@@ -2487,7 +2487,7 @@ int ieee802_1x_init(struct hostapd_data *hapd)
for (i = 0; i < 4; i++)
hostapd_drv_set_key(hapd->conf->iface, hapd,
WPA_ALG_NONE, NULL, i, 0, 0, NULL,
- 0, NULL, 0, KEY_FLAG_GROUP_RX_TX);
+ 0, NULL, 0, KEY_FLAG_GROUP);
ieee802_1x_rekey(hapd, NULL);
@@ -431,7 +431,6 @@ enum chan_width {
};
enum key_flag {
- KEY_FLAG_MODIFY = BIT(0),
KEY_FLAG_DEFAULT = BIT(1),
KEY_FLAG_RX = BIT(2),
KEY_FLAG_TX = BIT(3),
@@ -448,10 +447,23 @@ enum key_flag {
KEY_FLAG_DEFAULT,
KEY_FLAG_PAIRWISE_RX_TX = KEY_FLAG_PAIRWISE | KEY_FLAG_RX_TX,
KEY_FLAG_PAIRWISE_RX = KEY_FLAG_PAIRWISE | KEY_FLAG_RX,
- KEY_FLAG_PAIRWISE_RX_TX_MODIFY = KEY_FLAG_PAIRWISE_RX_TX |
- KEY_FLAG_MODIFY,
+ /* Max allowed flags for each key type */
+ KEY_FLAG_PAIRWISE_MASK = KEY_FLAG_PAIRWISE_RX_TX,
+ KEY_FLAG_GROUP_MASK = KEY_FLAG_GROUP_RX_TX_DEFAULT,
+ KEY_FLAG_PMK_MASK = KEY_FLAG_PMK,
};
+static inline int check_key_flag(enum key_flag key_flag)
+{
+ return !!(!key_flag ||
+ (key_flag & KEY_FLAG_PAIRWISE &&
+ key_flag & ~KEY_FLAG_PAIRWISE_MASK) ||
+ (key_flag & KEY_FLAG_GROUP &&
+ key_flag & ~KEY_FLAG_GROUP_MASK) ||
+ (key_flag & KEY_FLAG_PMK &&
+ key_flag & ~KEY_FLAG_PMK_MASK));
+}
+
enum ptk0_rekey_handling {
PTK0_REKEY_ALLOW_ALWAYS,
PTK0_REKEY_ALLOW_LOCAL_OK,
@@ -3556,6 +3556,9 @@ retry:
p.set_tx = i == params->wep_tx_keyidx;
p.key = params->wep_key[i];
p.key_len = params->wep_key_len[i];
+ p.key_flag = i == params->wep_tx_keyidx ?
+ KEY_FLAG_GROUP_RX_TX_DEFAULT :
+ KEY_FLAG_GROUP_RX_TX;
wpa_driver_nl80211_set_key(bss, &p);
if (params->wep_tx_keyidx != i)
continue;
- fix a wrong key_flag when deleting WEP keys - remove the not yet needed KEY_FLAG_MODIFY - add masks for each key type to define which flags can be combined - add a helper function to validate key_flag values - add a missing key_flag in nl80211 for WEP authentication Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de> --- Now this has multiple critical fixes for key_flag. Since all are related to the key_flag API and each chunk is self-explaining I did not split those further. I decided to drop KEY_FLAG_MODIFY instead allowing flag combinations not yet used in the code and will simply recreate it whit the Extended Key ID patches once we get there. (For that reason I also did not renumber the flags) We also could move check_key_flag() directly into nl80211 but I assume this is something other will need sooner or later, too. src/ap/ieee802_1x.c | 2 +- src/common/defs.h | 18 +++++++++++++++--- src/drivers/driver_nl80211.c | 3 +++ 3 files changed, 19 insertions(+), 4 deletions(-)