aboutsummaryrefslogtreecommitdiffstats
path: root/src/ap/wpa_auth_i.h
diff options
context:
space:
mode:
authorMathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>2017-07-14 13:15:35 (GMT)
committerJouni Malinen <j@w1.fi>2017-10-15 23:03:47 (GMT)
commit0e3bd7ac684a2289aa613347e2f3ad54ad6a9449 (patch)
treef4d1d2b4e0ab6d842ea17b446948a327f6f98c71 /src/ap/wpa_auth_i.h
parent89c343e88765edc98ace9aab2deb21e97d8d5f08 (diff)
downloadhostap-0e3bd7ac684a2289aa613347e2f3ad54ad6a9449.zip
hostap-0e3bd7ac684a2289aa613347e2f3ad54ad6a9449.tar.gz
hostap-0e3bd7ac684a2289aa613347e2f3ad54ad6a9449.tar.bz2
hostapd: Avoid key reinstallation in FT handshake
Do not reinstall TK to the driver during Reassociation Response frame processing if the first attempt of setting the TK succeeded. This avoids issues related to clearing the TX/RX PN that could result in reusing same PN values for transmitted frames (e.g., due to CCM nonce reuse and also hitting replay protection on the receiver) and accepting replayed frames on RX side. This issue was introduced by the commit 0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in authenticator') which allowed wpa_ft_install_ptk() to be called multiple times with the same PTK. While the second configuration attempt is needed with some drivers, it must be done only if the first attempt failed. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
Diffstat (limited to 'src/ap/wpa_auth_i.h')
-rw-r--r--src/ap/wpa_auth_i.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index 23d2af3..b779af7 100644
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -61,6 +61,7 @@ struct wpa_state_machine {
struct wpa_ptk PTK;
Boolean PTK_valid;
Boolean pairwise_set;
+ Boolean tk_already_set;
int keycount;
Boolean Pair;
struct wpa_key_replay_counter {