tests: Fix clearing of IGTK PN in handshake retransmit test functions
When locating the position of the IGTK PN in the key data, we also need to skip the KDE header, in addition to the keyid field. This fixes hostapd RESEND_M3 and RESEND_GROUP_M1 behavior when PMF is negotiated for the association. Previously, the IGTK KDE ended up getting practically hidden since zeroing of the PN ended up clearing the KDE OUI and Type fields. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
This commit is contained in:
Mathy Vanhoef
Jouni Malinen
parent
20daa57b92
commit
9f917339cc
1 changed files with 7 additions and 4 deletions
|
|
@ -4683,8 +4683,9 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
|
|||
#ifdef CONFIG_IEEE80211W
|
||||
opos = pos;
|
||||
pos = ieee80211w_kde_add(sm, pos);
|
||||
if (pos - opos >= WPA_IGTK_KDE_PREFIX_LEN) {
|
||||
opos += 2; /* skip keyid */
|
||||
if (pos - opos >= 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN) {
|
||||
/* skip KDE header and keyid */
|
||||
opos += 2 + RSN_SELECTOR_LEN + 2;
|
||||
os_memset(opos, 0, 6); /* clear PN */
|
||||
}
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
|
|
@ -4779,8 +4780,10 @@ int wpa_auth_resend_group_m1(struct wpa_state_machine *sm,
|
|||
#ifdef CONFIG_IEEE80211W
|
||||
opos = pos;
|
||||
pos = ieee80211w_kde_add(sm, pos);
|
||||
if (pos - opos >= WPA_IGTK_KDE_PREFIX_LEN) {
|
||||
opos += 2; /* skip keyid */
|
||||
if (pos - opos >=
|
||||
2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN) {
|
||||
/* skip KDE header and keyid */
|
||||
opos += 2 + RSN_SELECTOR_LEN + 2;
|
||||
os_memset(opos, 0, 6); /* clear PN */
|
||||
}
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
|
|
|
|||
Loading…
Reference in a new issue