From 5fb3ac59378b5f796629678cc462c66acdfd36b5 Mon Sep 17 00:00:00 2001
From: John Brandt <brandtwjohn@gmail.com>
Date: Sun, 5 May 2024 17:30:39 -0700
Subject: [PATCH] eapol: include IGTK in 4-way handshake as AP

When SAE with MFP is being used, include the IGTK in message 3 of the
4-way handshake.
---
 src/eapol.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/src/eapol.c b/src/eapol.c
index cb7ca8c0..845ef866 100644
--- a/src/eapol.c
+++ b/src/eapol.c
@@ -1456,6 +1456,19 @@ static void eapol_send_ptk_3_of_4(struct eapol_sm *sm)
 		key_data_len += gtk_kde[1] + 2;
 	}
 
+	if (sm->handshake->mfp) {
+		enum crypto_cipher group_management_cipher =
+			ie_rsn_cipher_suite_to_cipher(
+				sm->handshake->group_management_cipher);
+		uint8_t *igtk_kde = key_data_buf + key_data_len;
+
+		handshake_util_build_igtk_kde(group_management_cipher,
+						sm->handshake->igtk,
+						sm->handshake->igtk_index,
+						igtk_kde);
+		key_data_len += igtk_kde[1] + 2;
+	}
+
 	if (sm->handshake->support_ip_allocation &&
 			!sm->handshake->client_ip_addr) {
 		handshake_event(sm->handshake, HANDSHAKE_EVENT_P2P_IP_REQUEST);