[patch] wpa: ignore Michael MIC failure reports in CCMP-only mode

Andriy Tkachuk andriy.v.tkachuk at globallogic.com
Thu Oct 6 05:09:59 EDT 2011

Hi Jouni,

I just check configuration - if we configured to CCMP-only mode (in
this case group cipher can not be TKIP). Of course, there is alway
place for improvements, especially in this case.

Thank you,

On 5 October 2011 21:42, Jouni Malinen <j at w1.fi> wrote:
> On Tue, Oct 04, 2011 at 05:50:04PM +0300, Andriy Tkachuk wrote:
>> some dummy STAs (like Axis camera) may send such reports when AP is
>> working on CCMP-only mode. I propose to just ignore such reports:
> I agree with skipping TKIP counter measures if the error report is for a
> key that is for something else than TKIP. However, the patch does not
> seem to be doing this correctly.
>> diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
>> @@ -1019,9 +1019,15 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
>>                       wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
>>                                       "received EAPOL-Key Error Request "
>>                                       "(STA detected Michael MIC failure)");
>> -                     wpa_auth_mic_failure_report(wpa_auth, sm->addr);
>> -                     sm->dot11RSNAStatsTKIPRemoteMICFailures++;
>> -                     wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
>> +                     if (wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
> The report can be either for pairwise or group cipher. As such, checking
> wpa_group != WPA_CIPHER_TKIP here does not look correct. This needs to
> be conditional on whether the WPA_KEY_INFO_KEY_TYPE field is set in key
> info (if it is, error is for the pairwise cipher and sm->pairwise would
> need to be used instead of wpa_group).
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap

More information about the HostAP mailing list