Search Linux Wireless

RE: [PATCH 1/2] mwifiex: return success in set_default_key for WPA/WPA2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Johannes,

> -----Original Message-----
> From: Johannes Berg [mailto:johannes@xxxxxxxxxxxxxxxx]
> Sent: Sunday, April 03, 2011 1:37 AM
> To: Bing Zhao
> Cc: linux-wireless@xxxxxxxxxxxxxxx; John W. Linville; Amitkumar Karwar; Kiran Divekar; Yogesh Powar;
> Marc Yang; Frank Huang; Jouni Malinen
> Subject: Re: [PATCH 1/2] mwifiex: return success in set_default_key for WPA/WPA2
> 
> On Sun, 2011-04-03 at 10:02 +0200, Johannes Berg wrote:
> > On Fri, 2011-04-01 at 18:36 -0700, Bing Zhao wrote:
> > > From: Amitkumar Karwar <akarwar@xxxxxxxxxxx>
> > >
> > > When testing wpa_supplicant with 'nl80211' driver to connect
> > > to an AP with WPA/WPA2 security, we notice the followings:
> > >
> > > 1) add_key is called firstly with the key from cfg80211
> > > 2) set_defaut_key is called next
> > >
> > > set_default_key() is specific to WEP keys and should not be
> > > called in case of WPA/WPA2 security. The set_default_key()
> > > won't be called if wpa_supplicant uses "-Dwext" option,
> > > but it's been called if "-Dnl80211" option is specified.
> > >
> > > We can fix this issue by adding a check to return from
> > > set_default_key() if WEP key is not configured.
> >
> > Hmmm. Yeah this seems like it shouldn't be happening, but maybe checking
> > should be in cfg80211 and it should reject the supplicant's call?

In wext-compat.c, set_default_key() is called only in WEP security.
In nl80211.c, there isn't such checking.

> 
> Ok Jouni and I just discussed this briefly, and it looks like there is
> indeed a special case where the GTK is also set as the default TX key:
> this case is when the station requested "no pairwise" or when the AP did
> the same thing in the configuration.

From the wpa_supplicant debug log generated by Amit, it seems that set_default_key() is called while installing PTK to the driver. Is it expected?

WPA: Installing PTK to the driver.
WPA: RSC - hexdump(len=6): 00 00 00 00 00 00
wpa_driver_nl80211_set_key: ifindex=12 alg=2 addr=0x80a7168 key_idx=0 set_tx=1 seq_len=6 key_len=32
   addr=00:1b:2f:55:79:7e

The complete log file is attached for your reference.

> 
> Is it possible that this just happens to be the case in your tests? It
> looks like that would be rather strange, but that's a corner case where
> the supplicant would possibly set the GTK as the default key.

Not the same corner case. In our test both pairwise and groupwise are configured.

> 
> In any case, this patch seems wrong in that you should never return
> success if the operation actually failed.

Could you please advise how we should resolve this?

Thanks,

Bing

Attachment: wpa_supplicant-nl80211.log
Description: wpa_supplicant-nl80211.log

[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux