DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

FILS: Accept another (Re)Association Request frame during an association

Browse source 
The previous implementation ended up starting a new EAPOL-Key 4-way
handshake if the STA were to attempt to perform another association.
This resulted in immediate disconnection since the PTK was not ready for
configuring FILS TK at the point when EAPOL-Key msg 1/4 is sent out.
This is better than alloing the association to continue with the same TK
reconfigured, but not really ideal.

Address this potential sequence by not starting a new 4-way handshake on
the additional association attempt. Instead, allow the association to
complete, but do so without reconfiguring the TK to avoid potential
issues with PN reuse with the same TK.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2017-08-25 16:24:18 +03:00
parent 6db556b21d
commit 2f1357fb62
4 changed files with 23 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/ap/wpa_auth.h
View file

@ -314,6 +314,7 @@ int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
int wpa_auth_sta_fils_tk_already_set(struct wpa_state_machine *sm);
int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
struct rsn_pmksa_cache_entry *entry);
struct rsn_pmksa_cache_entry *