From 302e5949cb7ec03ea03232f5cd7e6bb068dc1795 Mon Sep 17 00:00:00 2001 From: damien Date: Tue, 12 Aug 2008 18:37:23 +0000 Subject: [PATCH] generate a random IGTK in HostAP mode if we're MFP-capable. --- sys/net80211/ieee80211_node.c | 13 ++++++++++++- sys/net80211/ieee80211_proto.c | 22 +++++++++++++++++++++- 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/sys/net80211/ieee80211_node.c b/sys/net80211/ieee80211_node.c index 39dad39363e..cbae4d9d602 100644 --- a/sys/net80211/ieee80211_node.c +++ b/sys/net80211/ieee80211_node.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_node.c,v 1.39 2008/08/12 16:14:05 damien Exp $ */ +/* $OpenBSD: ieee80211_node.c,v 1.40 2008/08/12 18:37:23 damien Exp $ */ /* $NetBSD: ieee80211_node.c,v 1.14 2004/05/09 09:18:47 dyoung Exp $ */ /*- @@ -325,6 +325,17 @@ ieee80211_create_ibss(struct ieee80211com* ic, struct ieee80211_channel *chan) arc4random_buf(k->k_key, k->k_len); (*ic->ic_set_key)(ic, ni, k); /* XXX */ + if (ic->ic_caps & IEEE80211_C_MFP) { + ic->ic_igtk_kid = 4; + k = &ic->ic_nw_keys[ic->ic_igtk_kid]; + memset(k, 0, sizeof(*k)); + k->k_id = ic->ic_igtk_kid; + k->k_cipher = ni->ni_rsngroupmgmtcipher; + k->k_flags = IEEE80211_KEY_IGTK | IEEE80211_KEY_TX; + k->k_len = 16; + arc4random_buf(k->k_key, k->k_len); + (*ic->ic_set_key)(ic, ni, k); /* XXX */ + } /* * In HostAP mode, multicast traffic is sent using ic_bss * as the Tx node, so mark our node as valid so we can send diff --git a/sys/net80211/ieee80211_proto.c b/sys/net80211/ieee80211_proto.c index cef25e1495d..e25ae7fac69 100644 --- a/sys/net80211/ieee80211_proto.c +++ b/sys/net80211/ieee80211_proto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_proto.c,v 1.30 2008/08/12 17:53:13 damien Exp $ */ +/* $OpenBSD: ieee80211_proto.c,v 1.31 2008/08/12 18:37:23 damien Exp $ */ /* $NetBSD: ieee80211_proto.c,v 1.8 2004/04/30 23:58:20 dyoung Exp $ */ /*- @@ -396,6 +396,18 @@ ieee80211_setkeys(struct ieee80211com *ic) k->k_len = ieee80211_cipher_keylen(k->k_cipher); arc4random_buf(k->k_key, k->k_len); + if (ic->ic_caps & IEEE80211_C_MFP) { + /* Swap(GM_igtk, GN_igtk) */ + kid = (ic->ic_igtk_kid == 4) ? 5 : 4; + k = &ic->ic_nw_keys[kid]; + memset(k, 0, sizeof(*k)); + k->k_id = kid; + k->k_cipher = ic->ic_bss->ni_rsngroupmgmtcipher; + k->k_flags = IEEE80211_KEY_IGTK | IEEE80211_KEY_TX; + k->k_len = 16; + arc4random_buf(k->k_key, k->k_len); + } + ic->ic_rsn_keydonesta = 0; ieee80211_iterate_nodes(ic, ieee80211_node_gtk_rekey, ic); } @@ -412,6 +424,14 @@ ieee80211_setkeysdone(struct ieee80211com *ic) kid = (ic->ic_def_txkey == 1) ? 2 : 1; if ((*ic->ic_set_key)(ic, ic->ic_bss, &ic->ic_nw_keys[kid]) == 0) ic->ic_def_txkey = kid; + + if (ic->ic_caps & IEEE80211_C_MFP) { + /* install IGTK */ + kid = (ic->ic_igtk_kid == 4) ? 5 : 4; + if ((*ic->ic_set_key)(ic, ic->ic_bss, + &ic->ic_nw_keys[kid]) == 0) + ic->ic_igtk_kid = kid; + } } /* -- 2.20.1