diff options
author | bschmidt <bschmidt@FreeBSD.org> | 2010-07-01 20:50:12 +0000 |
---|---|---|
committer | bschmidt <bschmidt@FreeBSD.org> | 2010-07-01 20:50:12 +0000 |
commit | 3b1f97758a277bff4cc1443e974c284f24d06d5b (patch) | |
tree | 56b7f55980d4e55396125ba7113871fce80387d9 /sys/net80211 | |
parent | 234db8607d0c787920735055e39ebc8ded6b35b0 (diff) | |
download | FreeBSD-src-3b1f97758a277bff4cc1443e974c284f24d06d5b.zip FreeBSD-src-3b1f97758a277bff4cc1443e974c284f24d06d5b.tar.gz |
- Introduce IEEE80211_KEY_NOREPLAY, a per-key flag to ignore replay
violations.
- Use SIOCGIFMEDIA to determine VAP's opmode, cache it and set
IEEE80211_KEY_NOREPLAY for AHDEMO and IBSS.
Approved by: rpaulo (mentor)
Diffstat (limited to 'sys/net80211')
-rw-r--r-- | sys/net80211/ieee80211_crypto.h | 4 | ||||
-rw-r--r-- | sys/net80211/ieee80211_crypto_ccmp.c | 10 | ||||
-rw-r--r-- | sys/net80211/ieee80211_crypto_tkip.c | 10 |
3 files changed, 7 insertions, 17 deletions
diff --git a/sys/net80211/ieee80211_crypto.h b/sys/net80211/ieee80211_crypto.h index 57d05ad..d7ac436 100644 --- a/sys/net80211/ieee80211_crypto.h +++ b/sys/net80211/ieee80211_crypto.h @@ -78,6 +78,7 @@ struct ieee80211_key { #define IEEE80211_KEY_XMIT 0x0001 /* key used for xmit */ #define IEEE80211_KEY_RECV 0x0002 /* key used for recv */ #define IEEE80211_KEY_GROUP 0x0004 /* key used for WPA group operation */ +#define IEEE80211_KEY_NOREPLAY 0x0008 /* ignore replay failures */ #define IEEE80211_KEY_SWENCRYPT 0x0010 /* host-based encrypt */ #define IEEE80211_KEY_SWDECRYPT 0x0020 /* host-based decrypt */ #define IEEE80211_KEY_SWENMIC 0x0040 /* host-based enmic */ @@ -98,7 +99,8 @@ struct ieee80211_key { uint8_t wk_macaddr[IEEE80211_ADDR_LEN]; }; #define IEEE80211_KEY_COMMON /* common flags passed in by apps */\ - (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV | IEEE80211_KEY_GROUP) + (IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV | IEEE80211_KEY_GROUP | \ + IEEE80211_KEY_NOREPLAY) #define IEEE80211_KEY_DEVICE /* flags owned by device driver */\ (IEEE80211_KEY_DEVKEY|IEEE80211_KEY_CIPHER0|IEEE80211_KEY_CIPHER1) diff --git a/sys/net80211/ieee80211_crypto_ccmp.c b/sys/net80211/ieee80211_crypto_ccmp.c index 9ad2409..cb9ed0a 100644 --- a/sys/net80211/ieee80211_crypto_ccmp.c +++ b/sys/net80211/ieee80211_crypto_ccmp.c @@ -226,14 +226,8 @@ ccmp_decap(struct ieee80211_key *k, struct mbuf *m, int hdrlen) } tid = ieee80211_gettid(wh); pn = READ_6(ivp[0], ivp[1], ivp[4], ivp[5], ivp[6], ivp[7]); - /* - * NB: Multiple stations are using the same key in - * IBSS mode, there is currently no way to sync keyrsc - * counters without discarding too many frames. - */ - if (vap->iv_opmode != IEEE80211_M_IBSS && - vap->iv_opmode != IEEE80211_M_AHDEMO && - pn <= k->wk_keyrsc[tid]) { + if (pn <= k->wk_keyrsc[tid] && + (k->wk_flags & IEEE80211_KEY_NOREPLAY) == 0) { /* * Replay violation. */ diff --git a/sys/net80211/ieee80211_crypto_tkip.c b/sys/net80211/ieee80211_crypto_tkip.c index 0f17c17..05d9c74 100644 --- a/sys/net80211/ieee80211_crypto_tkip.c +++ b/sys/net80211/ieee80211_crypto_tkip.c @@ -281,14 +281,8 @@ tkip_decap(struct ieee80211_key *k, struct mbuf *m, int hdrlen) tid = ieee80211_gettid(wh); ctx->rx_rsc = READ_6(ivp[2], ivp[0], ivp[4], ivp[5], ivp[6], ivp[7]); - /* - * NB: Multiple stations are using the same key in - * IBSS mode, there is currently no way to sync keyrsc - * counters without discarding too many frames. - */ - if (vap->iv_opmode != IEEE80211_M_IBSS && - vap->iv_opmode != IEEE80211_M_AHDEMO && - ctx->rx_rsc <= k->wk_keyrsc[tid]) { + if (ctx->rx_rsc <= k->wk_keyrsc[tid] && + (k->wk_flags & IEEE80211_KEY_NOREPLAY) == 0) { /* * Replay violation; notify upper layer. */ |