FT: Fix TKIP group key configuration in FT protocol

The Michael MIC TX and RX keys needs to be swapped in the FT case just
like in all other TKIP key configuration cases. This fixes issues where
TKIP as group cipher resulted in Michael MIC failures being detected for
each received group-addressed frame after FT protocol use.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
index 6b7fa91be3a323e29743ed21b18c47bf4872f26e..3a40c96f2536f021e71afcf08c9a582edb73a1f7 100644 (file)
--- a/src/rsn_supp/wpa_ft.c
+++ b/src/rsn_supp/wpa_ft.c
@@ -596,6 +596,13 @@ static int wpa_ft_process_gtk_subelem(struct wpa_sm *sm, const u8 *gtk_elem,
        }
 
        wpa_hexdump_key(MSG_DEBUG, "FT: GTK from Reassoc Resp", gtk, keylen);
+       if (sm->group_cipher == WPA_CIPHER_TKIP) {
+               /* Swap Tx/Rx keys for Michael MIC */
+               u8 tmp[8];
+               os_memcpy(tmp, gtk + 16, 8);
+               os_memcpy(gtk + 16, gtk + 24, 8);
+               os_memcpy(gtk + 24, tmp, 8);
+       }
        if (wpa_sm_set_key(sm, alg, broadcast_ether_addr, keyidx, 0,
                           gtk_elem + 3, rsc_len, gtk, keylen) < 0) {
                wpa_printf(MSG_WARNING, "WPA: Failed to set GTK to the "