Use Secure=1 in PTK rekeying EAPOL-Key msg 1/4 and 2/4

IEEE Std 802.11-2020 is ambiguous on how the Secure bit is set in
EAPOL-Key msg 1/4 and 2/4 in the case where 4-way handshake is use to
rekey the PTK. 12.7.2 describes this with "set to 1 once the initial key
exchange is complete" while 12.7.6 shows EAPOL-Key msg 1/4 and 2/4 using
Secure=0 without any consideration on whether the handshake is for
rekeying.

TGme seems to be moving towards clarifying this to use Secure=1 based on
there being a shared PTKSA between the Authenticator and the Supplicant.
In other words, this would use Secure=1 in EAPOL-Key msg 1/4 and 2/4 in
the case of rekeying. Change implementation to match that. This bit was
already practically ignored on the reception side, so this should not
have impact on actual functionality beyond this one bit changing its
value in the frame.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 0ad5de9d812353c3a0b841a6d858ddb343130877..705517b168cd9228d4336500487d40c6aeaa97bf 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -2192,6 +2192,7 @@ SM_STATE(WPA_PTK, PTKSTART)
 {
        u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL;
        size_t pmkid_len = 0;
+       u16 key_info;
 
        SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk);
        sm->PTKRequest = false;
@@ -2295,8 +2296,10 @@ SM_STATE(WPA_PTK, PTKSTART)
        }
        if (!pmkid)
                pmkid_len = 0;
-       wpa_send_eapol(sm->wpa_auth, sm,
-                      WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
+       key_info = WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE;
+       if (sm->pairwise_set && sm->wpa != WPA_VERSION_WPA)
+               key_info |= WPA_KEY_INFO_SECURE;
+       wpa_send_eapol(sm->wpa_auth, sm, key_info, NULL,
                       sm->ANonce, pmkid, pmkid_len, 0, 0);
 }
 

diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
index 5585fb18835769484651d731716fe89eaf5fe05a..577717611cb42d823fb8356be8c0743ba0327116 100644 (file)
--- a/src/rsn_supp/wpa.c
+++ b/src/rsn_supp/wpa.c
@@ -552,6 +552,8 @@ int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
                       sm->proto == WPA_PROTO_OSEN) ?
                EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
        key_info = ver | WPA_KEY_INFO_KEY_TYPE;
+       if (sm->ptk_set && sm->proto != WPA_PROTO_WPA)
+               key_info |= WPA_KEY_INFO_SECURE;
        if (mic_len)
                key_info |= WPA_KEY_INFO_MIC;
        else