wpa_drv_set_key was called with a NULL address for IGTK and MGTK before this patch. The nl80211 driver will then not add the NL80211_KEY_DEFAULT_TYPE_MULTICAST flag for the key, which wrongly marks this key also as a default unicast key in the Linux kernel. With SAE this is no real problem in practice, as a pairwise key will be negotiated in mesh mode, before the first data frame gets send. When using 802.1X in a mesh network in the future, this gets a problem, as Linux now will encrypt EAPOL frames with the default key, which is also marked for unicast usage without this patch. Signed-off-by: Markus Theil <markus.theil@xxxxxxxxxxxxx> --- wpa_supplicant/mesh_rsn.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c index f19bfbfc6..834c7a1cc 100644 --- a/wpa_supplicant/mesh_rsn.c +++ b/wpa_supplicant/mesh_rsn.c @@ -195,7 +195,8 @@ static int __mesh_rsn_auth_init(struct mesh_rsn *rsn, const u8 *addr, wpa_hexdump_key(MSG_DEBUG, "mesh: Own TX IGTK", rsn->igtk, rsn->igtk_len); wpa_drv_set_key(rsn->wpa_s, - wpa_cipher_to_alg(rsn->mgmt_group_cipher), NULL, + wpa_cipher_to_alg(rsn->mgmt_group_cipher), + broadcast_ether_addr, rsn->igtk_key_id, 1, seq, sizeof(seq), rsn->igtk, rsn->igtk_len, KEY_FLAG_GROUP_TX_DEFAULT); @@ -204,7 +205,8 @@ static int __mesh_rsn_auth_init(struct mesh_rsn *rsn, const u8 *addr, /* group privacy / data frames */ wpa_hexdump_key(MSG_DEBUG, "mesh: Own TX MGTK", rsn->mgtk, rsn->mgtk_len); - wpa_drv_set_key(rsn->wpa_s, wpa_cipher_to_alg(rsn->group_cipher), NULL, + wpa_drv_set_key(rsn->wpa_s, wpa_cipher_to_alg(rsn->group_cipher), + broadcast_ether_addr, rsn->mgtk_key_id, 1, seq, sizeof(seq), rsn->mgtk, rsn->mgtk_len, KEY_FLAG_GROUP_TX_DEFAULT); -- 2.27.0 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
