From dfdabd917ad9950b643bf90b6e95f5c3856662e6 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Tue, 16 Apr 2019 11:51:43 +0300 Subject: [PATCH] RSN: Report completion only after IGTK configuration Previously wpa_supplicant_key_neg_complete() was called before the attempt to configure the IGTK received from the authenticator. This could resulted in somewhat surprising sequence of events if IGTK configuration failed since completion event would be followed by immediate disconnection event. Reorder these operations so that completion is reported only if GTK and IGTK are configurated successfully. Furthermore, check for missing GTK KDE in case of RSN and handle that with an explicit disconnection instead of waiting for the AP to deliver the GTK later. Signed-off-by: Jouni Malinen --- src/rsn_supp/wpa.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 6e43aaedf..eabe88bc0 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -1021,8 +1021,6 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm, } os_memset(&gd, 0, sizeof(gd)); - wpa_supplicant_key_neg_complete(sm, sm->bssid, - key_info & WPA_KEY_INFO_SECURE); return 0; } @@ -1503,8 +1501,11 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE); if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED) { - wpa_supplicant_key_neg_complete(sm, sm->bssid, - key_info & WPA_KEY_INFO_SECURE); + /* No GTK to be set to the driver */ + } else if (!ie.gtk && sm->proto == WPA_PROTO_RSN) { + wpa_msg(sm->ctx->msg_ctx, MSG_INFO, + "RSN: No GTK KDE included in EAPOL-Key msg 3/4"); + goto failed; } else if (ie.gtk && wpa_supplicant_pairwise_gtk(sm, key, ie.gtk, ie.gtk_len, key_info) < 0) { @@ -1519,6 +1520,10 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm, goto failed; } + if (sm->group_cipher == WPA_CIPHER_GTK_NOT_USED || ie.gtk) + wpa_supplicant_key_neg_complete(sm, sm->bssid, + key_info & WPA_KEY_INFO_SECURE); + if (ie.gtk) wpa_sm_set_rekey_offload(sm);