DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

MFP: Fix IGTK PN in group rekeying

Browse source 
IGTK get_seqnum needs to be skipped in the same way as GTK one when
rekeying group keys. Previously, the old PN value (the one from the
previous key) was indicated and that resulted in MMIE replay detection
at the station.
This commit is contained in:
Jouni Malinen 2010-03-29 22:57:10 -07:00
parent 32d5295f9d
commit 7b1080dadd
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
src/ap/wpa_auth.c
View file

@ -1535,7 +1535,8 @@ static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
igtk.keyid[0] = gsm->GN_igtk; igtk.keyid[0] = gsm->GN_igtk;
igtk.keyid[1] = 0; igtk.keyid[1] = 0;
if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn) < 0) if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn) < 0)
os_memset(igtk.pn, 0, sizeof(igtk.pn)); os_memset(igtk.pn, 0, sizeof(igtk.pn));
os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN); os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN);
pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK, pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,