Use set_key addr to distinguish default and multicast keys
Previously, both NULL and ff:ff:ff:ff:ff:ff addr were used in various places to indicate default/broadcast keys. Make this more consistent and useful by defining NULL to mean default key (i.e., used both for unicast and broadcast) and ff:ff:ff:ff:ff:ff to indicate broadcast key (i.e., used only with broadcast).
This commit is contained in:
parent
8546ea1930
commit
0382097ef3
17 changed files with 51 additions and 66 deletions
|
@ -173,9 +173,8 @@ static int hostapd_broadcast_wep_set(struct hostapd_data *hapd)
|
|||
idx = ssid->wep.idx;
|
||||
if (ssid->wep.default_len &&
|
||||
hostapd_drv_set_key(hapd->conf->iface,
|
||||
hapd, WPA_ALG_WEP, NULL, idx,
|
||||
idx == ssid->wep.idx,
|
||||
NULL, 0, ssid->wep.key[idx],
|
||||
hapd, WPA_ALG_WEP, broadcast_ether_addr, idx,
|
||||
1, NULL, 0, ssid->wep.key[idx],
|
||||
ssid->wep.len[idx])) {
|
||||
wpa_printf(MSG_WARNING, "Could not set WEP encryption.");
|
||||
errors++;
|
||||
|
@ -195,7 +194,7 @@ static int hostapd_broadcast_wep_set(struct hostapd_data *hapd)
|
|||
|
||||
idx = key->idx;
|
||||
if (hostapd_drv_set_key(ifname, hapd, WPA_ALG_WEP,
|
||||
NULL, idx, idx == key->idx,
|
||||
broadcast_ether_addr, idx, 1,
|
||||
NULL, 0, key->key[idx],
|
||||
key->len[idx])) {
|
||||
wpa_printf(MSG_WARNING, "Could not set "
|
||||
|
|
|
@ -232,7 +232,8 @@ ieee802_1x_group_alloc(struct hostapd_data *hapd, const char *ifname)
|
|||
wpa_hexdump_key(MSG_DEBUG, "Default WEP key (dynamic VLAN)",
|
||||
key->key[key->idx], key->len[key->idx]);
|
||||
|
||||
if (hostapd_drv_set_key(ifname, hapd, WPA_ALG_WEP, NULL, key->idx, 1,
|
||||
if (hostapd_drv_set_key(ifname, hapd, WPA_ALG_WEP,
|
||||
broadcast_ether_addr, key->idx, 1,
|
||||
NULL, 0, key->key[key->idx],
|
||||
key->len[key->idx]))
|
||||
printf("Could not set dynamic VLAN WEP encryption key.\n");
|
||||
|
@ -1441,7 +1442,8 @@ static void ieee802_1x_rekey(void *eloop_ctx, void *timeout_ctx)
|
|||
|
||||
/* TODO: Could setup key for RX here, but change default TX keyid only
|
||||
* after new broadcast key has been sent to all stations. */
|
||||
if (hostapd_drv_set_key(hapd->conf->iface, hapd, WPA_ALG_WEP, NULL,
|
||||
if (hostapd_drv_set_key(hapd->conf->iface, hapd, WPA_ALG_WEP,
|
||||
broadcast_ether_addr,
|
||||
eapol->default_wep_key_idx, 1, NULL, 0,
|
||||
eapol->default_wep_key,
|
||||
hapd->conf->default_wep_key_len)) {
|
||||
|
|
|
@ -2297,14 +2297,14 @@ static int wpa_group_config_group_keys(struct wpa_authenticator *wpa_auth,
|
|||
|
||||
if (wpa_auth_set_key(wpa_auth, group->vlan_id,
|
||||
wpa_alg_enum(wpa_auth->conf.wpa_group),
|
||||
NULL, group->GN, group->GTK[group->GN - 1],
|
||||
group->GTK_len) < 0)
|
||||
broadcast_ether_addr, group->GN,
|
||||
group->GTK[group->GN - 1], group->GTK_len) < 0)
|
||||
ret = -1;
|
||||
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
if (wpa_auth->conf.ieee80211w != NO_MGMT_FRAME_PROTECTION &&
|
||||
wpa_auth_set_key(wpa_auth, group->vlan_id, WPA_ALG_IGTK,
|
||||
NULL, group->GN_igtk,
|
||||
broadcast_ether_addr, group->GN_igtk,
|
||||
group->IGTK[group->GN_igtk - 4],
|
||||
WPA_IGTK_LEN) < 0)
|
||||
ret = -1;
|
||||
|
|
|
@ -744,8 +744,12 @@ struct wpa_driver_ops {
|
|||
* @alg: encryption algorithm (%WPA_ALG_NONE, %WPA_ALG_WEP,
|
||||
* %WPA_ALG_TKIP, %WPA_ALG_CCMP, %WPA_ALG_IGTK, %WPA_ALG_PMK);
|
||||
* %WPA_ALG_NONE clears the key.
|
||||
* @addr: address of the peer STA or ff:ff:ff:ff:ff:ff for
|
||||
* broadcast/default keys
|
||||
* @addr: Address of the peer STA (BSSID of the current AP when setting
|
||||
* pairwise key in station mode), ff:ff:ff:ff:ff:ff for
|
||||
* broadcast keys, %NULL for default keys that are used both for
|
||||
* broadcast and unicast; when clearing keys, %NULL is used to
|
||||
* indicate that both the broadcast-only and default key of the
|
||||
* specified key index is to be cleared
|
||||
* @key_idx: key index (0..3), usually 0 for unicast keys; 0..4095 for
|
||||
* IGTK
|
||||
* @set_tx: configure this key as the default Tx key (only used when
|
||||
|
|
|
@ -478,7 +478,7 @@ atheros_set_key(const char *ifname, void *priv, enum wpa_alg alg,
|
|||
memset(&wk, 0, sizeof(wk));
|
||||
wk.ik_type = cipher;
|
||||
wk.ik_flags = IEEE80211_KEY_RECV | IEEE80211_KEY_XMIT;
|
||||
if (addr == NULL) {
|
||||
if (addr == NULL || is_broadcast_ether_addr(addr)) {
|
||||
memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN);
|
||||
wk.ik_keyix = key_idx;
|
||||
wk.ik_flags |= IEEE80211_KEY_DEFAULT;
|
||||
|
|
|
@ -296,9 +296,7 @@ bsd_set_key(const char *ifname, void *priv, enum wpa_alg alg,
|
|||
|
||||
if (alg == WPA_ALG_NONE) {
|
||||
#ifndef HOSTAPD
|
||||
if (addr == NULL ||
|
||||
os_memcmp(addr, "\xff\xff\xff\xff\xff\xff",
|
||||
IEEE80211_ADDR_LEN) == 0)
|
||||
if (addr == NULL || is_broadcast_ether_addr(addr))
|
||||
return bsd_del_key(priv, NULL, key_idx);
|
||||
else
|
||||
#endif /* HOSTAPD */
|
||||
|
@ -335,8 +333,7 @@ bsd_set_key(const char *ifname, void *priv, enum wpa_alg alg,
|
|||
* the address (yech). Note also that we can only mark global
|
||||
* keys default; doing this for a unicast key is an error.
|
||||
*/
|
||||
if (os_memcmp(addr, "\xff\xff\xff\xff\xff\xff",
|
||||
IEEE80211_ADDR_LEN) == 0) {
|
||||
if (is_broadcast_ether_addr(addr)) {
|
||||
wk.ik_flags |= IEEE80211_KEY_GROUP;
|
||||
wk.ik_keyix = key_idx;
|
||||
} else {
|
||||
|
|
|
@ -462,7 +462,7 @@ wpa_driver_madwifi_set_key(const char *ifname, void *priv, enum wpa_alg alg,
|
|||
memset(&wk, 0, sizeof(wk));
|
||||
wk.ik_type = cipher;
|
||||
wk.ik_flags = IEEE80211_KEY_RECV | IEEE80211_KEY_XMIT;
|
||||
if (addr == NULL) {
|
||||
if (addr == NULL || is_broadcast_ether_addr(addr)) {
|
||||
memset(wk.ik_macaddr, 0xff, IEEE80211_ADDR_LEN);
|
||||
wk.ik_keyix = key_idx;
|
||||
wk.ik_flags |= IEEE80211_KEY_DEFAULT;
|
||||
|
|
|
@ -1001,8 +1001,7 @@ static int wpa_driver_ndis_set_key(const char *ifname, void *priv,
|
|||
int res, pairwise;
|
||||
u8 bssid[ETH_ALEN];
|
||||
|
||||
if (addr == NULL || os_memcmp(addr, "\xff\xff\xff\xff\xff\xff",
|
||||
ETH_ALEN) == 0) {
|
||||
if (addr == NULL || is_broadcast_ether_addr(addr)) {
|
||||
/* Group Key */
|
||||
pairwise = 0;
|
||||
if (wpa_driver_ndis_get_bssid(drv, bssid) < 0)
|
||||
|
|
|
@ -2640,8 +2640,7 @@ static int wpa_driver_nl80211_set_key(const char *ifname, void *priv,
|
|||
if (seq && seq_len)
|
||||
NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq);
|
||||
|
||||
if (addr && os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) != 0)
|
||||
{
|
||||
if (addr && !is_broadcast_ether_addr(addr)) {
|
||||
wpa_printf(MSG_DEBUG, " addr=" MACSTR, MAC2STR(addr));
|
||||
NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
|
||||
|
||||
|
@ -2667,13 +2666,9 @@ static int wpa_driver_nl80211_set_key(const char *ifname, void *priv,
|
|||
*/
|
||||
if (ret || !set_tx || alg == WPA_ALG_NONE)
|
||||
return ret;
|
||||
#ifdef HOSTAPD
|
||||
if (addr)
|
||||
if (drv->nlmode == NL80211_IFTYPE_AP && addr &&
|
||||
!is_broadcast_ether_addr(addr))
|
||||
return ret;
|
||||
#else /* HOSTAPD */
|
||||
if (drv->nlmode == NL80211_IFTYPE_AP && addr)
|
||||
return ret;
|
||||
#endif /* HOSTAPD */
|
||||
|
||||
msg = nlmsg_alloc();
|
||||
if (!msg)
|
||||
|
@ -5517,6 +5512,7 @@ static void *i802_init(struct hostapd_data *hapd,
|
|||
return NULL;
|
||||
|
||||
drv = bss->drv;
|
||||
drv->nlmode = NL80211_IFTYPE_AP;
|
||||
if (linux_br_get(brname, params->ifname) == 0) {
|
||||
wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s",
|
||||
params->ifname, brname);
|
||||
|
|
|
@ -1178,8 +1178,7 @@ static int wpa_driver_ralink_set_key(const char *ifname, void *priv,
|
|||
|
||||
drv->bAddWepKey = FALSE;
|
||||
|
||||
if (addr == NULL || os_memcmp(addr, "\xff\xff\xff\xff\xff\xff",
|
||||
ETH_ALEN) == 0) {
|
||||
if (addr == NULL || is_broadcast_ether_addr(addr)) {
|
||||
/* Group Key */
|
||||
pairwise = 0;
|
||||
wpa_driver_ralink_get_bssid(drv, bssid);
|
||||
|
|
|
@ -1622,8 +1622,7 @@ static int wpa_driver_wext_set_key_ext(void *priv, enum wpa_alg alg,
|
|||
iwr.u.encoding.pointer = (caddr_t) ext;
|
||||
iwr.u.encoding.length = sizeof(*ext) + key_len;
|
||||
|
||||
if (addr == NULL ||
|
||||
os_memcmp(addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN) == 0)
|
||||
if (addr == NULL || is_broadcast_ether_addr(addr))
|
||||
ext->ext_flags |= IW_ENCODE_EXT_GROUP_KEY;
|
||||
if (set_tx)
|
||||
ext->ext_flags |= IW_ENCODE_EXT_SET_TX_KEY;
|
||||
|
|
|
@ -632,16 +632,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
|
|||
_gtk = gtk_buf;
|
||||
}
|
||||
if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
|
||||
if (wpa_sm_set_key(sm, gd->alg,
|
||||
(u8 *) "\xff\xff\xff\xff\xff\xff",
|
||||
if (wpa_sm_set_key(sm, gd->alg, NULL,
|
||||
gd->keyidx, 1, key_rsc, gd->key_rsc_len,
|
||||
_gtk, gd->gtk_len) < 0) {
|
||||
wpa_printf(MSG_WARNING, "WPA: Failed to set "
|
||||
"GTK to the driver (Group only).");
|
||||
return -1;
|
||||
}
|
||||
} else if (wpa_sm_set_key(sm, gd->alg,
|
||||
(u8 *) "\xff\xff\xff\xff\xff\xff",
|
||||
} else if (wpa_sm_set_key(sm, gd->alg, broadcast_ether_addr,
|
||||
gd->keyidx, gd->tx, key_rsc, gd->key_rsc_len,
|
||||
_gtk, gd->gtk_len) < 0) {
|
||||
wpa_printf(MSG_WARNING, "WPA: Failed to set GTK to "
|
||||
|
@ -744,8 +742,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
|
|||
keyidx);
|
||||
return -1;
|
||||
}
|
||||
if (wpa_sm_set_key(sm, WPA_ALG_IGTK,
|
||||
(u8 *) "\xff\xff\xff\xff\xff\xff",
|
||||
if (wpa_sm_set_key(sm, WPA_ALG_IGTK, broadcast_ether_addr,
|
||||
keyidx, 0, igtk->pn, sizeof(igtk->pn),
|
||||
igtk->igtk, WPA_IGTK_LEN) < 0) {
|
||||
wpa_printf(MSG_WARNING, "WPA: Failed to configure IGTK"
|
||||
|
|
|
@ -796,9 +796,8 @@ static int wpa_ft_process_gtk_subelem(struct wpa_sm *sm, const u8 *gtk_elem,
|
|||
}
|
||||
|
||||
wpa_hexdump_key(MSG_DEBUG, "FT: GTK from Reassoc Resp", gtk, keylen);
|
||||
if (wpa_sm_set_key(sm, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
|
||||
keyidx, 0, gtk_elem + 3, rsc_len, gtk, keylen) <
|
||||
0) {
|
||||
if (wpa_sm_set_key(sm, alg, broadcast_ether_addr, keyidx, 0,
|
||||
gtk_elem + 3, rsc_len, gtk, keylen) < 0) {
|
||||
wpa_printf(MSG_WARNING, "WPA: Failed to set GTK to the "
|
||||
"driver.");
|
||||
return -1;
|
||||
|
@ -849,9 +848,8 @@ static int wpa_ft_process_igtk_subelem(struct wpa_sm *sm, const u8 *igtk_elem,
|
|||
|
||||
wpa_hexdump_key(MSG_DEBUG, "FT: IGTK from Reassoc Resp", igtk,
|
||||
WPA_IGTK_LEN);
|
||||
if (wpa_sm_set_key(sm, WPA_ALG_IGTK, (u8 *) "\xff\xff\xff\xff\xff\xff",
|
||||
keyidx, 0, igtk_elem + 2, 6, igtk, WPA_IGTK_LEN) <
|
||||
0) {
|
||||
if (wpa_sm_set_key(sm, WPA_ALG_IGTK, broadcast_ether_addr, keyidx, 0,
|
||||
igtk_elem + 2, 6, igtk, WPA_IGTK_LEN) < 0) {
|
||||
wpa_printf(MSG_WARNING, "WPA: Failed to set IGTK to the "
|
||||
"driver.");
|
||||
return -1;
|
||||
|
|
|
@ -465,6 +465,8 @@ static inline int is_broadcast_ether_addr(const u8 *a)
|
|||
return (a[0] & a[1] & a[2] & a[3] & a[4] & a[5]) == 0xff;
|
||||
}
|
||||
|
||||
#define broadcast_ether_addr (const u8 *) "\xff\xff\xff\xff\xff\xff"
|
||||
|
||||
#include "wpa_debug.h"
|
||||
|
||||
|
||||
|
|
|
@ -1917,17 +1917,15 @@ static int wpa_supplicant_ctrl_iface_ap_scan(
|
|||
|
||||
static void wpa_supplicant_ctrl_iface_drop_sa(struct wpa_supplicant *wpa_s)
|
||||
{
|
||||
u8 *bcast = (u8 *) "\xff\xff\xff\xff\xff\xff";
|
||||
|
||||
wpa_printf(MSG_DEBUG, "Dropping SA without deauthentication");
|
||||
/* MLME-DELETEKEYS.request */
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 0, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 0, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 1, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 2, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 3, 0, NULL, 0, NULL, 0);
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 4, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 5, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 4, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 5, 0, NULL, 0, NULL, 0);
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, wpa_s->bssid, 0, 0, NULL, 0, NULL,
|
||||
|
|
|
@ -132,8 +132,7 @@ int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
|
|||
continue;
|
||||
|
||||
set = 1;
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
|
||||
(u8 *) "\xff\xff\xff\xff\xff\xff",
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
|
||||
i, i == ssid->wep_tx_keyidx, NULL, 0,
|
||||
ssid->wep_key[i], ssid->wep_key_len[i]);
|
||||
}
|
||||
|
@ -186,8 +185,7 @@ static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
|
|||
/* TODO: should actually remember the previously used seq#, both for TX
|
||||
* and RX from each STA.. */
|
||||
|
||||
return wpa_drv_set_key(wpa_s, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
|
||||
0, 1, seq, 6, key, keylen);
|
||||
return wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen);
|
||||
}
|
||||
|
||||
|
||||
|
@ -452,8 +450,6 @@ static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
|
|||
*/
|
||||
void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
|
||||
{
|
||||
u8 *bcast = (u8 *) "\xff\xff\xff\xff\xff\xff";
|
||||
|
||||
if (wpa_s->keys_cleared) {
|
||||
/* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
|
||||
* timing issues with keys being cleared just before new keys
|
||||
|
@ -468,13 +464,13 @@ void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
|
|||
}
|
||||
|
||||
/* MLME-DELETEKEYS.request */
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 0, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 0, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 1, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 2, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 3, 0, NULL, 0, NULL, 0);
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 4, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 5, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 4, 0, NULL, 0, NULL, 0);
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 5, 0, NULL, 0, NULL, 0);
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
if (addr) {
|
||||
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
|
||||
|
|
|
@ -210,8 +210,7 @@ static int wpa_eapol_set_wep_key(void *ctx, int unicast, int keyidx,
|
|||
wpa_s->group_cipher = cipher;
|
||||
}
|
||||
return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
|
||||
unicast ? wpa_s->bssid :
|
||||
(u8 *) "\xff\xff\xff\xff\xff\xff",
|
||||
unicast ? wpa_s->bssid : NULL,
|
||||
keyidx, unicast, NULL, 0, key, keylen);
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue