On Tuesday 14 November 2006 15:40, Johannes Berg wrote:
> On Wed, 2006-11-15 at 01:29 +1100, Paul TBBle Hampson wrote:
> 
> > Just to summarise results so far:
> > 
> > (Current version)
> > bcm43xx-d80211 w/v3 firmware and TKIP: Garbled broadcast RX
> > bcm43xx-d80211 w/v4 firmware and TKIP: Garbled broadcast RX
> > bcm43xx-d80211 w/v4 firmware and WEP-104: Correct broadcast RX
> > 
> > (version from wireless-dev before October 23rd, unsure of exact date)
> > bcm43xx (softmac) w/v3 firmware and TKIP: Correct broadcast RX
> 
> The last item is interesting. The softmac version doesn't include any hw
> crypto so it never checks the 'decrypt attempted' bit in the RX header
> afaik, leaving all crypto to hw.
> 
> I postulated before that the problem is that the firmware sets the
> 'decrypt attempted' bit even if the key is none, hence the driver tells
> the d80211 stack that the frame was already decrypted (no decrypt error
> occurs because in reality the algorithm is 'none'.)
> 
> You could test this theory by clearing the 'decrypt attempted' bit
> unconditionally in the RX path before it is ever tested. Then, any
> wep/aes should no longer work properly with v4 firmware and
> bcm43xx-d80211, but tkip would. If my theory is correct.

yes, Johannes. The problem is that the decrypt attempted bit is even
set for key_none. When I force-disable this codepath, TKIP works
perfectly well.
I will do a patch for this. There are a few other minor bugs in the
crypto stuff, which I will fix, too. Key clearing is not handled 100%
correct, etc...

-- 
Greetings Michael.
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to