[PATCH] rsn_supp: Don't encrypt EAPOL-Key 4/4.

Jouni Malinen j at w1.fi
Mon Feb 13 07:51:34 EST 2012


On Mon, Feb 13, 2012 at 11:39:26AM +0100, Nicolas Cavallari wrote:
> > What were those other data frames? If this is during the initial 4-way
> > handshake, the port (PAE) should be unauthorized and other data frames
> > apart from EAPOL frames should be blocked.
> 
> Only the specific port corresponding to that particular authenticator is
> blocked. Other ports from other authenticators may be open. This is not
> the case for Andreas, as he is in Infrastructure mode. But for me it is,
> in IBSS mode...

Sure, though even in that case, the non-EAPOL Data frames that get
through should be for other destinations. I'm not sure I've fully
understood this specific part of the issue, though.

> > As far as rekeying is concerned, this gets quite a bit more
> > complex (until the newly defined non-zero key index PTK gets into use).
> 
> Which standard is this ? I might want to implement this for my
> private IBSS network.

It was added in P802.11-REVmb/D3.0 and will be included in the IEEE Std
802.11-2012 that should get published in a couple of months (it is
included in the latest draft: P802.11-REVmb/D12).

These 802.11 submissions may be helpful in understanding the changes:

https://mentor.ieee.org/802.11/dcn/10/11-10-0313-01-000m-rekeying-protocol-fix.ppt
https://mentor.ieee.org/802.11/dcn/10/11-10-0314-00-000m-rekeying-protocol-fix-text.doc

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list