-/* $OpenBSD: ieee80211_node.c,v 1.39 2008/08/12 16:14:05 damien Exp $ */
+/* $OpenBSD: ieee80211_node.c,v 1.40 2008/08/12 18:37:23 damien Exp $ */
/* $NetBSD: ieee80211_node.c,v 1.14 2004/05/09 09:18:47 dyoung Exp $ */
/*-
arc4random_buf(k->k_key, k->k_len);
(*ic->ic_set_key)(ic, ni, k); /* XXX */
+ if (ic->ic_caps & IEEE80211_C_MFP) {
+ ic->ic_igtk_kid = 4;
+ k = &ic->ic_nw_keys[ic->ic_igtk_kid];
+ memset(k, 0, sizeof(*k));
+ k->k_id = ic->ic_igtk_kid;
+ k->k_cipher = ni->ni_rsngroupmgmtcipher;
+ k->k_flags = IEEE80211_KEY_IGTK | IEEE80211_KEY_TX;
+ k->k_len = 16;
+ arc4random_buf(k->k_key, k->k_len);
+ (*ic->ic_set_key)(ic, ni, k); /* XXX */
+ }
/*
* In HostAP mode, multicast traffic is sent using ic_bss
* as the Tx node, so mark our node as valid so we can send
-/* $OpenBSD: ieee80211_proto.c,v 1.30 2008/08/12 17:53:13 damien Exp $ */
+/* $OpenBSD: ieee80211_proto.c,v 1.31 2008/08/12 18:37:23 damien Exp $ */
/* $NetBSD: ieee80211_proto.c,v 1.8 2004/04/30 23:58:20 dyoung Exp $ */
/*-
k->k_len = ieee80211_cipher_keylen(k->k_cipher);
arc4random_buf(k->k_key, k->k_len);
+ if (ic->ic_caps & IEEE80211_C_MFP) {
+ /* Swap(GM_igtk, GN_igtk) */
+ kid = (ic->ic_igtk_kid == 4) ? 5 : 4;
+ k = &ic->ic_nw_keys[kid];
+ memset(k, 0, sizeof(*k));
+ k->k_id = kid;
+ k->k_cipher = ic->ic_bss->ni_rsngroupmgmtcipher;
+ k->k_flags = IEEE80211_KEY_IGTK | IEEE80211_KEY_TX;
+ k->k_len = 16;
+ arc4random_buf(k->k_key, k->k_len);
+ }
+
ic->ic_rsn_keydonesta = 0;
ieee80211_iterate_nodes(ic, ieee80211_node_gtk_rekey, ic);
}
kid = (ic->ic_def_txkey == 1) ? 2 : 1;
if ((*ic->ic_set_key)(ic, ic->ic_bss, &ic->ic_nw_keys[kid]) == 0)
ic->ic_def_txkey = kid;
+
+ if (ic->ic_caps & IEEE80211_C_MFP) {
+ /* install IGTK */
+ kid = (ic->ic_igtk_kid == 4) ? 5 : 4;
+ if ((*ic->ic_set_key)(ic, ic->ic_bss,
+ &ic->ic_nw_keys[kid]) == 0)
+ ic->ic_igtk_kid = kid;
+ }
}
/*
projects / openbsd / commitdiff