[PATCH] fils: set sm->pairwise_set after setting TK to driver
James Prestwood
prestwoj at gmail.com
Fri Jun 24 14:20:15 PDT 2022
You can ignore this. I was on an older commit which someone apparently
fixed already.
On Fri, 2022-06-24 at 14:05 -0700, James Prestwood wrote:
> After FILS completed there was no path to setting sm->pairwise_set
> since the 4-way handshake is not done for FILS. This posed a problem
> on rekeys because the EAPoL frames would be sent without transport
> encryption. Since there is in fact a PMK set in the driver all frames
> should be sent with transport encryption even for a rekey.
>
> This patch sets sm->pairwise_set true after the TK is set into the
> driver after FILS completes which allows a future rekey to use
> encryption.
> ---
> src/ap/wpa_auth.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
> index 6d60f2629..6942764de 100644
> --- a/src/ap/wpa_auth.c
> +++ b/src/ap/wpa_auth.c
> @@ -2869,6 +2869,7 @@ int fils_set_tk(struct wpa_state_machine *sm)
> return -1;
> }
> sm->tk_already_set = true;
> + sm->pairwise_set = true;
>
> wpa_auth_store_ptksa(sm->wpa_auth, sm->addr, sm->pairwise,
> dot11RSNAConfigPMKLifetime, &sm->PTK);
More information about the Hostap
mailing list