From eb46936b9f2b639f4edeeaf9154d49476fc30fe5 Mon Sep 17 00:00:00 2001 From: Vasanthakumar Thiagarajan Date: Tue, 23 Dec 2008 21:30:50 +0530 Subject: [PATCH] mac80211: Scale down to non-HT association with TKIP/WEP as pairwise cipher As TKIP is not updated to new security needs which arise when TKIP is used to encrypt A-MPDU aggregated data frames, IEEE802.11n does not allow any cipher other than CCMP (Which has new extensions defined) as pairwise cipher between HT peers. When such configuration (TKIP/WEP in HT) is forced, we still associate in non-HT mode (11a/b/g). Signed-off-by: Vasanthakumar Thiagarajan Acked-by: Johannes Berg Signed-off-by: John W. Linville --- net/mac80211/ieee80211_i.h | 1 + net/mac80211/iface.c | 3 ++- net/mac80211/mlme.c | 9 ++++++++- net/mac80211/wext.c | 12 +++++++++++- 4 files changed, 22 insertions(+), 3 deletions(-) diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h index f3eec989662..5f8ad885a48 100644 --- a/net/mac80211/ieee80211_i.h +++ b/net/mac80211/ieee80211_i.h @@ -258,6 +258,7 @@ struct mesh_preq_queue { #define IEEE80211_STA_AUTO_BSSID_SEL BIT(11) #define IEEE80211_STA_AUTO_CHANNEL_SEL BIT(12) #define IEEE80211_STA_PRIVACY_INVOKED BIT(13) +#define IEEE80211_STA_TKIP_WEP_USED BIT(14) /* flags for MLME request */ #define IEEE80211_STA_REQ_SCAN 0 #define IEEE80211_STA_REQ_DIRECT_PROBE 1 diff --git a/net/mac80211/iface.c b/net/mac80211/iface.c index b9074824862..1eefc5df495 100644 --- a/net/mac80211/iface.c +++ b/net/mac80211/iface.c @@ -459,7 +459,8 @@ static int ieee80211_stop(struct net_device *dev) synchronize_rcu(); skb_queue_purge(&sdata->u.sta.skb_queue); - sdata->u.sta.flags &= ~IEEE80211_STA_PRIVACY_INVOKED; + sdata->u.sta.flags &= ~(IEEE80211_STA_PRIVACY_INVOKED | + IEEE80211_STA_TKIP_WEP_USED); kfree(sdata->u.sta.extra_ie); sdata->u.sta.extra_ie = NULL; sdata->u.sta.extra_ie_len = 0; diff --git a/net/mac80211/mlme.c b/net/mac80211/mlme.c index 2b890af01ba..b688425d755 100644 --- a/net/mac80211/mlme.c +++ b/net/mac80211/mlme.c @@ -391,10 +391,17 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata, } /* wmm support is a must to HT */ + /* + * IEEE802.11n does not allow TKIP/WEP as pairwise + * ciphers in HT mode. We still associate in non-ht + * mode (11a/b/g) if any one of these ciphers is + * configured as pairwise. + */ if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED) && sband->ht_cap.ht_supported && (ht_ie = ieee80211_bss_get_ie(bss, WLAN_EID_HT_INFORMATION)) && - ht_ie[1] >= sizeof(struct ieee80211_ht_info)) { + ht_ie[1] >= sizeof(struct ieee80211_ht_info) && + (!(ifsta->flags & IEEE80211_STA_TKIP_WEP_USED))) { struct ieee80211_ht_info *ht_info = (struct ieee80211_ht_info *)(ht_ie + 2); u16 cap = sband->ht_cap.cap; diff --git a/net/mac80211/wext.c b/net/mac80211/wext.c index 7162d5816f3..011592fd452 100644 --- a/net/mac80211/wext.c +++ b/net/mac80211/wext.c @@ -903,12 +903,22 @@ static int ieee80211_ioctl_siwauth(struct net_device *dev, switch (data->flags & IW_AUTH_INDEX) { case IW_AUTH_WPA_VERSION: - case IW_AUTH_CIPHER_PAIRWISE: case IW_AUTH_CIPHER_GROUP: case IW_AUTH_WPA_ENABLED: case IW_AUTH_RX_UNENCRYPTED_EAPOL: case IW_AUTH_KEY_MGMT: break; + case IW_AUTH_CIPHER_PAIRWISE: + if (sdata->vif.type == NL80211_IFTYPE_STATION) { + if (data->value & (IW_AUTH_CIPHER_WEP40 | + IW_AUTH_CIPHER_WEP104 | IW_AUTH_CIPHER_TKIP)) + sdata->u.sta.flags |= + IEEE80211_STA_TKIP_WEP_USED; + else + sdata->u.sta.flags &= + ~IEEE80211_STA_TKIP_WEP_USED; + } + break; case IW_AUTH_DROP_UNENCRYPTED: sdata->drop_unencrypted = !!data->value; break; -- 2.11.4.GIT