DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

FT: Fix GTK rekeying after FT protocol

Browse source 
Move to PTKINITDONE state and mark PTK valid after successful completion
of FT protocol. This allows the AP/Authenticator to start GTK rekeying
when FT protocol is used. Previously, the station using FT protocol did
not get the new GTK which would break delivery of group addressed
frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-06-01 12:24:49 +03:00
parent 3b25ad4cd6
commit 3d4d2348c0
2 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/ap/wpa_auth.c
View file

@ -565,6 +565,8 @@ int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
"FT authentication already completed - do not " "FT authentication already completed - do not "
"start 4-way handshake"); "start 4-way handshake");
/* Go to PTKINITDONE state to allow GTK rekeying */
sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
return 0; return 0;
} }
#endif /* CONFIG_IEEE80211R */ #endif /* CONFIG_IEEE80211R */

1
src/ap/wpa_auth_ft.c
View file

@ -898,6 +898,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
wpa_hexdump(MSG_DEBUG, "FT: PTKName", ptk_name, WPA_PMK_NAME_LEN); wpa_hexdump(MSG_DEBUG, "FT: PTKName", ptk_name, WPA_PMK_NAME_LEN);
sm->pairwise = pairwise; sm->pairwise = pairwise;
sm->PTK_valid = TRUE;
wpa_ft_install_ptk(sm); wpa_ft_install_ptk(sm);
buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) + buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +