From 3d0f2c9a1fbaa6ff1fd1fc858ce1aa5248866417 Mon Sep 17 00:00:00 2001 From: Damien Bergamini Date: Sat, 5 Jun 2010 15:54:36 +0000 Subject: when rekeying the GTK/IGTK, send the new key to clients, not the old one. found after reading a post by Nathanael Rensen to tech@ --- sys/net80211/ieee80211_pae_output.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) (limited to 'sys/net80211/ieee80211_pae_output.c') diff --git a/sys/net80211/ieee80211_pae_output.c b/sys/net80211/ieee80211_pae_output.c index 21b09cf8fd6..423d38a7154 100644 --- a/sys/net80211/ieee80211_pae_output.c +++ b/sys/net80211/ieee80211_pae_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_pae_output.c,v 1.15 2009/01/26 19:09:41 damien Exp $ */ +/* $OpenBSD: ieee80211_pae_output.c,v 1.16 2010/06/05 15:54:35 damien Exp $ */ /*- * Copyright (c) 2007,2008 Damien Bergamini @@ -497,6 +497,7 @@ ieee80211_send_group_msg1(struct ieee80211com *ic, struct ieee80211_node *ni) struct mbuf *m; u_int16_t info; u_int8_t *frm; + u_int8_t kid; ni->ni_rsn_gstate = RSNA_REKEYNEGOTIATING; if (++ni->ni_rsn_retries > 3) { @@ -505,7 +506,11 @@ ieee80211_send_group_msg1(struct ieee80211com *ic, struct ieee80211_node *ni) ieee80211_node_leave(ic, ni); return 0; } - k = &ic->ic_nw_keys[ic->ic_def_txkey]; + if (ni->ni_flags & IEEE80211_NODE_REKEY) + kid = (ic->ic_def_txkey == 1) ? 2 : 1; + else + kid = ic->ic_def_txkey; + k = &ic->ic_nw_keys[kid]; m = ieee80211_get_eapol_key(M_DONTWAIT, MT_DATA, ((ni->ni_rsnprotos == IEEE80211_PROTO_WPA) ? @@ -535,8 +540,12 @@ ieee80211_send_group_msg1(struct ieee80211com *ic, struct ieee80211_node *ni) } else { /* RSN */ frm = ieee80211_add_gtk_kde(frm, ni, k); if (ni->ni_flags & IEEE80211_NODE_MFP) { + if (ni->ni_flags & IEEE80211_NODE_REKEY) + kid = (ic->ic_igtk_kid == 4) ? 5 : 4; + else + kid = ic->ic_igtk_kid; frm = ieee80211_add_igtk_kde(frm, - &ic->ic_nw_keys[ic->ic_igtk_kid]); + &ic->ic_nw_keys[kid]); } } /* RSC = last transmit sequence number for the GTK */ -- cgit v1.2.3