aboutsummaryrefslogtreecommitdiffstats
path: root/src/rsn_supp
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2008-03-12 09:20:20 (GMT)
committerJouni Malinen <j@w1.fi>2008-03-12 09:20:20 (GMT)
commit658d166297ffff1ebcd8a408456b1a9c645adaee (patch)
treeb00f8f2ce769d506b69fb1e7e2b8f9a8288dfa40 /src/rsn_supp
parent58a98fb027351ee6b6d6eab557500ac644f3cdf0 (diff)
downloadhostap-06-658d166297ffff1ebcd8a408456b1a9c645adaee.zip
hostap-06-658d166297ffff1ebcd8a408456b1a9c645adaee.tar.gz
hostap-06-658d166297ffff1ebcd8a408456b1a9c645adaee.tar.bz2
FT: Use correct BSSID when deriving PTK and verifying MIC
The old version was using struct wpa_sm::bssid which is not necessarily updated to point to the correct target address when doing over-the-air FT since the address is used before the association has actually been completed.
Diffstat (limited to 'src/rsn_supp')
-rw-r--r--src/rsn_supp/wpa.h5
-rw-r--r--src/rsn_supp/wpa_ft.c6
2 files changed, 6 insertions, 5 deletions
diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h
index 6ab53fe..60a3fa0 100644
--- a/src/rsn_supp/wpa.h
+++ b/src/rsn_supp/wpa.h
@@ -280,7 +280,7 @@ int wpa_ft_process_response(struct wpa_sm *sm, const u8 *ies, size_t ies_len,
int ft_action, const u8 *target_ap);
int wpa_ft_is_completed(struct wpa_sm *sm);
int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
- size_t ies_len);
+ size_t ies_len, const u8 *src_addr);
int wpa_ft_start_over_ds(struct wpa_sm *sm, const u8 *target_ap);
#else /* CONFIG_IEEE80211R */
@@ -310,7 +310,8 @@ static inline int wpa_ft_is_completed(struct wpa_sm *sm)
}
static inline int
-wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, size_t ies_len)
+wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies, size_t ies_len,
+ const u8 *src_addr)
{
return -1;
}
diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index b0c4aad..b2ffd55 100644
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -536,7 +536,7 @@ int wpa_ft_process_response(struct wpa_sm *sm, const u8 *ies, size_t ies_len,
wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name",
sm->pmk_r1_name, WPA_PMK_NAME_LEN);
- bssid = ft_action ? sm->target_ap : sm->bssid;
+ bssid = target_ap;
wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->snonce, ftie->anonce, sm->own_addr,
bssid, sm->pmk_r1_name,
(u8 *) &sm->ptk, sizeof(sm->ptk), ptk_name);
@@ -582,7 +582,7 @@ int wpa_ft_is_completed(struct wpa_sm *sm)
int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
- size_t ies_len)
+ size_t ies_len, const u8 *src_addr)
{
struct wpa_ft_ies parse;
struct rsn_mdie *mdie;
@@ -665,7 +665,7 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
return -1;
}
- if (wpa_ft_mic(sm->ptk.kck, sm->own_addr, sm->bssid, 6,
+ if (wpa_ft_mic(sm->ptk.kck, sm->own_addr, src_addr, 6,
parse.mdie - 2, parse.mdie_len + 2,
parse.ftie - 2, parse.ftie_len + 2,
parse.rsn - 2, parse.rsn_len + 2, NULL, 0,