[PATCH] rsn_supp: Don't encrypt EAPOL-Key 4/4.

Nicolas Cavallari Nicolas.Cavallari at lri.fr
Sun Feb 12 13:35:40 EST 2012


On 12/02/2012 19:25, Jouni Malinen wrote:
> On Sun, Feb 12, 2012 at 06:20:09PM +0100, Nicolas Cavallari wrote:
>> It clears a key just before sending 4/4, and the new PTK will be set
>> just after sending 4/4.
>> So clearing the key or not will make no difference, apart from
>> respecting the standard when we do (and when it works), because the
>> standard actually use setprotection(rx) instead. It will likely not
>> change the various races that exists when sending frames while changing
>> keys that Andreas is likely experiencing.
> It would not make difference for the initial 4-way handshake at the
> beginning of the association, but it breaks PTK rekeying, i.e., another
> 4-way handshake during the association. In that exchange, all EAPOL
> frames need to be encrypted with the old key.
Where is that specified ? My interpretation of the standard is that
setprotection(rx) is called before sending 4/4, so Tx encryption
should be disabled for 4/4 ...

If you don't want to not encrypt 4/4, there is no need to implement
setprotection(rx)...


More information about the HostAP mailing list