + bool authenticator) { const u8 *key_rxmic; const u8 *key_txmic; @@ -659,7 +659,13 @@ static int ath_setkey_tkip(struct ath_so if (addr == NULL) { /* Group key installation */ - memcpy(hk->kv_mic, key_rxmic, sizeof(hk->kv_mic)); + if (authenticator) { + memcpy(hk->kv_mic, key_txmic, sizeof(hk->kv_mic)); + memcpy(hk->kv_txmic, key_txmic, sizeof(hk->kv_mic)); + } else { + memcpy(hk->kv_mic, key_rxmic, sizeof(hk->kv_mic)); + memcpy(hk->kv_txmic, key_rxmic, sizeof(hk->kv_mic)); + } return ath_keyset(sc, keyix, hk, addr); } if (!sc->splitmic) { @@ -769,6 +775,7 @@ static int ath_reserve_key_cache_slot(st } static int ath_key_config(struct ath_softc *sc, + struct ieee80211_vif *vif, struct ieee80211_sta *sta, struct ieee80211_key_conf *key) { @@ -828,7 +835,8 @@ static int ath_key_config(struct ath_sof } if (key->alg == ALG_TKIP) - ret = ath_setkey_tkip(sc, idx, key->key, &hk, mac); + ret = ath_setkey_tkip(sc, idx, key->key, &hk, mac, + vif->type == NL80211_IFTYPE_AP); else ret = ath_keyset(sc, idx, &hk, mac); @@ -2481,7 +2489,7 @@ static int ath9k_set_key(struct ieee8021 switch (cmd) { case SET_KEY: - ret = ath_key_config(sc, sta, key); + ret = ath_key_config(sc, vif, sta, key); if (ret >= 0) { key->hw_key_idx = ret; /* push IV and Michael MIC generation to stack */ -- Jouni Malinen PGP id EFC895FA -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html