| Message ID | 20230112193212.568476-2-prestwoj@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [v2,1/4] eapol: implement rekey support for authenticator | expand |
| Context | Check | Description |
|---|---|---|
| tedd_an/pre-ci_am | success | Success |
| prestwoj/iwd-ci-gitlint | success | GitLint |
Hi James, On 1/12/23 13:32, James Prestwood wrote: > If the authenticator has already set an snonce then the packet must > be a retransmit. Handle this by sending 3/4 again but making sure > to not reset the frame counter. > --- > src/eapol.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > Applied, thanks. Regards, -Denis
diff --git a/src/eapol.c b/src/eapol.c index 2048a87d..c1ef8f90 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -1645,12 +1645,18 @@ static void eapol_handle_ptk_2_of_4(struct eapol_sm *sm, sm->handshake->support_ip_allocation = ip_req_kde != NULL; } + /* + * If the snonce is already set don't reset the retry counter as this + * is a rekey. To be safe take the most recent snonce (in this frame) + * in case the station created a new one. + */ + if (!sm->handshake->have_snonce) + sm->frame_retry = 0; + memcpy(sm->handshake->snonce, ek->key_nonce, sizeof(sm->handshake->snonce)); sm->handshake->have_snonce = true; - sm->frame_retry = 0; - eapol_ptk_3_of_4_retry(NULL, sm); }