From 3d4d2348c092fc3236504507466ff565c39d060a Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 1 Jun 2014 12:24:49 +0300 Subject: [PATCH] FT: Fix GTK rekeying after FT protocol Move to PTKINITDONE state and mark PTK valid after successful completion of FT protocol. This allows the AP/Authenticator to start GTK rekeying when FT protocol is used. Previously, the station using FT protocol did not get the new GTK which would break delivery of group addressed frames. Signed-off-by: Jouni Malinen --- src/ap/wpa_auth.c | 2 ++ src/ap/wpa_auth_ft.c | 1 + 2 files changed, 3 insertions(+) diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index d2126103d..a9cd6f65e 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -565,6 +565,8 @@ int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "FT authentication already completed - do not " "start 4-way handshake"); + /* Go to PTKINITDONE state to allow GTK rekeying */ + sm->wpa_ptk_state = WPA_PTK_PTKINITDONE; return 0; } #endif /* CONFIG_IEEE80211R */ diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c index 77015961b..a80bbb7f4 100644 --- a/src/ap/wpa_auth_ft.c +++ b/src/ap/wpa_auth_ft.c @@ -898,6 +898,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm, wpa_hexdump(MSG_DEBUG, "FT: PTKName", ptk_name, WPA_PMK_NAME_LEN); sm->pairwise = pairwise; + sm->PTK_valid = TRUE; wpa_ft_install_ptk(sm); buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +