AP: Provide correct keyid to wpa_send_eapol() for EAPOL-Key msg 3/4

PTKINITNEGOTIATING in the WPA state machine calls wpa_send_eapol() and
hands over the GTK instead of the PTK keyid.

Besides a confusing debug message this does not have any negative side
effects: The variable is only set to a wrong value when using WPA2 but
then it's not used.

With this patch PTKINITNEGOTIATING sets the PTK keyid unconditionally to
zero for EAPOL-Key msg 3/4 and differentiates more obviously between GTK
and PTK keyids.

Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 03c4ce8e7298a7fa2b8377d56e833a4a2a6cecd6..1c82ccf6208a8aa16beec9980edaf01f70b58b7c 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -3126,7 +3126,7 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
        size_t gtk_len, kde_len;
        struct wpa_group *gsm = sm->group;
        u8 *wpa_ie;
-       int wpa_ie_len, secure, keyidx, encr = 0;
+       int wpa_ie_len, secure, gtkidx, encr = 0;
 
        SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk);
        sm->TimeoutEvt = FALSE;
@@ -3177,7 +3177,7 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
                                return;
                        gtk = dummy_gtk;
                }
-               keyidx = gsm->GN;
+               gtkidx = gsm->GN;
                _rsc = rsc;
                encr = 1;
        } else {
@@ -3185,7 +3185,6 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
                secure = 0;
                gtk = NULL;
                gtk_len = 0;
-               keyidx = 0;
                _rsc = NULL;
                if (sm->rx_eapol_key_secure) {
                        /*
@@ -3242,7 +3241,7 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
 #endif /* CONFIG_IEEE80211R_AP */
        if (gtk) {
                u8 hdr[2];
-               hdr[0] = keyidx & 0x03;
+               hdr[0] = gtkidx & 0x03;
                hdr[1] = 0;
                pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
                                  gtk, gtk_len);
@@ -3314,7 +3313,7 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
                        WPA_KEY_INFO_MIC : 0) |
                       WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
                       WPA_KEY_INFO_KEY_TYPE,
-                      _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
+                      _rsc, sm->ANonce, kde, pos - kde, 0, encr);
        os_free(kde);
 }
 
@@ -4953,7 +4952,7 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
        size_t gtk_len, kde_len;
        struct wpa_group *gsm = sm->group;
        u8 *wpa_ie;
-       int wpa_ie_len, secure, keyidx, encr = 0;
+       int wpa_ie_len, secure, gtkidx, encr = 0;
 
        /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, [MDIE],
           GTK[GN], IGTK, [FTIE], [TIE * 2])
@@ -4980,7 +4979,7 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
                secure = 1;
                gtk = gsm->GTK[gsm->GN - 1];
                gtk_len = gsm->GTK_len;
-               keyidx = gsm->GN;
+               gtkidx = gsm->GN;
                _rsc = rsc;
                encr = 1;
        } else {
@@ -4988,7 +4987,6 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
                secure = 0;
                gtk = NULL;
                gtk_len = 0;
-               keyidx = 0;
                _rsc = NULL;
                if (sm->rx_eapol_key_secure) {
                        /*
@@ -5041,7 +5039,7 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
 #endif /* CONFIG_IEEE80211R_AP */
        if (gtk) {
                u8 hdr[2];
-               hdr[0] = keyidx & 0x03;
+               hdr[0] = gtkidx & 0x03;
                hdr[1] = 0;
                pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2,
                                  gtk, gtk_len);
@@ -5109,7 +5107,7 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
                        WPA_KEY_INFO_MIC : 0) |
                       WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL |
                       WPA_KEY_INFO_KEY_TYPE,
-                      _rsc, sm->ANonce, kde, pos - kde, keyidx, encr);
+                      _rsc, sm->ANonce, kde, pos - kde, 0, encr);
        os_free(kde);
        return 0;
 }