aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2010-03-30 05:57:10 (GMT)
committerJouni Malinen <j@w1.fi>2010-03-30 05:57:10 (GMT)
commit7b1080daddb118e3ef2c1a4ed298a666aea35efe (patch)
treea3be9fae6597f2e3502b0b3d59a0b696e72077a5 /src
parent32d5295f9d2571323dcdeefc4ab7c138f0fe6e59 (diff)
downloadhostap-7b1080daddb118e3ef2c1a4ed298a666aea35efe.zip
hostap-7b1080daddb118e3ef2c1a4ed298a666aea35efe.tar.gz
hostap-7b1080daddb118e3ef2c1a4ed298a666aea35efe.tar.bz2
MFP: Fix IGTK PN in group rekeying
IGTK get_seqnum needs to be skipped in the same way as GTK one when rekeying group keys. Previously, the old PN value (the one from the previous key) was indicated and that resulted in MMIE replay detection at the station.
Diffstat (limited to 'src')
-rw-r--r--src/ap/wpa_auth.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 93ccb76..12290dd 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1535,7 +1535,8 @@ static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos)
igtk.keyid[0] = gsm->GN_igtk;
igtk.keyid[1] = 0;
- if (wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn) < 0)
+ if (gsm->wpa_group_state != WPA_GROUP_SETKEYSDONE ||
+ wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_igtk, igtk.pn) < 0)
os_memset(igtk.pn, 0, sizeof(igtk.pn));
os_memcpy(igtk.igtk, gsm->IGTK[gsm->GN_igtk - 4], WPA_IGTK_LEN);
pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK,