Re: [PATCH 6/6] ath: Fix WEP hardware encryption

[Bruno Randolf <br1@einfach.org>]

On Wed January 26 2011 18:37:00 Jouni Malinen wrote:
> On Wed, Jan 26, 2011 at 11:38:53AM +0900, Bruno Randolf wrote:
> > Even without my patch, WEP does not work with multiple vifs.
> 
> Are you sure about that? 

Yes, I'm sure. Please test it yourself, if you don't believe me. :)
I'm using ath5k, not ath9k, BTW.

> Why would there be any issues in using software
> crypto for decrypting WEP frames while everything else is done in
> hardware? 

I don't know why it doesn't work at this point, but it doesn't and this looks 
suspicious:

root@RMR1:~# cat /sys/kernel/debug/ieee80211/phy0/keys/0/hw_key_idx 
4
root@RMR1:~# cat /sys/kernel/debug/ieee80211/phy0/keys/0/keyidx 
0
root@RMR1:~# cat /sys/kernel/debug/ieee80211/phy0/keys/1/hw_key_idx 
68
root@RMR1:~# cat /sys/kernel/debug/ieee80211/phy0/keys/1/keyidx 
0

> > My patch just adds a special case for WEP, so it does not break anything
> > for the other use cases. It improves the performance for the one vif
> > case where WEP works right now.
> 
> As far as I can tell, it will break all multi-vif cases where at least
> one of the vifs is using WEP (which would be one of the only acceptable
> uses of WEP as a temporary upgrade path while providing more reasonable
> security on other vifs). As such, I would have to NAK this patch in its
> current form.

Why do you believe it would break something? It just uses key indices 0-3, 
which are not used for anything else.

I tested it with 1 WEP vif and 3 WPA vifs and it works.

> To make this acceptable, the patch would need to handle a case where
> multiple vifs are added (which may happen either before or after the WEP
> keys would be set to default key indexes) and prevent the use of those
> key indexes (which would include removing the already configured keys in
> case of vif added after the WEP configuration on another vif).

Given the fact that it works i think this is not necessary.

bruno