Attachment #72556 for bug #112048




	return skb;
}

#define	KEY_UNDEFINED(k)	((k).wk_cipher == &ieee80211_cipher_none)
/*
 * Return the transmit key to use in sending a unicast frame.
 * If a unicast key is set we use that.  When no unicast key is set
 * we fall back to the default transmit key.
 */
 * back to the default transmit key.
 */ 
static inline struct ieee80211_key *
ieee80211_crypto_getucastkey(struct ieee80211com *ic, struct ieee80211_node *ni)
	const u_int8_t mac[IEEE80211_ADDR_LEN], struct ieee80211_node *ni)
{
        if (KEY_UNDEFINED(ni->ni_ucastkey)) {
                if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE ||
                    KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey]))
                        return NULL;
                return &ic->ic_nw_keys[ic->ic_def_txkey];
        } else {
                return &ni->ni_ucastkey;
        }
}

/*
 * Return the transmit key to use in sending a multicast frame.
 * Multicast traffic always uses the group key which is installed as
 * the default tx key.
 */
static inline struct ieee80211_key *
ieee80211_crypto_getmcastkey(struct ieee80211com *ic, struct ieee80211_node *ni)
{
        if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE ||
            KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey]))
                return NULL;
        return &ic->ic_nw_keys[ic->ic_def_txkey];
}

/*

		}
	}

        /*
         * Insure space for additional headers.  First identify
         * transmit key to use in calculating any buffer adjustments
         * required.  This is also used below to do privacy
         * encapsulation work.  Then calculate the 802.11 header
         * size and any padding required by the driver.
         *
         * Note key may be NULL if we fall back to the default
         * transmit key and that is not set.  In that case the
         * buffer may not be expanded as needed by the cipher
         * routines, but they will/should discard it.
         */
        if (ic->ic_flags & IEEE80211_F_PRIVACY) {
                if (ic->ic_opmode == IEEE80211_M_STA ||
                    !IEEE80211_IS_MULTICAST(eh.ether_dhost))
                        key = ieee80211_crypto_getucastkey(ic, ni);
                else
                        key = ieee80211_crypto_getmcastkey(ic, ni);
                if (key == NULL && eh.ether_type != htons(ETHERTYPE_PAE)) {
                        IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
                            ("[%s] no default transmit key (%s) deftxkey %u\n",
                            __func__,
                            ether_sprintf(eh.ether_dhost), ic->ic_def_txkey));
                        ic->ic_stats.is_tx_nodefkey++;
                }
        } else
                key = NULL;
	skb = ieee80211_skbhdr_adjust(ic, key, skb);
	if (skb == NULL) {
		/* NB: ieee80211_skbhdr_adjust handles msgs+statistics */

	case IEEE80211_M_MONITOR:
		goto bad;
	}
        if (key != NULL) {
                /*
                 * IEEE 802.1X: send EAPOL frames always in the clear.
                 * WPA/WPA2: encrypt EAPOL keys when pairwise keys are set.
                 */
                if (eh.ether_type != __constant_htons(ETHERTYPE_PAE) ||
                    ((ic->ic_flags & IEEE80211_F_WPA) &&
                     !KEY_UNDEFINED(ni->ni_ucastkey))) {
                        wh->i_fc[1] |= IEEE80211_FC1_WEP;
                        /* XXX do fragmentation */
                        if (!ieee80211_crypto_enmic(ic, key, skb)) {
                                IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
                                    ("[%s] enmic failed, discard frame\n",
                                    ether_sprintf(eh.ether_dhost)));
                                /* XXX statistic */
                                goto bad;
                        }
                }
        }
	if (eh.ether_type != __constant_htons(ETHERTYPE_PAE)) {
		/*
		 * Reset the inactivity timer only for non-PAE traffic

Return to bug 112048

Lines 200-231 Link Here

(-)madwifi-orig/net80211/ieee80211_output.c (-56 / +74 lines)
200	return skb;	200	return skb;
201	}	201	}
202		202
		203	#define KEY_UNDEFINED(k) ((k).wk_cipher == &ieee80211_cipher_none)
203	/*	204	/*
204	* Return the transmit key to use in sending a frame to	205	* Return the transmit key to use in sending a unicast frame.
205	* the specified destination. Multicast traffic always	206	* If a unicast key is set we use that. When no unicast key is set
206	* uses the group key. Otherwise if a unicast key is	207	* we fall back to the default transmit key.
207	* set we use that. When no unicast key is set we fall	208	*/
208	* back to the default transmit key.
209	*/
210	static inline struct ieee80211_key *	209	static inline struct ieee80211_key *
211	ieee80211_crypto_getkey(struct ieee80211com *ic,	210	ieee80211_crypto_getucastkey(struct ieee80211com ic, struct ieee80211_node ni)
212	const u_int8_t mac[IEEE80211_ADDR_LEN], struct ieee80211_node *ni)
213	{	211	{
214	#define KEY_UNDEFINED(k) ((k).wk_cipher == &ieee80211_cipher_none)	212	if (KEY_UNDEFINED(ni->ni_ucastkey)) {
215	if (IEEE80211_IS_MULTICAST(mac) \|\| KEY_UNDEFINED(ni->ni_ucastkey)) {	213	if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE \|\|
216	if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE \|\|	214	KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey]))
217	KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey])) {	215	return NULL;
218	IEEE80211_DPRINTF(ic, IEEE80211_MSG_OUTPUT,	216	return &ic->ic_nw_keys[ic->ic_def_txkey];
219	("%s: no transmit key, def_txkey %u\n",	217	} else {
220	__func__, ic->ic_def_txkey));	218	return &ni->ni_ucastkey;
221	/* XXX statistic */	219	}
222	return NULL;	220	}
223	}	221
224	return &ic->ic_nw_keys[ic->ic_def_txkey];	222	/*
225	} else {	223	* Return the transmit key to use in sending a multicast frame.
226	return &ni->ni_ucastkey;	224	* Multicast traffic always uses the group key which is installed as
227	}	225	* the default tx key.
228	#undef KEY_UNDEFINED	226	*/
		227	static inline struct ieee80211_key *
		228	ieee80211_crypto_getmcastkey(struct ieee80211com ic, struct ieee80211_node ni)
		229	{
		230	if (ic->ic_def_txkey == IEEE80211_KEYIX_NONE \|\|
		231	KEY_UNDEFINED(ic->ic_nw_keys[ic->ic_def_txkey]))
		232	return NULL;
		233	return &ic->ic_nw_keys[ic->ic_def_txkey];
229	}	234	}
230		235
231	/*	236	/*
Lines 274-294 Link Here
274	}	279	}
275	}	280	}
276		281
277	/*	282	/*
278	* Insure space for additional headers. First	283	* Insure space for additional headers. First identify
279	* identify transmit key to use in calculating any	284	* transmit key to use in calculating any buffer adjustments
280	* buffer adjustments required. This is also used	285	* required. This is also used below to do privacy
281	* below to do privacy encapsulation work.	286	* encapsulation work. Then calculate the 802.11 header
282	*	287	* size and any padding required by the driver.
283	* Note key may be NULL if we fall back to the default	288	*
284	* transmit key and that is not set. In that case the	289	* Note key may be NULL if we fall back to the default
285	* buffer may not be expanded as needed by the cipher	290	* transmit key and that is not set. In that case the
286	* routines, but they will/should discard it.	291	* buffer may not be expanded as needed by the cipher
287	*/	292	* routines, but they will/should discard it.
288	if (ic->ic_flags & IEEE80211_F_PRIVACY)	293	*/
289	key = ieee80211_crypto_getkey(ic, eh.ether_dhost, ni);	294	if (ic->ic_flags & IEEE80211_F_PRIVACY) {
290	else	295	if (ic->ic_opmode == IEEE80211_M_STA \|\|
291	key = NULL;	296	!IEEE80211_IS_MULTICAST(eh.ether_dhost))
		297	key = ieee80211_crypto_getucastkey(ic, ni);
		298	else
		299	key = ieee80211_crypto_getmcastkey(ic, ni);
		300	if (key == NULL && eh.ether_type != htons(ETHERTYPE_PAE)) {
		301	IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
		302	("[%s] no default transmit key (%s) deftxkey %u\n",
		303	__func__,
		304	ether_sprintf(eh.ether_dhost), ic->ic_def_txkey));
		305	ic->ic_stats.is_tx_nodefkey++;
		306	}
		307	} else
		308	key = NULL;
292	skb = ieee80211_skbhdr_adjust(ic, key, skb);	309	skb = ieee80211_skbhdr_adjust(ic, key, skb);
293	if (skb == NULL) {	310	if (skb == NULL) {
294	/* NB: ieee80211_skbhdr_adjust handles msgs+statistics */	311	/* NB: ieee80211_skbhdr_adjust handles msgs+statistics */
Lines 333-356 Link Here
333	case IEEE80211_M_MONITOR:	350	case IEEE80211_M_MONITOR:
334	goto bad;	351	goto bad;
335	}	352	}
336	if (eh.ether_type != __constant_htons(ETHERTYPE_PAE) \|\|	353	if (key != NULL) {
337	(key != NULL && (ic->ic_flags & IEEE80211_F_WPA))) {	354	/*
338	/*	355	* IEEE 802.1X: send EAPOL frames always in the clear.
339	* IEEE 802.1X: send EAPOL frames always in the clear.	356	* WPA/WPA2: encrypt EAPOL keys when pairwise keys are set.
340	* WPA/WPA2: encrypt EAPOL keys when pairwise keys are set.	357	*/
341	*/	358	if (eh.ether_type != __constant_htons(ETHERTYPE_PAE) \|\|
342	if (key != NULL) {	359	((ic->ic_flags & IEEE80211_F_WPA) &&
343	wh->i_fc[1] \|= IEEE80211_FC1_WEP;	360	!KEY_UNDEFINED(ni->ni_ucastkey))) {
344	/* XXX do fragmentation */	361	wh->i_fc[1] \|= IEEE80211_FC1_WEP;
345	if (!ieee80211_crypto_enmic(ic, key, skb)) {	362	/* XXX do fragmentation */
346	IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,	363	if (!ieee80211_crypto_enmic(ic, key, skb)) {
347	("[%s] enmic failed, discard frame\n",	364	IEEE80211_DPRINTF(ic, IEEE80211_MSG_CRYPTO,
348	ether_sprintf(eh.ether_dhost)));	365	("[%s] enmic failed, discard frame\n",
349	/* XXX statistic */	366	ether_sprintf(eh.ether_dhost)));
350	goto bad;	367	/* XXX statistic */
351	}	368	goto bad;
352	}	369	}
353	}	370	}
		371	}
354	if (eh.ether_type != __constant_htons(ETHERTYPE_PAE)) {	372	if (eh.ether_type != __constant_htons(ETHERTYPE_PAE)) {
355	/*	373	/*
356	* Reset the inactivity timer only for non-PAE traffic	374	* Reset the inactivity timer only for non-PAE traffic