[Madwifi-cvs] madwifi/net80211 ieee80211_output.c,1.1.4.5,1.1.4.6

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Update of /cvsroot/madwifi/madwifi/net80211
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv23897

Modified Files:
      Tag: WPA
	ieee80211_output.c 
Log Message:
Correct WPA operation by encrypting EAPOL frames once the PTK has been plumbed.

o change ieee80211_crypto_getkey to return NULL if the default tx key is
  undefined; this happens, for example, when wpa_supplicant explicitly
  clears the key table on disassociate using the delkey api
o encrypt PAE frames when a key is present and WPA is enabled; this corresponds
  to the PTK being plumbed (since wpa_supplicant has set IEEE80211_F_WPA at
  that point)

This may need more tweaking for WPA authenticator usage.

Submitted by:	Jouni Malinen

Index: ieee80211_output.c
===================================================================
RCS file: /cvsroot/madwifi/madwifi/net80211/Attic/ieee80211_output.c,v
retrieving revision 1.1.4.5
retrieving revision 1.1.4.6
diff -C2 -d -r1.1.4.5 -r1.1.4.6
*** ieee80211_output.c	9 Jul 2004 21:01:47 -0000	1.1.4.5
--- ieee80211_output.c	25 Jul 2004 18:22:33 -0000	1.1.4.6
***************
*** 210,218 ****
  	const u_int8_t mac[IEEE80211_ADDR_LEN], struct ieee80211_node *ni)
  {
! 	if (IEEE80211_IS_MULTICAST(mac) ||
! 	    ni->ni_ucastkey.wk_cipher == &ieee80211_cipher_none) {
! 		if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE) {
  			IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
! 			    ("%s: No default transmit key\n", __func__));
  			/* XXX statistic */
  			return NULL;
--- 210,220 ----
  	const u_int8_t mac[IEEE80211_ADDR_LEN], struct ieee80211_node *ni)
  {
! #define	KEY_UNDEFINED(k)	((k).wk_cipher == &ieee80211_cipher_none)
! 	if (IEEE80211_IS_MULTICAST(mac) || KEY_UNDEFINED(ni->ni_ucastkey)) {
! 		if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE ||
! 		    KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey])) {
  			IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
! 			    ("%s: No transmit key, def_txkey %u\n",
! 			    __func__, ic->ic_def_txkey));
  			/* XXX statistic */
  			return NULL;
***************
*** 222,225 ****
--- 224,228 ----
  		return &ni->ni_ucastkey;
  	}
+ #undef KEY_UNDEFINED
  }

***************
*** 329,334 ****
  		goto bad;
  	}
! 	if (eh.ether_type != __constant_htons(ETHERTYPE_PAE)) {
! 		/* NB: PAE frames have their own encryption policy */
  		if (key != NULL) {
  			wh->i_fc[1] |= IEEE80211_FC1_WEP;
--- 332,341 ----
  		goto bad;
  	}
! 	if (eh.ether_type != __constant_htons(ETHERTYPE_PAE) ||
! 	    (key != NULL && (ic->ic_flags & IEEE80211_F_WPA))) {
! 		/*
! 		 * IEEE 802.1X: send EAPOL frames always in the clear.
! 		 * WPA/WPA2: encrypt EAPOL keys when pairwise keys are set.
! 		 */
  		if (key != NULL) {
  			wh->i_fc[1] |= IEEE80211_FC1_WEP;
***************
*** 342,345 ****
--- 349,354 ----
  			}
  		}
+ 	}
+ 	if (eh.ether_type != __constant_htons(ETHERTYPE_PAE)) {
  		/*
  		 * Reset the inactivity timer only for non-PAE traffic