From owner-p4-projects@FreeBSD.ORG Fri Oct 29 22:02:29 2004 Return-Path: Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id E6AB316A4D0; Fri, 29 Oct 2004 22:02:28 +0000 (GMT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8F18A16A4CE for ; Fri, 29 Oct 2004 22:02:28 +0000 (GMT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 653D943D48 for ; Fri, 29 Oct 2004 22:02:28 +0000 (GMT) (envelope-from sam@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.11/8.12.11) with ESMTP id i9TM2SqG001677 for ; Fri, 29 Oct 2004 22:02:28 GMT (envelope-from sam@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.12.11/8.12.11/Submit) id i9TM2SlM001674 for perforce@freebsd.org; Fri, 29 Oct 2004 22:02:28 GMT (envelope-from sam@freebsd.org) Date: Fri, 29 Oct 2004 22:02:28 GMT Message-Id: <200410292202.i9TM2SlM001674@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to sam@freebsd.org using -f From: Sam Leffler To: Perforce Change Reviews Subject: PERFORCE change 63954 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Oct 2004 22:02:29 -0000 http://perforce.freebsd.org/chv.cgi?CH=63954 Change 63954 by sam@sam_ebb on 2004/10/29 22:01:31 Correct key selection for multicast frames with WPA: by covnention the group key is set as the default tx key so we need to use that (when define) for mcast frames and we should NOT use it as a fallback for unicast frames. This fixes problems with incorrectly encrypting EAPOL traffic when a unicast key is defined and not encrypting multicast traffic when operating as a WPA-enabled ap. Affected files ... .. //depot/projects/wifi/sys/net80211/ieee80211_output.c#5 edit Differences ... ==== //depot/projects/wifi/sys/net80211/ieee80211_output.c#5 (text+ko) ==== @@ -217,22 +217,30 @@ } /* - * Return the transmit key to use in sending a frame to - * the specified destination. Multicast traffic always - * uses the group key. Otherwise if a unicast key is - * set we use that. When no unicast key is set we fall - * back to the default transmit key. + * Return the transmit key to use in sending a frame to the specified + * destination. Multicast traffic always uses the group key which is + * installed the default tx key. Otherwise if a unicast key is set + * we use that. When no unicast key is set we fall back to the default + * transmit key unless WPA is enabled in which case there should be + * a unicast frame so we don't want to use a default key (which in + * this case is the group/multicast key). */ static inline struct ieee80211_key * ieee80211_crypto_getkey(struct ieee80211com *ic, const u_int8_t mac[IEEE80211_ADDR_LEN], struct ieee80211_node *ni) { #define KEY_UNDEFINED(k) ((k).wk_cipher == &ieee80211_cipher_none) - if (IEEE80211_IS_MULTICAST(mac) || KEY_UNDEFINED(ni->ni_ucastkey)) { + if (IEEE80211_IS_MULTICAST(mac)) { if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE || KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey])) return NULL; return &ic->ic_nw_keys[ic->ic_def_txkey]; + } else if (KEY_UNDEFINED(ni->ni_ucastkey)) { + if ((ic->ic_flags & IEEE80211_F_WPA) || + ic->ic_def_txkey == IEEE80211_KEYIX_NONE || + KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey])) + return NULL; + return &ic->ic_nw_keys[ic->ic_def_txkey]; } else { return &ni->ni_ucastkey; }