[Madwifi-cvs] madwifi/net80211 ieee80211_output.c,1.1.4.5,1.1.4.6
Status: Beta
Brought to you by:
otaku
From: Sam L. <sam...@us...> - 2004-07-25 18:22:42
|
Update of /cvsroot/madwifi/madwifi/net80211 In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv23897 Modified Files: Tag: WPA ieee80211_output.c Log Message: Correct WPA operation by encrypting EAPOL frames once the PTK has been plumbed. o change ieee80211_crypto_getkey to return NULL if the default tx key is undefined; this happens, for example, when wpa_supplicant explicitly clears the key table on disassociate using the delkey api o encrypt PAE frames when a key is present and WPA is enabled; this corresponds to the PTK being plumbed (since wpa_supplicant has set IEEE80211_F_WPA at that point) This may need more tweaking for WPA authenticator usage. Submitted by: Jouni Malinen Index: ieee80211_output.c =================================================================== RCS file: /cvsroot/madwifi/madwifi/net80211/Attic/ieee80211_output.c,v retrieving revision 1.1.4.5 retrieving revision 1.1.4.6 diff -C2 -d -r1.1.4.5 -r1.1.4.6 *** ieee80211_output.c 9 Jul 2004 21:01:47 -0000 1.1.4.5 --- ieee80211_output.c 25 Jul 2004 18:22:33 -0000 1.1.4.6 *************** *** 210,218 **** const u_int8_t mac[IEEE80211_ADDR_LEN], struct ieee80211_node *ni) { ! if (IEEE80211_IS_MULTICAST(mac) || ! ni->ni_ucastkey.wk_cipher == &ieee80211_cipher_none) { ! if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, ! ("%s: No default transmit key\n", __func__)); /* XXX statistic */ return NULL; --- 210,220 ---- const u_int8_t mac[IEEE80211_ADDR_LEN], struct ieee80211_node *ni) { ! #define KEY_UNDEFINED(k) ((k).wk_cipher == &ieee80211_cipher_none) ! if (IEEE80211_IS_MULTICAST(mac) || KEY_UNDEFINED(ni->ni_ucastkey)) { ! if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE || ! KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey])) { IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, ! ("%s: No transmit key, def_txkey %u\n", ! __func__, ic->ic_def_txkey)); /* XXX statistic */ return NULL; *************** *** 222,225 **** --- 224,228 ---- return &ni->ni_ucastkey; } + #undef KEY_UNDEFINED } *************** *** 329,334 **** goto bad; } ! if (eh.ether_type != __constant_htons(ETHERTYPE_PAE)) { ! /* NB: PAE frames have their own encryption policy */ if (key != NULL) { wh->i_fc[1] |= IEEE80211_FC1_WEP; --- 332,341 ---- goto bad; } ! if (eh.ether_type != __constant_htons(ETHERTYPE_PAE) || ! (key != NULL && (ic->ic_flags & IEEE80211_F_WPA))) { ! /* ! * IEEE 802.1X: send EAPOL frames always in the clear. ! * WPA/WPA2: encrypt EAPOL keys when pairwise keys are set. ! */ if (key != NULL) { wh->i_fc[1] |= IEEE80211_FC1_WEP; *************** *** 342,345 **** --- 349,354 ---- } } + } + if (eh.ether_type != __constant_htons(ETHERTYPE_PAE)) { /* * Reset the inactivity timer only for non-PAE traffic |