WNM: Do not expose GTK/IGTK in WNM Sleep Mode Response frame in OSEN

Do not include the actual GTK/IGTK value in WNM Sleep Mode Response
frame if WNM Sleep Mode is used in OSEN or in a network where use of GTK
is disabled. This was already the case for the EAPOL-Key cases of
providing GTK/IGTK, but the WNM Sleep Mode exit case was missed.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 203aecea7c0fb84868ee6f98edede582318d1141..6b8fa52fc0f6388eb2eda2e40b9dc21bc7a8a44f 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -4078,6 +4078,7 @@ void wpa_set_wnmsleep(struct wpa_state_machine *sm, int flag)
 
 int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
 {
+       struct wpa_auth_config *conf = &sm->wpa_auth->conf;
        struct wpa_group *gsm = sm->group;
        u8 *start = pos;
 
@@ -4096,6 +4097,14 @@ int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
                return 0;
        pos += 8;
        os_memcpy(pos, gsm->GTK[gsm->GN - 1], gsm->GTK_len);
+       if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
+               /*
+                * Provide unique random GTK to each STA to prevent use
+                * of GTK in the BSS.
+                */
+               if (random_get_bytes(pos, gsm->GTK_len) < 0)
+                       return 0;
+       }
        pos += gsm->GTK_len;
 
        wpa_printf(MSG_DEBUG, "WNM: GTK Key ID %u in WNM-Sleep Mode exit",
@@ -4109,6 +4118,7 @@ int wpa_wnmsleep_gtk_subelem(struct wpa_state_machine *sm, u8 *pos)
 
 int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
 {
+       struct wpa_auth_config *conf = &sm->wpa_auth->conf;
        struct wpa_group *gsm = sm->group;
        u8 *start = pos;
        size_t len = wpa_cipher_key_len(sm->wpa_auth->conf.group_mgmt_cipher);
@@ -4126,6 +4136,14 @@ int wpa_wnmsleep_igtk_subelem(struct wpa_state_machine *sm, u8 *pos)
        pos += 6;
 
        os_memcpy(pos, gsm->IGTK[gsm->GN_igtk - 4], len);
+       if (conf->disable_gtk || sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) {
+               /*
+                * Provide unique random IGTK to each STA to prevent use
+                * of IGTK in the BSS.
+                */
+               if (random_get_bytes(pos, len) < 0)
+                       return 0;
+       }
        pos += len;
 
        wpa_printf(MSG_DEBUG, "WNM: IGTK Key ID %u in WNM-Sleep Mode exit",