TKIP GroupKey Problem

Jouni Malinen j at w1.fi
Sat Feb 9 05:47:45 EST 2013


On Fri, Feb 08, 2013 at 07:57:53PM +0100, michael-dev wrote:
> One card runs 2.4 Ghz, the other 5 Ghz. Each card has one unencrypted 
> bss, one wpa-psk bss and one wpa-eap bss. Both latter bss authenticate 
> against radius and assign STAs into VLANs. There is no SSID-Sharing. 
> WPA-PSK enables both WPA and RSN with CCMP+TKIP.

This would mean that the WPA/WPA2 BSSes would use TKIP as the group
cipher.

> AP Logs: Since my laptop is online, hostapd generates two 
> wpa_driver_nl80211_set_key call every 60s, one with 16bytes key and one 
> with 32bytes key both assigned to broadcast mac. The short has alg=2, 
> the long has alg=4.

This sounds strange.. The 16 octet key would most likely be for CCMP,
not TKIP. However, if I understood your configuration correctly, you
should not be using CCMP as the group cipher.

Would it be possible to get a hostapd debug log and configuration file
showing this kind of behavior?

> STA (Laptop) side: wpa supplicant every 60s generates
> Feb  8 19:22:51 localhost wpa_supplicant[22798]: wlan0: WPA: Group 
> rekeying completed with 66:65:6d:01:0d:02 [GTK=TKIP]
> Feb  8 19:22:59 localhost wpa_supplicant[22798]: wlan0: WPA: EAPOL-Key 
> Replay Counter did not increase - dropping packet
> Feb  8 19:23:51 localhost wpa_supplicant[22798]: wlan0: WPA: Invalid 
> EAPOL-Key MIC when using TPTK - ignoring TPTK
> messages and sets a new key .
> Comparing the keys the AP logs and those the STA logs, the key of those 
> the AP logs is set on STA side, but not the shorter one.

Something goes wrong here.. It sounds as if there could be two group
rekeying sessions going on simultaneously. It would be helpful if you
can provide debug logs from both hostapd and wpa_supplicant for this
type of failure (i.e., for the same rekey attempt and ideally including
everything since the association).

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list