no more gtk rekeying after reauth (hostapd-wpa_supplicant)

thomas schorpp t.schorpp at gmx.de
Sat Nov 5 01:48:41 EST 2005


thomas schorpp wrote:
> thomas schorpp wrote:
> 
>>Jouni Malinen wrote:
>>
>>
>>>On Wed, Aug 31, 2005 at 11:54:17PM +0200, thomas schorpp wrote:
>>>
>>>
>>>
>>>
>>>>strange: if a linux wpasuppl. rsn client joins the net no more group key
>>>>handshakes with this xp client with latest hostapd...?
>>>>-> maybe security issue / policy violation
>>>
>>hi,
>>
>>got a brand new d-link dwl-g650 c2 and
>>
>>see it again, this time in latest(? ive seen no checkins for a week so
>>far) hostapd+wpasupplicant cvs on 2.6.14 with madwifi cvs (which still
>>has the acpi suspend/resume issue in ath-*.ko and wlan-ccmp.ko,
>>requiring module removal in acpi script before sleep and ifupdown
>>explicitly) :
>>
>>Nov  4 00:34:19 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 WPA: group key
>>handshake completed (RSN)
>>Nov  4 00:34:55 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 IEEE 802.1X:
>>authenticated
>>Nov  4 00:34:58 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 IEEE 802.11:
>>deauthenticated due to local deauth request
>>
>>? its not gmk-rekey, occours 1 per h.
>>
>>Nov  4 00:34:58 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 IEEE 802.11:
>>deassociated
>>Nov  4 00:34:59 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 IEEE 802.11:
>>associated
>>Nov  4 00:35:00 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 WPA: pairwise
>>key handshake completed (RSN)
>>Nov  4 00:35:00 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 IEEE 802.1X:
>>authenticated
>>
>>-no more gtk rekeying until wpasupplicant restart.
>>
>>Nov  4 01:13:46 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 IEEE 802.11:
>>deassociated
>>Nov  4 01:13:54 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 IEEE 802.11:
>>associated
>>Nov  4 01:13:54 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 WPA: pairwise
>>key handshake completed (RSN)
>>Nov  4 01:13:54 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 IEEE 802.1X:
>>authenticated
>>Nov  4 01:18:47 tom3 hostapd: ath0: STA 00:0f:3d:af:91:99 WPA: group key
>>handshake completed (RSN)
>>...
>>
>>
>>
>>>Can you provide a debug log from hostapd showing this kind of behavior
>>>(with some additional comments on where you would have expected to see
>>>group key handshake)?
>>>
>>
>>
>>ok. i do it next, this is a security issue. windows+mac rsn clients not
>> involved and rekeying normal with hostapd.
>>
> 
> 
> hm. with both started in debug mode, this issue does NOT occur.
> 
> debug log says local deauth request with wireless-event 5.
> 
> maybe a debug "if{}else" is buggy in the code or the last old code cvs madwifi driver. 
> 

ah. its a eap reauth failure: (debug logs later)


tom2:~# ifup ath0
Trying to associate with 00:0f:b5:63:e0:f2 (SSID='madwifi' freq=2422 MHz)
Associated with 00:0f:b5:63:e0:f2
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-METHOD EAP method 13 (TLS) selected
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
WPA: Key negotiation completed with 00:0f:b5:63:e0:f2 [PTK=CCMP GTK=CCMP]
CTRL-EVENT-CONNECTED - Connection to 00:0f:b5:63:e0:f2 completed (auth)
dhcpcd.exe: wrong interface name "ath0"

WPA: Group rekeying completed with 00:0f:b5:63:e0:f2 [GTK=CCMP]
...
WPA: Group rekeying completed with 00:0f:b5:63:e0:f2 [GTK=CCMP]
WPA: Group rekeying completed with 00:0f:b5:63:e0:f2 [GTK=CCMP]
...
~1h
...
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-METHOD EAP method 13 (TLS) selected
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
WPA: Key negotiation completed with 00:0f:b5:63:e0:f2 [PTK=CCMP GTK=CCMP]
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
Trying to associate with 00:0f:b5:63:e0:f2 (SSID='madwifi' freq=2422 MHz)
Associated with 00:0f:b5:63:e0:f2
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully (based on lower layer success)
WPA: Key negotiation completed with 00:0f:b5:63:e0:f2 [PTK=CCMP GTK=CCMP]
CTRL-EVENT-CONNECTED - Connection to 00:0f:b5:63:e0:f2 completed (reauth) <------------------
CTRL-EVENT-EAP-FAILURE EAP authentication failed
...
no more group rekeying. manual restart needed

but inet further online in spite of reauth failure(!)

i try disabling fast_reauth...






More information about the HostAP mailing list