FT: Re-set PTK on reassociation

It turns out that this is needed for both FT-over-DS and FT-over-air
when using mac80211, so it looks easiest to just unconditionally
re-configure the keys after reassociation when FT is used.

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 2299c0e..796f584 100644 (file)
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1208,11 +1208,10 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event)
                break;
        case WPA_ASSOC_FT:
 #ifdef CONFIG_IEEE80211R
-               if (!sm->pairwise_set || sm->ft_over_ds) {
-                       wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
-                                  "after association");
-                       wpa_ft_install_ptk(sm);
-               }
+               wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration "
+                          "after association");
+               wpa_ft_install_ptk(sm);
+
                /* Using FT protocol, not WPA auth state machine */
                sm->ft_completed = 1;
                return 0;

diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 11bb88a..2bf646b 100644 (file)
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -1227,7 +1227,6 @@ static int wpa_ft_rrb_rx_request(struct wpa_authenticator *wpa_auth,
                           "RRB Request");
                return -1;
        }
-       sm->ft_over_ds = 1;
 
        wpa_hexdump(MSG_MSGDUMP, "FT: RRB Request Frame body", body, len);
 

diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
index 3901c7d..86df3a4 100644 (file)
--- a/src/ap/wpa_auth_i.h
+++ b/src/ap/wpa_auth_i.h
@@ -116,7 +116,6 @@ struct wpa_state_machine {
                                           * Request */
        u8 r0kh_id[FT_R0KH_ID_MAX_LEN]; /* R0KH-ID from FT Auth Request */
        size_t r0kh_id_len;
-       int ft_over_ds;
 #endif /* CONFIG_IEEE80211R */
 };