install mgtk TX key once on startup

chunyeow · Dec 12, 2011 · 7ba0882 · 7ba0882
1 parent 91f747f
commit 7ba0882
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 18 deletions.
diff --git a/ampe.c b/ampe.c
@@ -72,15 +72,9 @@
 #define MESH_SECURITY_INCONSISTENT_PARAMS       59
 #define MESH_SECURITY_INVALID_CAPABILITY        60
 
-static unsigned char meshid[32];
-static unsigned char meshid_len;
-static unsigned char mgtk_tx[16];
-static struct ampe_config config;
 static const unsigned char akm_suite_selector[4] = { 0x0, 0xf, 0xac, 0x8 };     /*  SAE  */
 static const unsigned char pw_suite_selector[4] = { 0x0, 0xf, 0xac, 0x4 };     /*  CCMP  */
 static const unsigned char null_nonce[32] = { 0 };
-static unsigned char *sta_fixed_ies;
-static unsigned char sta_fixed_ies_len;
 
 /*  For debugging use */
 static const char *mplstates[] = {
@@ -637,7 +631,6 @@ static void fsm_step(struct candidate *cand, enum plink_event event)
             derive_mtk(cand);
             estab_peer_link(cand->peer_mac,
                     cand->mtk, sizeof(cand->mtk),
-                    mgtk_tx, sizeof(mgtk_tx),
                     cand->mgtk, sizeof(cand->mgtk),
                     cand->mgtk_expiration,
                     cand->sup_rates,
@@ -669,7 +662,6 @@ static void fsm_step(struct candidate *cand, enum plink_event event)
 			cand->link_state = PLINK_ESTAB;
             estab_peer_link(cand->peer_mac,
                     cand->mtk, sizeof(cand->mtk),
-                    mgtk_tx, sizeof(mgtk_tx),
                     cand->mgtk, sizeof(cand->mgtk),
                     cand->mgtk_expiration, cand->sup_rates,
                     cand->sup_rates_len,

diff --git a/ampe.h b/ampe.h
@@ -1,6 +1,13 @@
 #ifndef __AMPE_H
 #define __AMPE_H
 
+unsigned char meshid[32];
+unsigned char meshid_len;
+unsigned char mgtk_tx[16];
+struct ampe_config config;
+unsigned char *sta_fixed_ies;
+unsigned char sta_fixed_ies_len;
+
 enum plink_state {
     PLINK_LISTEN,
     PLINK_OPN_SNT,
@@ -27,8 +34,7 @@ int start_peer_link(unsigned char *peer_mac, unsigned char *me, void *cookie);
 
 /*  and implements these:  */
 void estab_peer_link(unsigned char *peer, unsigned char *mtk,
-        int mtk_len, unsigned char *mgtk, int mgtk_len,
-        unsigned char *peer_mgtk, int peer_mgtk_len,
+        int mtk_len, unsigned char *peer_mgtk, int peer_mgtk_len,
         unsigned int mgtk_expiration,
         unsigned char *sup_rates,
         unsigned short sup_rates_len,

diff --git a/linux/meshd-nl80211.c b/linux/meshd-nl80211.c
@@ -905,7 +905,6 @@ static int join_mesh_rsn(struct netlink_config_s *nlcfg, char *mesh_id, int mesh
 
 void estab_peer_link(unsigned char *peer,
         unsigned char *mtk, int mtk_len,
-        unsigned char *mgtk, int mgtk_len,
         unsigned char *peer_mgtk, int peer_mgtk_len,
         unsigned int mgtk_expiration,
         unsigned char *rates,
@@ -914,7 +913,7 @@ void estab_peer_link(unsigned char *peer,
 {
     assert(cookie == &nlcfg);
 
-    assert(mtk_len == 16 && mgtk_len == 16 && peer_mgtk_len == 16);
+    assert(mtk_len == 16 && peer_mgtk_len == 16);
 
     if (peer) {
         sae_debug(MESHD_DEBUG, "estab with " MACSTR "\n", MAC2STR(peer));
@@ -925,12 +924,6 @@ void estab_peer_link(unsigned char *peer,
         /* key to encrypt/decrypt unicast data AND mgmt traffic to/from this peer */
 	    install_key(&nlcfg, peer, CIPHER_CCMP, NL80211_KEYTYPE_PAIRWISE, 0, mtk);
 
-        /* key to protect integrity of multicast mgmt frames tx*/
-	    install_key(&nlcfg, NULL, CIPHER_AES_CMAC, NL80211_KEYTYPE_GROUP, 4, mgtk);
-
-        /* key to encrypt multicast data traffic */
-	    install_key(&nlcfg, NULL, CIPHER_CCMP, NL80211_KEYTYPE_GROUP, 0, mgtk);
-
         /* key to decrypt multicast data traffic from this peer */
 	    install_key(&nlcfg, peer, CIPHER_CCMP, NL80211_KEYTYPE_GROUP, 0, peer_mgtk);
 
@@ -1239,6 +1232,11 @@ int main(int argc, char *argv[])
         goto out;
     }
 
+    /* key to protect integrity of multicast mgmt frames tx*/
+    install_key(&nlcfg, NULL, CIPHER_AES_CMAC, NL80211_KEYTYPE_GROUP, 4, mgtk_tx);
+    /* key to encrypt multicast data traffic */
+    install_key(&nlcfg, NULL, CIPHER_CCMP, NL80211_KEYTYPE_GROUP, 0, mgtk_tx);
+
     get_wiphy(&nlcfg);
 
     srv_main_loop(srvctx);