mac80211: Scale down to non-HT association with TKIP/WEP as pairwise cipher
Vasanthakumar Thiagarajan [Tue, 23 Dec 2008 16:00:50 +0000 (21:00 +0530)]
As TKIP is not updated to new security needs which arise when
TKIP is used to encrypt A-MPDU aggregated data frames, IEEE802.11n
does not allow any cipher other than CCMP (Which has new extensions
defined) as pairwise cipher between HT peers.

When such configuration (TKIP/WEP in HT) is forced, we still
associate in non-HT mode (11a/b/g).

Signed-off-by: Vasanthakumar Thiagarajan <vasanth@atheros.com>
Acked-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

net/mac80211/ieee80211_i.h
net/mac80211/iface.c
net/mac80211/mlme.c
net/mac80211/wext.c

index f3eec98..5f8ad88 100644 (file)
@@ -258,6 +258,7 @@ struct mesh_preq_queue {
 #define IEEE80211_STA_AUTO_BSSID_SEL   BIT(11)
 #define IEEE80211_STA_AUTO_CHANNEL_SEL BIT(12)
 #define IEEE80211_STA_PRIVACY_INVOKED  BIT(13)
+#define IEEE80211_STA_TKIP_WEP_USED    BIT(14)
 /* flags for MLME request */
 #define IEEE80211_STA_REQ_SCAN 0
 #define IEEE80211_STA_REQ_DIRECT_PROBE 1
index b907482..1eefc5d 100644 (file)
@@ -459,7 +459,8 @@ static int ieee80211_stop(struct net_device *dev)
                synchronize_rcu();
                skb_queue_purge(&sdata->u.sta.skb_queue);
 
-               sdata->u.sta.flags &= ~IEEE80211_STA_PRIVACY_INVOKED;
+               sdata->u.sta.flags &= ~(IEEE80211_STA_PRIVACY_INVOKED |
+                                       IEEE80211_STA_TKIP_WEP_USED);
                kfree(sdata->u.sta.extra_ie);
                sdata->u.sta.extra_ie = NULL;
                sdata->u.sta.extra_ie_len = 0;
index 2b890af..b688425 100644 (file)
@@ -391,10 +391,17 @@ static void ieee80211_send_assoc(struct ieee80211_sub_if_data *sdata,
        }
 
        /* wmm support is a must to HT */
+       /*
+        * IEEE802.11n does not allow TKIP/WEP as pairwise
+        * ciphers in HT mode. We still associate in non-ht
+        * mode (11a/b/g) if any one of these ciphers is
+        * configured as pairwise.
+        */
        if (wmm && (ifsta->flags & IEEE80211_STA_WMM_ENABLED) &&
            sband->ht_cap.ht_supported &&
            (ht_ie = ieee80211_bss_get_ie(bss, WLAN_EID_HT_INFORMATION)) &&
-           ht_ie[1] >= sizeof(struct ieee80211_ht_info)) {
+           ht_ie[1] >= sizeof(struct ieee80211_ht_info) &&
+           (!(ifsta->flags & IEEE80211_STA_TKIP_WEP_USED))) {
                struct ieee80211_ht_info *ht_info =
                        (struct ieee80211_ht_info *)(ht_ie + 2);
                u16 cap = sband->ht_cap.cap;
index 7162d58..011592f 100644 (file)
@@ -903,12 +903,22 @@ static int ieee80211_ioctl_siwauth(struct net_device *dev,
 
        switch (data->flags & IW_AUTH_INDEX) {
        case IW_AUTH_WPA_VERSION:
-       case IW_AUTH_CIPHER_PAIRWISE:
        case IW_AUTH_CIPHER_GROUP:
        case IW_AUTH_WPA_ENABLED:
        case IW_AUTH_RX_UNENCRYPTED_EAPOL:
        case IW_AUTH_KEY_MGMT:
                break;
+       case IW_AUTH_CIPHER_PAIRWISE:
+               if (sdata->vif.type == NL80211_IFTYPE_STATION) {
+                       if (data->value & (IW_AUTH_CIPHER_WEP40 |
+                           IW_AUTH_CIPHER_WEP104 | IW_AUTH_CIPHER_TKIP))
+                               sdata->u.sta.flags |=
+                                       IEEE80211_STA_TKIP_WEP_USED;
+                       else
+                               sdata->u.sta.flags &=
+                                       ~IEEE80211_STA_TKIP_WEP_USED;
+               }
+               break;
        case IW_AUTH_DROP_UNENCRYPTED:
                sdata->drop_unencrypted = !!data->value;
                break;