Lines 200-231
Link Here
|
200 |
return skb; |
200 |
return skb; |
201 |
} |
201 |
} |
202 |
|
202 |
|
|
|
203 |
#define KEY_UNDEFINED(k) ((k).wk_cipher == &ieee80211_cipher_none) |
203 |
/* |
204 |
/* |
204 |
* Return the transmit key to use in sending a frame to |
205 |
* Return the transmit key to use in sending a unicast frame. |
205 |
* the specified destination. Multicast traffic always |
206 |
* If a unicast key is set we use that. When no unicast key is set |
206 |
* uses the group key. Otherwise if a unicast key is |
207 |
* we fall back to the default transmit key. |
207 |
* set we use that. When no unicast key is set we fall |
208 |
*/ |
208 |
* back to the default transmit key. |
|
|
209 |
*/ |
210 |
static inline struct ieee80211_key * |
209 |
static inline struct ieee80211_key * |
211 |
ieee80211_crypto_getkey(struct ieee80211com *ic, |
210 |
ieee80211_crypto_getucastkey(struct ieee80211com *ic, struct ieee80211_node *ni) |
212 |
const u_int8_t mac[IEEE80211_ADDR_LEN], struct ieee80211_node *ni) |
|
|
213 |
{ |
211 |
{ |
214 |
#define KEY_UNDEFINED(k) ((k).wk_cipher == &ieee80211_cipher_none) |
212 |
if (KEY_UNDEFINED(ni->ni_ucastkey)) { |
215 |
if (IEEE80211_IS_MULTICAST(mac) || KEY_UNDEFINED(ni->ni_ucastkey)) { |
213 |
if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE || |
216 |
if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE || |
214 |
KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey])) |
217 |
KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey])) { |
215 |
return NULL; |
218 |
IEEE80211_DPRINTF(ic, IEEE80211_MSG_OUTPUT, |
216 |
return &ic->ic_nw_keys[ic->ic_def_txkey]; |
219 |
("%s: no transmit key, def_txkey %u\n", |
217 |
} else { |
220 |
__func__, ic->ic_def_txkey)); |
218 |
return &ni->ni_ucastkey; |
221 |
/* XXX statistic */ |
219 |
} |
222 |
return NULL; |
220 |
} |
223 |
} |
221 |
|
224 |
return &ic->ic_nw_keys[ic->ic_def_txkey]; |
222 |
/* |
225 |
} else { |
223 |
* Return the transmit key to use in sending a multicast frame. |
226 |
return &ni->ni_ucastkey; |
224 |
* Multicast traffic always uses the group key which is installed as |
227 |
} |
225 |
* the default tx key. |
228 |
#undef KEY_UNDEFINED |
226 |
*/ |
|
|
227 |
static inline struct ieee80211_key * |
228 |
ieee80211_crypto_getmcastkey(struct ieee80211com *ic, struct ieee80211_node *ni) |
229 |
{ |
230 |
if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE || |
231 |
KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey])) |
232 |
return NULL; |
233 |
return &ic->ic_nw_keys[ic->ic_def_txkey]; |
229 |
} |
234 |
} |
230 |
|
235 |
|
231 |
/* |
236 |
/* |
Lines 274-294
Link Here
|
274 |
} |
279 |
} |
275 |
} |
280 |
} |
276 |
|
281 |
|
277 |
/* |
282 |
/* |
278 |
* Insure space for additional headers. First |
283 |
* Insure space for additional headers. First identify |
279 |
* identify transmit key to use in calculating any |
284 |
* transmit key to use in calculating any buffer adjustments |
280 |
* buffer adjustments required. This is also used |
285 |
* required. This is also used below to do privacy |
281 |
* below to do privacy encapsulation work. |
286 |
* encapsulation work. Then calculate the 802.11 header |
282 |
* |
287 |
* size and any padding required by the driver. |
283 |
* Note key may be NULL if we fall back to the default |
288 |
* |
284 |
* transmit key and that is not set. In that case the |
289 |
* Note key may be NULL if we fall back to the default |
285 |
* buffer may not be expanded as needed by the cipher |
290 |
* transmit key and that is not set. In that case the |
286 |
* routines, but they will/should discard it. |
291 |
* buffer may not be expanded as needed by the cipher |
287 |
*/ |
292 |
* routines, but they will/should discard it. |
288 |
if (ic->ic_flags & IEEE80211_F_PRIVACY) |
293 |
*/ |
289 |
key = ieee80211_crypto_getkey(ic, eh.ether_dhost, ni); |
294 |
if (ic->ic_flags & IEEE80211_F_PRIVACY) { |
290 |
else |
295 |
if (ic->ic_opmode == IEEE80211_M_STA || |
291 |
key = NULL; |
296 |
!IEEE80211_IS_MULTICAST(eh.ether_dhost)) |
|
|
297 |
key = ieee80211_crypto_getucastkey(ic, ni); |
298 |
else |
299 |
key = ieee80211_crypto_getmcastkey(ic, ni); |
300 |
if (key == NULL && eh.ether_type != htons(ETHERTYPE_PAE)) { |
301 |
IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
302 |
("[%s] no default transmit key (%s) deftxkey %u\n", |
303 |
__func__, |
304 |
ether_sprintf(eh.ether_dhost), ic->ic_def_txkey)); |
305 |
ic->ic_stats.is_tx_nodefkey++; |
306 |
} |
307 |
} else |
308 |
key = NULL; |
292 |
skb = ieee80211_skbhdr_adjust(ic, key, skb); |
309 |
skb = ieee80211_skbhdr_adjust(ic, key, skb); |
293 |
if (skb == NULL) { |
310 |
if (skb == NULL) { |
294 |
/* NB: ieee80211_skbhdr_adjust handles msgs+statistics */ |
311 |
/* NB: ieee80211_skbhdr_adjust handles msgs+statistics */ |
Lines 333-356
Link Here
|
333 |
case IEEE80211_M_MONITOR: |
350 |
case IEEE80211_M_MONITOR: |
334 |
goto bad; |
351 |
goto bad; |
335 |
} |
352 |
} |
336 |
if (eh.ether_type != __constant_htons(ETHERTYPE_PAE) || |
353 |
if (key != NULL) { |
337 |
(key != NULL && (ic->ic_flags & IEEE80211_F_WPA))) { |
354 |
/* |
338 |
/* |
355 |
* IEEE 802.1X: send EAPOL frames always in the clear. |
339 |
* IEEE 802.1X: send EAPOL frames always in the clear. |
356 |
* WPA/WPA2: encrypt EAPOL keys when pairwise keys are set. |
340 |
* WPA/WPA2: encrypt EAPOL keys when pairwise keys are set. |
357 |
*/ |
341 |
*/ |
358 |
if (eh.ether_type != __constant_htons(ETHERTYPE_PAE) || |
342 |
if (key != NULL) { |
359 |
((ic->ic_flags & IEEE80211_F_WPA) && |
343 |
wh->i_fc[1] |= IEEE80211_FC1_WEP; |
360 |
!KEY_UNDEFINED(ni->ni_ucastkey))) { |
344 |
/* XXX do fragmentation */ |
361 |
wh->i_fc[1] |= IEEE80211_FC1_WEP; |
345 |
if (!ieee80211_crypto_enmic(ic, key, skb)) { |
362 |
/* XXX do fragmentation */ |
346 |
IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
363 |
if (!ieee80211_crypto_enmic(ic, key, skb)) { |
347 |
("[%s] enmic failed, discard frame\n", |
364 |
IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO, |
348 |
ether_sprintf(eh.ether_dhost))); |
365 |
("[%s] enmic failed, discard frame\n", |
349 |
/* XXX statistic */ |
366 |
ether_sprintf(eh.ether_dhost))); |
350 |
goto bad; |
367 |
/* XXX statistic */ |
351 |
} |
368 |
goto bad; |
352 |
} |
369 |
} |
353 |
} |
370 |
} |
|
|
371 |
} |
354 |
if (eh.ether_type != __constant_htons(ETHERTYPE_PAE)) { |
372 |
if (eh.ether_type != __constant_htons(ETHERTYPE_PAE)) { |
355 |
/* |
373 |
/* |
356 |
* Reset the inactivity timer only for non-PAE traffic |
374 |
* Reset the inactivity timer only for non-PAE traffic |