Fix EAPOL-Key Install bit in Group Key 1/2 with FT and FILS auth

sm->Pair needs to be initialized to TRUE since unicast cipher is
supported and this is an ESS. However, the normal place for setting this
(WPA_PTK::INITIALIZE) is skipped with using FT protocol or FILS
authentication, so need to do that separately when forcing PTKINITDONE.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 66b2d506db639e5a3c7a0dafde8ac1fec4b6948b..0e29e9f53fcd3f8bae77b91019c0dbf882c6f4d0 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -615,6 +615,7 @@ int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
                                "start 4-way handshake");
                /* Go to PTKINITDONE state to allow GTK rekeying */
                sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
+               sm->Pair = TRUE;
                return 0;
        }
 #endif /* CONFIG_IEEE80211R_AP */
@@ -625,6 +626,7 @@ int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
                                "FILS authentication already completed - do not start 4-way handshake");
                /* Go to PTKINITDONE state to allow GTK rekeying */
                sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
+               sm->Pair = TRUE;
                return 0;
        }
 #endif /* CONFIG_FILS */