From 3d0f2c9a1fbaa6ff1fd1fc858ce1aa5248866417 Mon Sep 17 00:00:00 2001 From: Damien Bergamini Date: Sat, 5 Jun 2010 15:54:36 +0000 Subject: when rekeying the GTK/IGTK, send the new key to clients, not the old one. found after reading a post by Nathanael Rensen to tech@ --- sys/net80211/ieee80211_pae_output.c | 15 ++++++++++++--- sys/net80211/ieee80211_proto.c | 9 +++++---- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/sys/net80211/ieee80211_pae_output.c b/sys/net80211/ieee80211_pae_output.c index 21b09cf8fd6..423d38a7154 100644 --- a/sys/net80211/ieee80211_pae_output.c +++ b/sys/net80211/ieee80211_pae_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_pae_output.c,v 1.15 2009/01/26 19:09:41 damien Exp $ */ +/* $OpenBSD: ieee80211_pae_output.c,v 1.16 2010/06/05 15:54:35 damien Exp $ */ /*- * Copyright (c) 2007,2008 Damien Bergamini @@ -497,6 +497,7 @@ ieee80211_send_group_msg1(struct ieee80211com *ic, struct ieee80211_node *ni) struct mbuf *m; u_int16_t info; u_int8_t *frm; + u_int8_t kid; ni->ni_rsn_gstate = RSNA_REKEYNEGOTIATING; if (++ni->ni_rsn_retries > 3) { @@ -505,7 +506,11 @@ ieee80211_send_group_msg1(struct ieee80211com *ic, struct ieee80211_node *ni) ieee80211_node_leave(ic, ni); return 0; } - k = &ic->ic_nw_keys[ic->ic_def_txkey]; + if (ni->ni_flags & IEEE80211_NODE_REKEY) + kid = (ic->ic_def_txkey == 1) ? 2 : 1; + else + kid = ic->ic_def_txkey; + k = &ic->ic_nw_keys[kid]; m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, ((ni->ni_rsnprotos == IEEE80211_PROTO_WPA) ? @@ -535,8 +540,12 @@ ieee80211_send_group_msg1(struct ieee80211com *ic, struct ieee80211_node *ni) } else { /* RSN */ frm = ieee80211_add_gtk_kde(frm, ni, k); if (ni->ni_flags & IEEE80211_NODE_MFP) { + if (ni->ni_flags & IEEE80211_NODE_REKEY) + kid = (ic->ic_igtk_kid == 4) ? 5 : 4; + else + kid = ic->ic_igtk_kid; frm = ieee80211_add_igtk_kde(frm, - &ic->ic_nw_keys[ic->ic_igtk_kid]); + &ic->ic_nw_keys[kid]); } } /* RSC = last transmit sequence number for the GTK */ diff --git a/sys/net80211/ieee80211_proto.c b/sys/net80211/ieee80211_proto.c index c3a6a5a99c5..c8f2857f57c 100644 --- a/sys/net80211/ieee80211_proto.c +++ b/sys/net80211/ieee80211_proto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_proto.c,v 1.41 2009/11/21 18:09:31 damien Exp $ */ +/* $OpenBSD: ieee80211_proto.c,v 1.42 2010/06/05 15:54:35 damien Exp $ */ /* $NetBSD: ieee80211_proto.c,v 1.8 2004/04/30 23:58:20 dyoung Exp $ */ /*- @@ -430,10 +430,11 @@ ieee80211_node_gtk_rekey(void *arg, struct ieee80211_node *ni) return; /* initiate a group key handshake with STA */ - if (ieee80211_send_group_msg1(ic, ni) == 0) { - ni->ni_flags |= IEEE80211_NODE_REKEY; + ni->ni_flags |= IEEE80211_NODE_REKEY; + if (ieee80211_send_group_msg1(ic, ni) != 0) + ni->ni_flags &= ~IEEE80211_NODE_REKEY; + else ic->ic_rsn_keydonesta++; - } } /* -- cgit v1.2.3