From: Mathy Vanhoef Date: Sun, 1 Apr 2018 17:16:47 +0000 (+0200) Subject: tests: Fix clearing of IGTK PN in handshake retransmit test functions X-Git-Tag: hostap_2_7~480 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9f917339ccda37047ce79916c92fdfae6c340f52;p=thirdparty%2Fhostap.git tests: Fix clearing of IGTK PN in handshake retransmit test functions When locating the position of the IGTK PN in the key data, we also need to skip the KDE header, in addition to the keyid field. This fixes hostapd RESEND_M3 and RESEND_GROUP_M1 behavior when PMF is negotiated for the association. Previously, the IGTK KDE ended up getting practically hidden since zeroing of the PN ended up clearing the KDE OUI and Type fields. Signed-off-by: Mathy Vanhoef --- diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index 8dde1d0aa..e0eae4a71 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -4683,8 +4683,9 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm, #ifdef CONFIG_IEEE80211W opos = pos; pos = ieee80211w_kde_add(sm, pos); - if (pos - opos >= WPA_IGTK_KDE_PREFIX_LEN) { - opos += 2; /* skip keyid */ + if (pos - opos >= 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN) { + /* skip KDE header and keyid */ + opos += 2 + RSN_SELECTOR_LEN + 2; os_memset(opos, 0, 6); /* clear PN */ } #endif /* CONFIG_IEEE80211W */ @@ -4779,8 +4780,10 @@ int wpa_auth_resend_group_m1(struct wpa_state_machine *sm, #ifdef CONFIG_IEEE80211W opos = pos; pos = ieee80211w_kde_add(sm, pos); - if (pos - opos >= WPA_IGTK_KDE_PREFIX_LEN) { - opos += 2; /* skip keyid */ + if (pos - opos >= + 2 + RSN_SELECTOR_LEN + WPA_IGTK_KDE_PREFIX_LEN) { + /* skip KDE header and keyid */ + opos += 2 + RSN_SELECTOR_LEN + 2; os_memset(opos, 0, 6); /* clear PN */ } #endif /* CONFIG_IEEE80211W */