[PATCH] rsn_supp: Don't encrypt EAPOL-Key 4/4.

Jouni Malinen j
Sun Feb 12 10:25:19 PST 2012

On Sun, Feb 12, 2012 at 06:20:09PM +0100, Nicolas Cavallari wrote:
> It clears a key just before sending 4/4, and the new PTK will be set
> just after sending 4/4.
> So clearing the key or not will make no difference, apart from
> respecting the standard when we do (and when it works), because the
> standard actually use setprotection(rx) instead. It will likely not
> change the various races that exists when sending frames while changing
> keys that Andreas is likely experiencing.

It would not make difference for the initial 4-way handshake at the
beginning of the association, but it breaks PTK rekeying, i.e., another
4-way handshake during the association. In that exchange, all EAPOL
frames need to be encrypted with the old key.

> Yes : If a 4/4 is lost during rekeying, the retransmitted 3/4 cannot be
> interpreted by the supplicant anymore. The standard somewhat "authorize"
> stations to store more than one PTK for a TA/RA pair, but does not
> define how to use them...

Yes, this is not exactly completely defined, but in theory, something
that could be implemented.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list