On Tue, Aug 9, 2011 at 4:04 AM, Jouni Malinen <jouni@xxxxxxxxxxxxxxxx> wrote: > On Mon, Aug 08, 2011 at 08:04:50PM -0600, Felix Fietkau wrote: >> On 2011-08-08 1:19 PM, Bill Jordan wrote: >> > The first 4 hardware key indexes are reserved for WEP, but >> > never programmed. The result was that WEP always used >> > software decryption. > > Not really.. They have a special role receiving group addressed frames > and may be used with static WEP configuration, but there is no strict > reservation of them being for WEP or other key indexes not being > available for WEP. > >> > diff --git a/drivers/net/wireless/ath/key.c b/drivers/net/wireless/ath/key.c >> > @@ -501,7 +501,11 @@ int ath_key_config(struct ath_common *common, >> > if (key->keylen) >> > memcpy(hk.kv_val, key->key, key->keylen); >> > >> > - if (!(key->flags& IEEE80211_KEY_FLAG_PAIRWISE)) { >> > + if (hk.kv_type == ATH_CIPHER_WEP) { >> > + if (key->keyidx>= IEEE80211_WEP_NKID) >> > + return -EOPNOTSUPP; >> > + idx = key->keyidx; >> > + } else if (!(key->flags& IEEE80211_KEY_FLAG_PAIRWISE)) { >> I'm not sure this is a good idea, this would break adding pairwise WEP >> keys. Also, maybe WEP keys could use the BSSID in the lookup to avoid >> the first 4 keycache slots, that way it'd work properly in multi-BSSID >> AP setups. > > Agreed, this should not be applied. > > As far as AP mode is concerned, there is no need to actually receive > group addressed frames, so other key slots can be used regardless of the > key index. Multi-BSSID AP setup with multiple BSSes that use static WEP > keys is not going to work well, but then again, no one really should be > using WEP anymore and I have no problems forcing that special use case > to use software encryption/decryption. While dynamic WEP key setup with > IEEE 802.1X is not really that much better, doing changes to improve > some static WEP cases at the cost of reduced dynamic WEP functionality > does not sound like a good direction. > > If the goal here was to improve station mode functionality in the case > where a single WEP network is being used, it should be done more > carefully to avoid causing problems to other cases. I was attempting to fix WEP AP mode. I was surprised to find that received data packets were decrypted in software. I thought WEP should be programming the first 4 hardware keys based on code in ath9k_rx_skb_postprocess: } else if (ieee80211_has_protected(fc) && !decrypt_error && skb->len >= hdrlen + 4) { keyix = skb->data[hdrlen + 3] >> 6; if (test_bit(keyix, common->keymap)) rxs->flag |= RX_FLAG_DECRYPTED; } This code only works if the first 4 hardware keys are used. In order to support dynamic WEP keys, all WEP decryption must be done in software? Am I understanding that correctly? Bill Jordan -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html