- fix a wrong key_flag when deleting WEP keys
- remove the not yet needed KEY_FLAG_MODIFY
- add masks for each key type to define which flags can be combined
- add a helper function to validate key_flag values
- add a missing key_flag in nl80211 for WEP authentication
Signed-off-by: Alexander Wetzel <alexander@xxxxxxxxxxxxxx>
---
Now this has multiple critical fixes for key_flag. Since all are related
to the key_flag API and each chunk is self-explaining I did not split
those further.
I decided to drop KEY_FLAG_MODIFY instead allowing flag combinations not
yet used in the code and will simply recreate it whit the Extended Key
ID patches once we get there. (For that reason I also did not renumber
the flags)
We also could move check_key_flag() directly into nl80211 but I assume
this is something other will need sooner or later, too.
src/ap/ieee802_1x.c | 2 +-
src/common/defs.h | 18 +++++++++++++++---
src/drivers/driver_nl80211.c | 3 +++
3 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c
index c8e5fb395..6d4d43554 100644
--- a/src/ap/ieee802_1x.c
+++ b/src/ap/ieee802_1x.c
@@ -2487,7 +2487,7 @@ int ieee802_1x_init(struct hostapd_data *hapd)
for (i = 0; i < 4; i++)
hostapd_drv_set_key(hapd->conf->iface, hapd,
WPA_ALG_NONE, NULL, i, 0, 0, NULL,
- 0, NULL, 0, KEY_FLAG_GROUP_RX_TX);
+ 0, NULL, 0, KEY_FLAG_GROUP);
ieee802_1x_rekey(hapd, NULL);
diff --git a/src/common/defs.h b/src/common/defs.h
index 6358c3158..2941771b3 100644
--- a/src/common/defs.h
+++ b/src/common/defs.h
@@ -431,7 +431,6 @@ enum chan_width {
};
enum key_flag {
- KEY_FLAG_MODIFY = BIT(0),
KEY_FLAG_DEFAULT = BIT(1),
KEY_FLAG_RX = BIT(2),
KEY_FLAG_TX = BIT(3),
@@ -448,10 +447,23 @@ enum key_flag {
KEY_FLAG_DEFAULT,
KEY_FLAG_PAIRWISE_RX_TX = KEY_FLAG_PAIRWISE | KEY_FLAG_RX_TX,
KEY_FLAG_PAIRWISE_RX = KEY_FLAG_PAIRWISE | KEY_FLAG_RX,
- KEY_FLAG_PAIRWISE_RX_TX_MODIFY = KEY_FLAG_PAIRWISE_RX_TX |
- KEY_FLAG_MODIFY,
+ /* Max allowed flags for each key type */
+ KEY_FLAG_PAIRWISE_MASK = KEY_FLAG_PAIRWISE_RX_TX,
+ KEY_FLAG_GROUP_MASK = KEY_FLAG_GROUP_RX_TX_DEFAULT,
+ KEY_FLAG_PMK_MASK = KEY_FLAG_PMK,
};
+static inline int check_key_flag(enum key_flag key_flag)
+{
+ return !!(!key_flag ||
+ (key_flag & KEY_FLAG_PAIRWISE &&
+ key_flag & ~KEY_FLAG_PAIRWISE_MASK) ||
+ (key_flag & KEY_FLAG_GROUP &&
+ key_flag & ~KEY_FLAG_GROUP_MASK) ||
+ (key_flag & KEY_FLAG_PMK &&
+ key_flag & ~KEY_FLAG_PMK_MASK));
+}
+
enum ptk0_rekey_handling {
PTK0_REKEY_ALLOW_ALWAYS,
PTK0_REKEY_ALLOW_LOCAL_OK,
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index ecedc40f5..2582f4983 100644
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -3556,6 +3556,9 @@ retry:
p.set_tx = i == params->wep_tx_keyidx;
p.key = params->wep_key[i];
p.key_len = params->wep_key_len[i];
+ p.key_flag = i == params->wep_tx_keyidx ?
+ KEY_FLAG_GROUP_RX_TX_DEFAULT :
+ KEY_FLAG_GROUP_RX_TX;
wpa_driver_nl80211_set_key(bss, &p);
if (params->wep_tx_keyidx != i)
continue;
--
2.25.1
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
