git.ipfire.org Git - thirdparty/hostap.git/commit

author	Jouni Malinen <quic_jouni@quicinc.com>
	Mon, 16 May 2022 14:34:12 +0000 (17:34 +0300)
committer	Jouni Malinen <j@w1.fi>
	Mon, 16 May 2022 14:47:17 +0000 (17:47 +0300)
commit	bc369917911e6420e3279c512e6ec3336f672f8b
tree	64f9c8258e282ea0712e90ee511077bfd2796e5c	tree
parent	d2ce1b4d6ccd5026cec5c00d5f202a984874b9da	commit \| diff

Use Secure=1 in PTK rekeying EAPOL-Key msg 1/4 and 2/4

IEEE Std 802.11-2020 is ambiguous on how the Secure bit is set in
EAPOL-Key msg 1/4 and 2/4 in the case where 4-way handshake is use to
rekey the PTK. 12.7.2 describes this with "set to 1 once the initial key
exchange is complete" while 12.7.6 shows EAPOL-Key msg 1/4 and 2/4 using
Secure=0 without any consideration on whether the handshake is for
rekeying.

TGme seems to be moving towards clarifying this to use Secure=1 based on
there being a shared PTKSA between the Authenticator and the Supplicant.
In other words, this would use Secure=1 in EAPOL-Key msg 1/4 and 2/4 in
the case of rekeying. Change implementation to match that. This bit was
already practically ignored on the reception side, so this should not
have impact on actual functionality beyond this one bit changing its
value in the frame.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

src/ap/wpa_auth.c		diff \| blob \| blame \| history
src/rsn_supp/wpa.c		diff \| blob \| blame \| history