aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd/wpa.c
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2008-10-21 10:54:54 (GMT)
committerJouni Malinen <j@w1.fi>2008-10-21 10:54:54 (GMT)
commit9663596facdd2a1f43f320fb87b992e880b5c8d1 (patch)
treea28f235e7b6f90a59bf4aecb0680cd2a939df9e5 /hostapd/wpa.c
parent244e07c54d5675d4b53d315a9b0c34f511fcda4d (diff)
downloadhostap-06-9663596facdd2a1f43f320fb87b992e880b5c8d1.zip
hostap-06-9663596facdd2a1f43f320fb87b992e880b5c8d1.tar.gz
hostap-06-9663596facdd2a1f43f320fb87b992e880b5c8d1.tar.bz2
Fix group key rekeying when reauth happens during pending group key update
We need to cancel the group key update for a STA if a reauthentication request is received while the STA is in pending group key update. When canceling the update, we will also need to make sure that the PTK Group Key state machine ends up in the correct state (IDLE) to allow future updates in case of WPA2.
Diffstat (limited to 'hostapd/wpa.c')
-rw-r--r--hostapd/wpa.c28
1 files changed, 24 insertions, 4 deletions
diff --git a/hostapd/wpa.c b/hostapd/wpa.c
index bee3ffa..c7bcac8 100644
--- a/hostapd/wpa.c
+++ b/hostapd/wpa.c
@@ -1109,6 +1109,15 @@ void wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
break;
case WPA_REAUTH:
case WPA_REAUTH_EAPOL:
+ if (sm->GUpdateStationKeys) {
+ /*
+ * Reauthentication cancels the pending group key
+ * update for this STA.
+ */
+ sm->group->GKeyDoneStations--;
+ sm->GUpdateStationKeys = FALSE;
+ sm->PtkGroupInit = TRUE;
+ }
sm->ReAuthenticationRequest = TRUE;
break;
case WPA_ASSOC_FT:
@@ -1760,9 +1769,10 @@ SM_STATE(WPA_PTK_GROUP, KEYERROR)
SM_STEP(WPA_PTK_GROUP)
{
- if (sm->Init)
+ if (sm->Init || sm->PtkGroupInit) {
SM_ENTER(WPA_PTK_GROUP, IDLE);
- else switch (sm->wpa_ptk_group_state) {
+ sm->PtkGroupInit = FALSE;
+ } else switch (sm->wpa_ptk_group_state) {
case WPA_PTK_GROUP_IDLE:
if (sm->GUpdateStationKeys ||
(sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
@@ -1844,8 +1854,18 @@ static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
"Not in PTKINITDONE; skip Group Key update");
return 0;
}
- sm->group->GKeyDoneStations++;
- sm->GUpdateStationKeys = TRUE;
+ if (sm->GUpdateStationKeys) {
+ /*
+ * This should not really happen, but just in case, make sure
+ * we do not count the same STA twice in GKeyDoneStations.
+ */
+ wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
+ "GUpdateStationKeys already set - do not "
+ "increment GKeyDoneStations");
+ } else {
+ sm->group->GKeyDoneStations++;
+ sm->GUpdateStationKeys = TRUE;
+ }
wpa_sm_step(sm);
return 0;
}