From bf9cbb462fd9ecc028052dd7a7d572cea26e4447 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Thu, 10 Aug 2023 21:17:40 +0300 Subject: [PATCH] Fix writing of BIGTK in FT protocol A copy-paste issue in wpa_ft_bigtk_subelem() ended up encoding the IGTK value instead of the BIGTK when providing the current BIGTK to the STA during FT protocol. Fix this to use the correct key to avoid issues when beacon protection is used with FT. Fixes: 16889aff408e ("Add BIGTK KDE and subelement similarly to IGTK") Signed-off-by: Jouni Malinen --- src/ap/wpa_auth_ft.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c index 8b91b822c..8cd0cd231 100644 --- a/src/ap/wpa_auth_ft.c +++ b/src/ap/wpa_auth_ft.c @@ -2398,7 +2398,7 @@ static u8 * wpa_ft_bigtk_subelem(struct wpa_state_machine *sm, size_t *len) wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN_bigtk, pos); pos += 6; *pos++ = bigtk_len; - bigtk = gsm->IGTK[gsm->GN_bigtk - 6]; + bigtk = gsm->BIGTK[gsm->GN_bigtk - 6]; if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OSEN) { /* * Provide unique random BIGTK to each OSEN STA to prevent use -- 2.47.2