break;
case WPA_REAUTH:
case WPA_REAUTH_EAPOL:
+ if (sm->GUpdateStationKeys) {
+ /*
+ * Reauthentication cancels the pending group key
+ * update for this STA.
+ */
+ sm->group->GKeyDoneStations--;
+ sm->GUpdateStationKeys = FALSE;
+ sm->PtkGroupInit = TRUE;
+ }
sm->ReAuthenticationRequest = TRUE;
break;
case WPA_ASSOC_FT:
SM_STEP(WPA_PTK_GROUP)
{
- if (sm->Init)
+ if (sm->Init || sm->PtkGroupInit) {
SM_ENTER(WPA_PTK_GROUP, IDLE);
- else switch (sm->wpa_ptk_group_state) {
+ sm->PtkGroupInit = FALSE;
+ } else switch (sm->wpa_ptk_group_state) {
case WPA_PTK_GROUP_IDLE:
if (sm->GUpdateStationKeys ||
(sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys))
"Not in PTKINITDONE; skip Group Key update");
return 0;
}
- sm->group->GKeyDoneStations++;
- sm->GUpdateStationKeys = TRUE;
+ if (sm->GUpdateStationKeys) {
+ /*
+ * This should not really happen, but just in case, make sure
+ * we do not count the same STA twice in GKeyDoneStations.
+ */
+ wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
+ "GUpdateStationKeys already set - do not "
+ "increment GKeyDoneStations");
+ } else {
+ sm->group->GKeyDoneStations++;
+ sm->GUpdateStationKeys = TRUE;
+ }
wpa_sm_step(sm);
return 0;
}
Boolean PInitAKeys; /* WPA only, not in IEEE 802.11i */
Boolean PTKRequest; /* not in IEEE 802.11i state machine */
Boolean has_GTK;
+ Boolean PtkGroupInit; /* init request for PTK Group state machine */
u8 *last_rx_eapol_key; /* starting from IEEE 802.1X header */
size_t last_rx_eapol_key_len;