Re: [PATCH 5/9] mwifiex: cfg80211 set_default_mgmt_key handler

[Jouni Malinen <j@w1.fi>]

On Fri, Jul 22, 2016 at 03:59:47PM +0000, Amitkumar Karwar wrote:
> I am trying to understand the problem you mentioned during IGTK rekeying. Today I ran tests with two stations connecting an AP. MFP is enabled on all of them.
> 
> On hostapd side, my observation is add_key() is always called followed by set_default_mgmt_key(). set_default_mgmt_key() sets the key added by add_key() as default key.
> 
> We are ignoring set_default_mgmt_key() and updating Tx key index during add_key() itself.
> 
> Your concerns is we should not update Tx key index during add_key(). Reason is IGTK rekeying is not yet completed with all stations. Right?

Correct. set_default_mgmt_key() does not have much effect for the very
first IGTK configuration, but whenever doing IGTK rekeying, hostapd
behaves just like it does with GTK rekeying. In other words, a different
Key ID is selected (alternating between 4 and 5), a random new IGTK is
generated, the new IGTK is configured to the local driver (but the old
IGTK is still supposed to be used for TX), each associated STA is
notified of the new IGTK, the new IGTK is taken into use once the group
key handshake has completed with each associated STA. It is that last
operation that needs set_default_mgmt_key() to allow this rekeying to
work correctly. If you update the TX Key ID on add_key(), you'll risk
sending out frames that some of the associated STAs do not yet have a
key to validate.

-- 
Jouni Malinen                                            PGP id EFC895FA