aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/mesh_rsn.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2016-06-18 11:41:59 (GMT)
committerJouni Malinen <j@w1.fi>2016-06-19 17:18:09 (GMT)
commitfccba2c946407f39b546ad0b6ba42b60577777ac (patch)
tree5706a8eeb08983679fc778fc858e78c50ce4c4cb /wpa_supplicant/mesh_rsn.c
parent696f792320b9a082d28eba4e97ccc4cdab09b8b8 (diff)
downloadhostap-fccba2c946407f39b546ad0b6ba42b60577777ac.zip
hostap-fccba2c946407f39b546ad0b6ba42b60577777ac.tar.gz
hostap-fccba2c946407f39b546ad0b6ba42b60577777ac.tar.bz2
mesh: Generate a separate TX IGTK if PMF is enabled
Previous implementation was incorrectly using MGTK also as the IGTK and doing this regardless of whether PMF was enabled. IGTK needs to be a independent key and this commit does that at the local TX side. The current AMPE element construction and parsing is quite broken, so this does not get add the IGTKdata field there. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'wpa_supplicant/mesh_rsn.c')
-rw-r--r--wpa_supplicant/mesh_rsn.c18
1 files changed, 15 insertions, 3 deletions
diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c
index 021b7d2..0fa0fbf 100644
--- a/wpa_supplicant/mesh_rsn.c
+++ b/wpa_supplicant/mesh_rsn.c
@@ -177,9 +177,19 @@ static int __mesh_rsn_auth_init(struct mesh_rsn *rsn, const u8 *addr,
if (random_get_bytes(rsn->mgtk, rsn->mgtk_len) < 0)
return -1;
- /* group mgmt */
- wpa_drv_set_key(rsn->wpa_s, WPA_ALG_IGTK, NULL, 4, 1,
- seq, sizeof(seq), rsn->mgtk, sizeof(rsn->mgtk));
+#ifdef CONFIG_IEEE80211W
+ if (ieee80211w != NO_MGMT_FRAME_PROTECTION) {
+ if (random_get_bytes(rsn->igtk, 16) < 0)
+ return -1;
+ rsn->igtk_len = 16;
+
+ /* group mgmt */
+ wpa_hexdump_key(MSG_DEBUG, "mesh: Own TX IGTK",
+ rsn->igtk, rsn->igtk_len);
+ wpa_drv_set_key(rsn->wpa_s, WPA_ALG_IGTK, NULL, 4, 1,
+ seq, sizeof(seq), rsn->igtk, rsn->igtk_len);
+ }
+#endif /* CONFIG_IEEE80211W */
/* group privacy / data frames */
wpa_hexdump_key(MSG_DEBUG, "mesh: Own TX MGTK",
@@ -195,6 +205,8 @@ static void mesh_rsn_deinit(struct mesh_rsn *rsn)
{
os_memset(rsn->mgtk, 0, sizeof(rsn->mgtk));
rsn->mgtk_len = 0;
+ os_memset(rsn->igtk, 0, sizeof(rsn->igtk));
+ rsn->igtk_len = 0;
if (rsn->auth)
wpa_deinit(rsn->auth);
}