hostapd: 4-way handshake and replay counter handling?

Helmut Schaa helmut.schaa at googlemail.com
Fri Oct 7 08:50:10 EDT 2011


Hi,

I can sometimes reproduce a 4-way handshake failure with an
Apple iPhone STA and hostapd as authenticator. Under special
circumstances the iPhone just ignores message 3/4 and thus the
4-way handshake times out.

The message exchange looks like this (I can also provide the pcap
if anyone is interested, just need to trim it first):

AP <----> STA

---> 1/4 replay counter 1 nonce A
<--- ACK

<--- 2/4 replay counter 1 nonce B
<--- 2/4 replay counter 1 nonce B (retry)
<--- 2/4 replay counter 1 nonce B (retry)
<--- 2/4 replay counter 1 nonce B (retry)
<--- 2/4 replay counter 1 nonce B (retry)

---> 1/4 replay counter 2 nonce A
<--- ACK

<--- 2/4 replay counter 1 nonce B (retry)
---> ACK

<--- 2/4 replay counter 2 nonce C
<--- 2/4 replay counter 2 nonce C (retry)
<--- 2/4 replay counter 2 nonce C (retry)
<--- 2/4 replay counter 2 nonce C (retry)
---> ACK

---> 3/4 replay counter 3 nonce A
<--- ACK

---> 3/4 replay counter 4 nonce A
<--- ACK

---> 3/4 replay counter 5 nonce A
<--- ACK

---> 3/4 replay counter 6 nonce A
<--- ACK

Here's the according hostapd log:

2011:10:07-13:42:14 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 IEEE 802.11: authentication OK (open system)
2011:10:07-13:42:14 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 MLME:
MLME-AUTHENTICATE.indication(11:11:11:11:11:11, OPEN_SYSTEM)
2011:10:07-13:42:14 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 MLME: MLME-DELETEKEYS.request(11:11:11:11:11:11)
2011:10:07-13:42:14 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 IEEE 802.11: authenticated
2011:10:07-13:42:14 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 IEEE 802.11: association OK (aid 1)
2011:10:07-13:42:14 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 IEEE 802.11: associated (aid 1)
2011:10:07-13:42:14 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 MLME: MLME-ASSOCIATE.indication(11:11:11:11:11:11)
2011:10:07-13:42:14 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 MLME: MLME-DELETEKEYS.request(11:11:11:11:11:11)
2011:10:07-13:42:14 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 WPA: event 1 notification
2011:10:07-13:42:14 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 WPA: start authentication
2011:10:07-13:42:14 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 IEEE 802.1X: unauthorizing port
2011:10:07-13:42:14 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 WPA: sending 1/4 msg of 4-Way Handshake
2011:10:07-13:42:14 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 WPA: EAPOL-Key timeout
2011:10:07-13:42:14 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 WPA: sending 1/4 msg of 4-Way Handshake
2011:10:07-13:42:14 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 WPA: received EAPOL-Key frame (2/4 Pairwise)
2011:10:07-13:42:14 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 WPA: sending 3/4 msg of 4-Way Handshake
2011:10:07-13:42:14 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 WPA: received EAPOL-Key 2/4 Pairwise with unexpected
replay counter
2011:10:07-13:42:15 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 WPA: EAPOL-Key timeout
2011:10:07-13:42:15 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 WPA: sending 3/4 msg of 4-Way Handshake
2011:10:07-13:42:16 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 WPA: EAPOL-Key timeout
2011:10:07-13:42:16 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 WPA: sending 3/4 msg of 4-Way Handshake
2011:10:07-13:42:17 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 WPA: EAPOL-Key timeout
2011:10:07-13:42:17 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 WPA: sending 3/4 msg of 4-Way Handshake
2011:10:07-13:42:18 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 WPA: EAPOL-Key timeout
2011:10:07-13:42:18 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 IEEE 802.1X: unauthorizing port
2011:10:07-13:42:18 192.168.1.101 hostapd: wlan0: STA
11:11:11:11:11:11 IEEE 802.11: deauthenticated due to local deauth
request

So, the iPhone acks the 3/4-messages just fine but ignores them
for whatever reason. The order is a bit strange due to the unusual
retry of the msg 2/4 which was triggered by loads of traffic on the
channel.

So, in short, hostapd used the first msg 2/4 it received from the iPhone
while the iPhone expected us to use the second msg 2/4 which was the
reply to our second msg 1/4. Since the iPhone used a different nonce
for the second msg 2/4 that might explain why it is rejecting the msg 3/4.



More information about the HostAP mailing list