nl80211: support per-mac GTK on _new_key_group

AdHoc will require a per-mac GTK to be set. For this reason nl80211_build_new_key_group has been updated to optionally take a MAC address.
2018-10-08 13:44:12 -07:00 · 2018-10-08 13:44:12 -07:00 · 2123d613fc
parent 5e5caedb90
commit 2123d613fc
4 changed files with 23 additions and 6 deletions
--- a/src/ap.c
+++ b/src/ap.c
@ -567,7 +567,8 @@ static void ap_associate_sta_cb(struct l_genl_msg *msg, void *user_data)
 		msg = nl80211_build_new_key_group(
 						netdev_get_ifindex(ap->netdev),
 						group_cipher, ap->gtk_index,
-						ap->gtk, gtk_len, NULL, 0);
+						ap->gtk, gtk_len, NULL,
+						0, NULL);

 		if (!l_genl_family_send(nl80211, msg, ap_gtk_op_cb, NULL,
 					NULL)) {
--- a/src/netdev.c
+++ b/src/netdev.c
@ -1167,6 +1167,8 @@ static void netdev_set_gtk(struct handshake_state *hs, uint8_t key_index,
 	struct netdev *netdev = nhs->netdev;
 	uint8_t gtk_buf[32];
 	struct l_genl_msg *msg;
+	const uint8_t *addr = (netdev->type == NL80211_IFTYPE_ADHOC) ?
+				nhs->super.aa : NULL;

 	l_debug("%d", netdev->index);

@ -1184,7 +1186,7 @@ static void netdev_set_gtk(struct handshake_state *hs, uint8_t key_index,
 	}

 	msg = nl80211_build_new_key_group(netdev->index, cipher, key_index,
-					gtk_buf, gtk_len, rsc, rsc_len);
+					gtk_buf, gtk_len, rsc, rsc_len, addr);

 	nhs->group_new_key_cmd_id =
 		l_genl_family_send(nl80211, msg, netdev_new_group_key_cb,
@ -1229,7 +1231,7 @@ static void netdev_set_igtk(struct handshake_state *hs, uint8_t key_index,
 	}

 	msg = nl80211_build_new_key_group(netdev->index, cipher, key_index,
-					igtk_buf, igtk_len, ipn, ipn_len);
+					igtk_buf, igtk_len, ipn, ipn_len, NULL);

 	nhs->group_management_new_key_cmd_id =
 			l_genl_family_send(nl80211, msg,
--- a/src/nl80211_util.c
+++ b/src/nl80211_util.c
@ -30,15 +30,18 @@
 struct l_genl_msg *nl80211_build_new_key_group(uint32_t ifindex, uint32_t cipher,
 					uint8_t key_id, const uint8_t *key,
 					size_t key_len, const uint8_t *ctr,
-					size_t ctr_len)
+					size_t ctr_len, const uint8_t *addr)
 {
 	struct l_genl_msg *msg;

 	msg = l_genl_msg_new_sized(NL80211_CMD_NEW_KEY, 512);

 	l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &ifindex);
-	l_genl_msg_enter_nested(msg, NL80211_ATTR_KEY);

+	if (addr)
+		l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
+
+	l_genl_msg_enter_nested(msg, NL80211_ATTR_KEY);
 	l_genl_msg_append_attr(msg, NL80211_KEY_DATA, key_len, key);
 	l_genl_msg_append_attr(msg, NL80211_KEY_CIPHER, 4, &cipher);
 	l_genl_msg_append_attr(msg, NL80211_KEY_IDX, 1, &key_id);
@ -46,6 +49,16 @@ struct l_genl_msg *nl80211_build_new_key_group(uint32_t ifindex, uint32_t cipher
 	if (ctr)
 		l_genl_msg_append_attr(msg, NL80211_KEY_SEQ, ctr_len, ctr);

+	if (addr) {
+		uint32_t type = NL80211_KEYTYPE_GROUP;
+
+		l_genl_msg_append_attr(msg, NL80211_KEY_TYPE, 4, &type);
+		l_genl_msg_enter_nested(msg, NL80211_KEY_DEFAULT_TYPES);
+		l_genl_msg_append_attr(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST,
+					0, NULL);
+		l_genl_msg_leave_nested(msg);
+	}
+
 	l_genl_msg_leave_nested(msg);

 	return msg;
--- a/src/nl80211_util.h
+++ b/src/nl80211_util.h
@ -25,7 +25,8 @@
 struct l_genl_msg *nl80211_build_new_key_group(uint32_t ifindex,
 					uint32_t cipher, uint8_t key_id,
 					const uint8_t *key, size_t key_len,
-					const uint8_t *ctr, size_t ctr_len);
+					const uint8_t *ctr, size_t ctr_len,
+					const uint8_t *addr);

 struct l_genl_msg *nl80211_build_set_station_authorized(uint32_t ifindex,
 							const uint8_t *addr);