An issue with supplicant receiving retranmitted M3
jatul at qti.qualcomm.com
Mon Sep 28 03:06:27 EDT 2015
While testing with supplicant 2.4 we observed one scenarios as follows
1. We as a STA received M1
2. We sent M2
3. Then we received M3
4. We send M4 and install PTK & GTK
5. We received M3 again
6. We send M4 and install PTK & GTK
In this case we can see that
wpa_supplicant_process_3_of_4 calls wpa_supplicant_install_ptk
Just before the function there is a note
/* SNonce was successfully used in msg 3/4, so mark it to be renewed
* for the next 4-Way Handshake. If msg 3 is received again, the old
* SNonce will still be used to avoid changing PTK. */
But in function wpa_supplicant_install_ptk immediately after wpa_sm_set_key
We see that
/* TK is not needed anymore in supplicant */
os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
This would mean that at step (4) above, the PTK is cleaned and we install it as 0 again in (6).
I think the PKT should not be cleared..
Am I missing something?
More information about the HostAP