src - OpenBSD base system

diff options


context:
space:
mode:

author	Damien Bergamini <damien@cvs.openbsd.org>	2007-08-22 20:40:35 +0000
committer	Damien Bergamini <damien@cvs.openbsd.org>	2007-08-22 20:40:35 +0000
commit	4f19245ee53a151b1ae297678ba39835912a1efe (patch)
tree	ffc09b7a85fca0e699375187b82c2732970611ec
parent	dd654a77e55db513af679bbba472472b1a70b096 (diff)

- add k_rxmic and k_txmic fields to struct ieee80211_key to store the

Tx/Rx MIC for TKIP. - add two functions to map a PTK and a GTK to an IEEE 802.11 key and use them in ieee80211_input.c instead of duplicating the same code. properly set Tx/Rx MIC in the IEEE 802.11 key in the case of TKIP. - add ic_psk to struct ieee80211com to store the pre-shared key. - fix setting of the SECURE bit in outgoing EAPOL-Key frames. - when receiving msg 2 of the 4-way handshake, deauthenticate the station if the RSN IE does not match that of the (Re)Association request. - before parsing an RSN or WPA IE, check that there's enough room for the version field (2 bytes) which is mandatory. - various tweaks while i'm here.

Diffstat

-rw-r--r--

sys/net80211/ieee80211_crypto.c

-rw-r--r--

sys/net80211/ieee80211_crypto.h

-rw-r--r--

sys/net80211/ieee80211_input.c

147

-rw-r--r--

sys/net80211/ieee80211_output.c

-rw-r--r--

sys/net80211/ieee80211_var.h

5 files changed, 148 insertions, 97 deletions

diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c
index 83e3fe30d03..efb56d12b3f 100644
--- a/sys/net80211/ieee80211_crypto.c
+++ b/sys/net80211/ieee80211_crypto.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ieee80211_crypto.c,v 1.31 2007/08/03 16:51:06 damien Exp $ */

+/* $OpenBSD: ieee80211_crypto.c,v 1.32 2007/08/22 20:40:34 damien Exp $ */

/* $NetBSD: ieee80211_crypto.c,v 1.5 2003/12/14 09:56:53 dyoung Exp $ */

/*-

@@ -195,9 +195,6 @@ ieee80211_decrypt(struct ieee80211com *ic, struct mbuf *m0,

return m0;

}

-#define IEEE80211_CCMP_HDRLEN 8

-#define IEEE80211_CCMP_MICLEN 8

struct mbuf *

ieee80211_ccmp_encrypt(struct ieee80211com *ic, struct mbuf *m0,

struct ieee80211_key *k)

@@ -273,10 +270,6 @@ ieee80211_ccmp_decrypt(struct ieee80211com *ic, struct mbuf *m0,

return m0;

}

-#define IEEE80211_TKIP_HDRLEN 8

-#define IEEE80211_TKIP_MICLEN 8

-#define IEEE80211_TKIP_ICVLEN 4

struct mbuf *

ieee80211_tkip_encrypt(struct ieee80211com *ic, struct mbuf *m0,

struct ieee80211_key *k)

@@ -1036,3 +1029,49 @@ ieee80211_cipher_keylen(enum ieee80211_cipher cipher)

return 0;

}

+/*

+ * Map PTK to IEEE 802.11 key (see 8.6).

+ */

+void

+ieee80211_map_ptk(const struct ieee80211_ptk *ptk,

+ enum ieee80211_cipher cipher, struct ieee80211_key *k)

+ memset(k, 0, sizeof(*k));

+ k->k_cipher = cipher;

+ k->k_flags = IEEE80211_KEY_TX;

+ k->k_len = ieee80211_cipher_keylen(cipher);

+ if (cipher == IEEE80211_CIPHER_TKIP) {

+ memcpy(k->k_key, ptk->tk, 16);

+ /* use bits 128-191 as the Michael key for AA->SPA */

+ memcpy(k->k_rxmic, &ptk->tk[16], 8);

+ /* use bits 192-255 as the Michael key for SPA->AA */

+ memcpy(k->k_rxmic, &ptk->tk[24], 8);

+ } else

+ memcpy(k->k_key, ptk->tk, k->k_len);

+/*

+ * Map GTK to IEEE 802.11 key (see 8.6).

+ */

+void

+ieee80211_map_gtk(const u_int8_t *gtk, enum ieee80211_cipher cipher, int kid,

+ int txflag, u_int64_t rsc, struct ieee80211_key *k)

+ memset(k, 0, sizeof(*k));

+ k->k_id = kid;

+ k->k_cipher = cipher;

+ k->k_flags = IEEE80211_KEY_GROUP;

+ if (txflag)

+ k->k_flags |= IEEE80211_KEY_TX;

+ k->k_len = ieee80211_cipher_keylen(cipher);

+ k->k_rsc = rsc;

+ if (cipher == IEEE80211_CIPHER_TKIP) {

+ memcpy(k->k_key, gtk, 16);

+ /* use bits 128-191 as the Michael key for AA->SPA */

+ memcpy(k->k_rxmic, &gtk[16], 8);

+ /* use bits 192-255 as the Michael key for SPA->AA */

+ memcpy(k->k_txmic, &gtk[24], 8);

+ } else

+ memcpy(k->k_key, gtk, k->k_len);

diff --git a/sys/net80211/ieee80211_crypto.h b/sys/net80211/ieee80211_crypto.h
index 0ac915fbd35..8d8d4cf58d6 100644
--- a/sys/net80211/ieee80211_crypto.h
+++ b/sys/net80211/ieee80211_crypto.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: ieee80211_crypto.h,v 1.6 2007/08/01 15:40:40 damien Exp $ */

+/* $OpenBSD: ieee80211_crypto.h,v 1.7 2007/08/22 20:40:34 damien Exp $ */

/* $NetBSD: ieee80211_crypto.h,v 1.2 2003/09/14 01:14:55 dyoung Exp $ */

/*-

@@ -60,6 +60,14 @@ enum ieee80211_akm {

#define IEEE80211_KEYBUF_SIZE 16

+#define IEEE80211_TKIP_HDRLEN 8

+#define IEEE80211_TKIP_MICLEN 8

+#define IEEE80211_TKIP_ICVLEN 4

+#define IEEE80211_CCMP_HDRLEN 8

+#define IEEE80211_CCMP_MICLEN 8

+#define IEEE80211_PMK_LEN 32

struct ieee80211_key {

u_int8_t k_id; /* identifier (0-3) */

enum ieee80211_cipher k_cipher;

@@ -71,6 +79,8 @@ struct ieee80211_key {

u_int64_t k_tsc;

int k_len;

u_int8_t k_key[IEEE80211_KEYBUF_SIZE];

+ u_int8_t k_rxmic[IEEE80211_TKIP_MICLEN];

+ u_int8_t k_txmic[IEEE80211_TKIP_MICLEN];

};

/* forward references */

@@ -88,5 +98,9 @@ extern void ieee80211_derive_ptk(const u_int8_t *, size_t, const u_int8_t *,

const u_int8_t *, const u_int8_t *, const u_int8_t *, u_int8_t *,

size_t);

extern int ieee80211_cipher_keylen(enum ieee80211_cipher);

+extern void ieee80211_map_ptk(const struct ieee80211_ptk *,

+ enum ieee80211_cipher, struct ieee80211_key *);

+extern void ieee80211_map_gtk(const u_int8_t *, enum ieee80211_cipher, int,

+ int, u_int64_t, struct ieee80211_key *);

#endif /* _NET80211_IEEE80211_CRYPTO_H_ */

diff --git a/sys/net80211/ieee80211_input.c b/sys/net80211/ieee80211_input.c
index 4b28c04c9ff..73f6bbcf5ea 100644
--- a/sys/net80211/ieee80211_input.c
+++ b/sys/net80211/ieee80211_input.c

@@ -1,5 +1,5 @@

/* $NetBSD: ieee80211_input.c,v 1.24 2004/05/31 11:12:24 dyoung Exp $ */

-/* $OpenBSD: ieee80211_input.c,v 1.63 2007/08/16 14:59:14 deraadt Exp $ */

+/* $OpenBSD: ieee80211_input.c,v 1.64 2007/08/22 20:40:34 damien Exp $ */

/*-

@@ -1034,9 +1034,9 @@ ieee80211_parse_rsn(struct ieee80211com *ic, struct ieee80211_node *ni,

const u_int8_t *frm)

{

/* check IE length */

- if (frm[1] < 2) {

+ if (frm[1] < 4) {

IEEE80211_DPRINTF(("%s: invalid RSN/WPA2 IE;"

- " length %u, expecting at least 2\n", __func__, frm[1]));

+ " length %u, expecting at least 4\n", __func__, frm[1]));

ic->ic_stats.is_rx_elem_toosmall++;

return IEEE80211_REASON_IE_INVALID;

}

@@ -1048,9 +1048,9 @@ ieee80211_parse_wpa1(struct ieee80211com *ic, struct ieee80211_node *ni,

const u_int8_t *frm)

{

/* check IE length */

- if (frm[1] < 6) {

+ if (frm[1] < 8) {

IEEE80211_DPRINTF(("%s: invalid WPA1 IE;"

- " length %u, expecting at least 6\n", __func__, frm[1]));

+ " length %u, expecting at least 8\n", __func__, frm[1]));

ic->ic_stats.is_rx_elem_toosmall++;

return IEEE80211_REASON_IE_INVALID;

}

@@ -1932,7 +1932,7 @@ ieee80211_recv_4way_msg1(struct ieee80211com *ic,

frm += 2 + frm[1];

}

/* check that the PMKID KDE is valid */

- if (pmkid != NULL && pmkid[1] - 4 < 16)

+ if (pmkid != NULL && pmkid[1] < 4 + 16)

return;

/* update the last seen value of the key replay counter field */

@@ -1945,7 +1945,9 @@ ieee80211_recv_4way_msg1(struct ieee80211com *ic,

if (ni->ni_akm == IEEE80211_AKM_IEEE8021X) {

/* XXX find the PMK in the PMKSA cache using the PMKID */

} else {

- /* XXX the PMK is the PSK */

+ /* the PMK is the PSK */

+ pmk = ic->ic_psk;

+ pmk_len = IEEE80211_PMK_LEN;

}

/* derive PTK from PMK */

@@ -1982,12 +1984,6 @@ ieee80211_recv_4way_msg2(struct ieee80211com *ic,

if (BE_READ_8(key->replaycnt) != ni->ni_replaycnt)

return;

- /* derive PTK from PMK */

- ieee80211_derive_ptk(pmk, pmk_len, ic->ic_myaddr, ni->ni_macaddr,

- ni->ni_nonce, key->nonce, (u_int8_t *)&ni->ni_ptk,

- sizeof(ni->ni_ptk));

- ni->ni_ptk_ok = 1;

/* parse key data field (shall contain an RSN IE) */

frm = (const u_int8_t *)&key[1];

efrm = frm + BE_READ_2(key->paylen);

@@ -2021,8 +2017,18 @@ ieee80211_recv_4way_msg2(struct ieee80211com *ic,

* (Re)Association Request.

if (ni->ni_rsnie == NULL || rsn[1] != ni->ni_rsnie[1] ||

- memcmp(rsn, ni->ni_rsnie, 2 + rsn[1]) != 0)

+ memcmp(rsn, ni->ni_rsnie, 2 + rsn[1]) != 0) {

+ IEEE80211_SEND_MGMT(ic, ni, IEEE80211_FC0_SUBTYPE_DEAUTH,

+ IEEE80211_REASON_IE_INVALID);

+ ieee80211_node_leave(ic, ni);

return;

+ }

+ /* derive PTK from PMK */

+ ieee80211_derive_ptk(pmk, pmk_len, ic->ic_myaddr, ni->ni_macaddr,

+ ni->ni_nonce, key->nonce, (u_int8_t *)&ni->ni_ptk,

+ sizeof(ni->ni_ptk));

+ ni->ni_ptk_ok = 1;

if (ic->ic_if.if_flags & IFF_DEBUG)

printf("%s: received msg %d/%d of the %s handshake from %s\n",

@@ -2105,55 +2111,58 @@ ieee80211_recv_4way_msg3(struct ieee80211com *ic,

if (ni->ni_rsnie == NULL || rsn1[1] != ni->ni_rsnie[1] ||

memcmp(rsn1, ni->ni_rsnie, 2 + rsn1[1]) != 0)

+ /*ieee80211_new_state();*/

return;

- /* update the last seen value of the key replay counter field */

- ni->ni_replaycnt = BE_READ_8(key->replaycnt);

- ni->ni_replaycnt_ok = 1;

* If a second RSN information element is present, use its pairwise

* cipher suite or deauthenticate.

if (rsn2 != NULL) {

/* XXX ieee80211_parse_rsn(rsn2); */

+ /*ieee80211_new_state();*/

+ return;

}

+ /* update the last-seen value of the key replay counter field */

+ ni->ni_replaycnt = BE_READ_8(key->replaycnt);

+ ni->ni_replaycnt_ok = 1;

+ if (ic->ic_if.if_flags & IFF_DEBUG)

+ printf("%s: received msg %d/%d of the %s handshake from %s\n",

+ ic->ic_if.if_xname, 3, 4, "4-way",

+ ether_sprintf(ni->ni_macaddr));

+ /* send message 4 to authenticator */

+ if (ieee80211_send_4way_msg4(ic, ni) != 0)

+ return;

+ /* check that key length matches that of pairwise cipher */

+ if (BE_READ_2(key->keylen) !=

+ ieee80211_cipher_keylen(ni->ni_pairwise_cipher))

+ return;

/* install the PTK */

k = &ni->ni_pairwise_key;

- memset(k, 0, sizeof(*k));

- k->k_cipher = ni->ni_pairwise_cipher;

- k->k_flags = IEEE80211_KEY_TX;

- k->k_len = BE_READ_2(key->keylen);

- /* check that key length matches pairwise cipher */

- if (k->k_len != ieee80211_cipher_keylen(k->k_cipher))

- return;

- memcpy(k->k_key, ni->ni_ptk.tk, k->k_len);

+ ieee80211_map_ptk(&ni->ni_ptk, ni->ni_pairwise_cipher, k);

if (ic->ic_set_key != NULL && (*ic->ic_set_key)(ic, ni, k) != 0)

return;

if (gtk != NULL) {

+ u_int64_t rsc;

u_int8_t kid;

/* check that the GTK KDE is valid */

- if (gtk[1] - 4 < 2)

+ if (gtk[1] < 4 + 2)

return;

+ /* check that key length matches that of group cipher */

+ if (gtk[1] - 6 != ieee80211_cipher_keylen(ni->ni_group_cipher))

+ return; /* XXX PTK already installed! */

/* install the GTK */

kid = gtk[6] & 3;

+ rsc = LE_READ_8(key->rsc);

k = &ic->ic_nw_keys[kid];

- memset(k, 0, sizeof(*k));

- k->k_id = kid;

- k->k_cipher = ni->ni_group_cipher;

- k->k_flags = IEEE80211_KEY_GROUP;

- if (gtk[6] & (1 << 2)) /* Tx bit */

- k->k_flags |= IEEE80211_KEY_TX;

- k->k_len = gtk[1] - 6;

- /* check that key length matches group cipher */

- if (k->k_len != ieee80211_cipher_keylen(k->k_cipher))

- return; /* XXX PTK already installed! */

- memcpy(k->k_key, &gtk[8], k->k_len);

- k->k_rsc = LE_READ_8(key->rsc);

+ ieee80211_map_gtk(&gtk[8], ni->ni_group_cipher, kid,

+ gtk[6] & (1 << 2), rsc, k);

if (ic->ic_set_key != NULL &&

(*ic->ic_set_key)(ic, ni, k) != 0)

return;

@@ -2161,14 +2170,6 @@ ieee80211_recv_4way_msg3(struct ieee80211com *ic,

/* mark the PAE port as valid */

ni->ni_port_valid = 1;

- if (ic->ic_if.if_flags & IFF_DEBUG)

- printf("%s: received msg %d/%d of the %s handshake from %s\n",

- ic->ic_if.if_xname, 3, 4, "4-way",

- ether_sprintf(ni->ni_macaddr));

- /* send message 4 to authenticator */

- ieee80211_send_4way_msg4(ic, ni);

}

@@ -2192,11 +2193,7 @@ ieee80211_recv_4way_msg4(struct ieee80211com *ic,

/* install the PTK */

k = &ni->ni_pairwise_key;

- memset(k, 0, sizeof(*k));

- k->k_cipher = ni->ni_pairwise_cipher;

- k->k_flags = IEEE80211_KEY_TX;

- k->k_len = ieee80211_cipher_keylen(k->k_cipher);

- memcpy(k->k_key, ni->ni_ptk.tk, k->k_len);

+ ieee80211_map_ptk(&ni->ni_ptk, ni->ni_pairwise_cipher, k);

if (ic->ic_set_key != NULL && (*ic->ic_set_key)(ic, ni, k) != 0)

return;

@@ -2213,6 +2210,8 @@ ieee80211_recv_4way_msg4(struct ieee80211com *ic,

printf("%s: received msg %d/%d of the %s handshake from %s\n",

ic->ic_if.if_xname, 4, 4, "4-way",

ether_sprintf(ni->ni_macaddr));

+ /* XXX start a group key handshake w/ WPA1 */

}

@@ -2226,6 +2225,7 @@ ieee80211_recv_rsn_group_msg1(struct ieee80211com *ic,

struct ieee80211_key *k;

const u_int8_t *frm, *efrm;

const u_int8_t *gtk;

+ u_int64_t rsc;

u_int8_t kid;

if (ic->ic_opmode != IEEE80211_M_STA &&

@@ -2262,24 +2262,17 @@ ieee80211_recv_rsn_group_msg1(struct ieee80211com *ic,

return;

/* check that the GTK KDE is valid */

- if (gtk[1] - 4 < 2)

+ if (gtk[1] < 4 + 2)

+ return;

+ /* check that key length matches that of group cipher */

+ if (gtk[1] - 6 != ieee80211_cipher_keylen(ni->ni_group_cipher))

return;

/* install the GTK */

kid = gtk[6] & 3;

+ rsc = LE_READ_8(key->rsc);

k = &ic->ic_nw_keys[kid];

- memset(k, 0, sizeof(*k));

- k->k_id = kid;

- k->k_cipher = ni->ni_group_cipher;

- k->k_flags = IEEE80211_KEY_GROUP;

- if (gtk[6] & (1 << 2)) /* Tx bit */

- k->k_flags |= IEEE80211_KEY_TX;

- k->k_len = gtk[1] - 6;

- /* check that key length matches group cipher */

- if (k->k_len != ieee80211_cipher_keylen(k->k_cipher))

- return;

- memcpy(k->k_key, &gtk[8], k->k_len);

- k->k_rsc = LE_READ_8(key->rsc);

+ ieee80211_map_gtk(&gtk[8], ni->ni_group_cipher, kid,

+ gtk[6] & (1 << 2), rsc, k);

if (ic->ic_set_key != NULL && (*ic->ic_set_key)(ic, ni, k) != 0)

return;

@@ -2300,6 +2293,7 @@ ieee80211_recv_wpa_group_msg1(struct ieee80211com *ic,

struct ieee80211_eapol_key *key, struct ieee80211_node *ni)

{

struct ieee80211_key *k;

+ u_int64_t rsc;

u_int16_t info;

u_int8_t kid;

@@ -2320,21 +2314,16 @@ ieee80211_recv_wpa_group_msg1(struct ieee80211com *ic,

info = BE_READ_2(key->info);

+ /* check that key length matches that of group cipher */

+ if (BE_READ_2(key->keylen) !=

+ ieee80211_cipher_keylen(ni->ni_group_cipher))

+ return;

/* install the GTK */

kid = (info >> EAPOL_KEY_WPA_KID_SHIFT) & 3;

+ rsc = LE_READ_8(key->rsc);

k = &ic->ic_nw_keys[kid];

- memset(k, 0, sizeof(*k));

- k->k_id = kid;

- k->k_cipher = ni->ni_group_cipher;

- k->k_flags = IEEE80211_KEY_GROUP;

- if (info & EAPOL_KEY_WPA_TX)

- k->k_flags |= IEEE80211_KEY_TX;

- k->k_len = BE_READ_2(key->keylen);

- /* check that key length matches group cipher */

- if (k->k_len != ieee80211_cipher_keylen(k->k_cipher))

- return;

- memcpy(k->k_key, (u_int8_t *)&key[1], k->k_len);

- k->k_rsc = LE_READ_8(key->rsc);

+ ieee80211_map_gtk((u_int8_t *)&key[1], ni->ni_group_cipher, kid,

+ info & EAPOL_KEY_WPA_TX, rsc, k);

if (ic->ic_set_key != NULL && (*ic->ic_set_key)(ic, ni, k) != 0)

return;

diff --git a/sys/net80211/ieee80211_output.c b/sys/net80211/ieee80211_output.c
index d6802d44d14..edf2c4c9557 100644
--- a/sys/net80211/ieee80211_output.c
+++ b/sys/net80211/ieee80211_output.c

@@ -1,4 +1,4 @@

-/* $OpenBSD: ieee80211_output.c,v 1.55 2007/08/05 21:41:11 claudio Exp $ */

+/* $OpenBSD: ieee80211_output.c,v 1.56 2007/08/22 20:40:34 damien Exp $ */

/* $NetBSD: ieee80211_output.c,v 1.13 2004/05/31 11:02:55 dyoung Exp $ */

/*-

@@ -1530,7 +1530,7 @@ ieee80211_send_eapol_key(struct ieee80211com *ic, struct mbuf *m,

key->desc = ni->ni_eapol_desc;

info = BE_READ_2(key->info);

- /* use V2 descriptor only when pairwise cipher is CCMP */

+ /* use V2 descriptor iff pairwise cipher is CCMP */

info |= (ni->ni_pairwise_cipher != IEEE80211_CIPHER_CCMP) ?

EAPOL_KEY_DESC_V1 : EAPOL_KEY_DESC_V2;

BE_WRITE_2(key->info, info);

@@ -1738,7 +1738,7 @@ ieee80211_send_4way_msg3(struct ieee80211com *ic, struct ieee80211_node *ni)

memset(key, 0, sizeof(*key));

info = EAPOL_KEY_PAIRWISE | EAPOL_KEY_INSTALL | EAPOL_KEY_KEYACK |

- EAPOL_KEY_KEYMIC | EAPOL_KEY_SECURE;

+ EAPOL_KEY_KEYMIC;

BE_WRITE_8(key->replaycnt, ni->ni_replaycnt);

/* use same nonce as in Message 1 */

@@ -1754,7 +1754,7 @@ ieee80211_send_4way_msg3(struct ieee80211com *ic, struct ieee80211_node *ni)

/* RSN: encapsulate the GTK and ask for encryption */

frm = ieee80211_add_gtk_kde(frm, gtk);

LE_WRITE_8(key->rsc, gtk->k_rsc);

- info |= EAPOL_KEY_ENCRYPTED;

+ info |= EAPOL_KEY_ENCRYPTED | EAPOL_KEY_SECURE;

} else /* WPA1 */

frm = ieee80211_add_wpa1(frm, ic, ic->ic_bss);

@@ -1788,8 +1788,7 @@ ieee80211_send_4way_msg4(struct ieee80211com *ic, struct ieee80211_node *ni)

key = mtod(m, struct ieee80211_eapol_key *);

memset(key, 0, sizeof(*key));

- info = EAPOL_KEY_PAIRWISE | EAPOL_KEY_KEYMIC | EAPOL_KEY_SECURE;

- BE_WRITE_2(key->info, info);

+ info = EAPOL_KEY_PAIRWISE | EAPOL_KEY_KEYMIC;

/* copy key replay counter from authenticator */

BE_WRITE_8(key->replaycnt, ni->ni_replaycnt);

@@ -1799,7 +1798,11 @@ ieee80211_send_4way_msg4(struct ieee80211com *ic, struct ieee80211_node *ni)

/* WPA1 sets the key length field here */

keylen = ieee80211_cipher_keylen(ni->ni_pairwise_cipher);

BE_WRITE_2(key->keylen, keylen);

- }

+ } else

+ info |= EAPOL_KEY_SECURE;

+ /* write the key info field */

+ BE_WRITE_2(key->info, info);

/* empty key data field */

m->m_pkthdr.len = m->m_len = sizeof(*key);

@@ -1838,7 +1841,12 @@ ieee80211_send_group_msg1(struct ieee80211com *ic, struct ieee80211_node *ni)

EAPOL_KEY_ENCRYPTED;

BE_WRITE_8(key->replaycnt, ni->ni_replaycnt);

+#if 0

+ /* use global counter as GNonce */

+ ieee80211_derive_gtk(ic->ic_gmk, IEEE80211_PMK_LEN, ic->ic_myaddr,

+ ic->ic_globalcnt, &gtk, sizeof gtk);

+ /* XXX increment global counter */

+#endif

frm = (u_int8_t *)&key[1];

if (ni->ni_eapol_desc == EAPOL_KEY_DESC_WPA1) {

/* WPA1 does not have GTK KDE */

diff --git a/sys/net80211/ieee80211_var.h b/sys/net80211/ieee80211_var.h
index f2bc4ed1ada..098bf45c6f0 100644
--- a/sys/net80211/ieee80211_var.h
+++ b/sys/net80211/ieee80211_var.h

@@ -1,4 +1,4 @@

-/* $OpenBSD: ieee80211_var.h,v 1.32 2007/07/28 11:13:41 damien Exp $ */

+/* $OpenBSD: ieee80211_var.h,v 1.33 2007/08/22 20:40:34 damien Exp $ */

/* $NetBSD: ieee80211_var.h,v 1.7 2004/05/06 03:07:10 dyoung Exp $ */

/*-

@@ -241,6 +241,7 @@ struct ieee80211com {

u_int ic_edca_updtcount;

u_int8_t ic_globalcnt[EAPOL_KEY_NONCE_LEN];

u_int64_t ic_keyreplaycnt;

+ u_int8_t ic_psk[IEEE80211_PMK_LEN];

u_int8_t *ic_tim_bitmap;

u_int ic_tim_len;