PERFORCE change 63954 for review

Sam Leffler sam at FreeBSD.org
Fri Oct 29 15:02:29 PDT 2004 

http://perforce.freebsd.org/chv.cgi?CH=63954

Change 63954 by sam at sam_ebb on 2004/10/29 22:01:31

	Correct key selection for multicast frames with WPA: by
	covnention the group key is set as the default tx key so
	we need to use that (when define) for mcast frames and
	we should NOT use it as a fallback for unicast frames.
	This fixes problems with incorrectly encrypting EAPOL traffic
	when a unicast key is defined and not encrypting multicast
	traffic when operating as a WPA-enabled ap.

Affected files ...

.. //depot/projects/wifi/sys/net80211/ieee80211_output.c#5 edit

Differences ...

==== //depot/projects/wifi/sys/net80211/ieee80211_output.c#5 (text+ko) ====

@@ -217,22 +217,30 @@
 }
 
 /*
- * Return the transmit key to use in sending a frame to
- * the specified destination. Multicast traffic always
- * uses the group key.  Otherwise if a unicast key is
- * set we use that.  When no unicast key is set we fall
- * back to the default transmit key.
+ * Return the transmit key to use in sending a frame to the specified
+ * destination. Multicast traffic always uses the group key which is
+ * installed the default tx key.  Otherwise if a unicast key is set
+ * we use that.  When no unicast key is set we fall back to the default
+ * transmit key unless WPA is enabled in which case there should be
+ * a unicast frame so we don't want to use a default key (which in
+ * this case is the group/multicast key).
  */ 
 static inline struct ieee80211_key *
 ieee80211_crypto_getkey(struct ieee80211com *ic,
 	const u_int8_t mac[IEEE80211_ADDR_LEN], struct ieee80211_node *ni)
 {
 #define	KEY_UNDEFINED(k)	((k).wk_cipher == &ieee80211_cipher_none)
-	if (IEEE80211_IS_MULTICAST(mac) || KEY_UNDEFINED(ni->ni_ucastkey)) {
+	if (IEEE80211_IS_MULTICAST(mac)) {
 		if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE ||
 		    KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey]))
 			return NULL;
 		return &ic->ic_nw_keys[ic->ic_def_txkey];
+	} else if (KEY_UNDEFINED(ni->ni_ucastkey)) {
+		if ((ic->ic_flags & IEEE80211_F_WPA) ||
+		    ic->ic_def_txkey == IEEE80211_KEYIX_NONE ||
+		    KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey]))
+			return NULL;
+		return &ic->ic_nw_keys[ic->ic_def_txkey];
 	} else {
 		return &ni->ni_ucastkey;
 	}

More information about the p4-projects mailing list