[PATCH 34/44] FT: do not change ANonce during re-sent auth request

M. Braun michael-dev at fami-braun.de
Wed Mar 2 09:45:08 PST 2016

Am 28.02.2016 um 18:19 schrieb Jouni Malinen:
> On Wed, Feb 24, 2016 at 12:53:40PM +0100, michael-dev at fami-braun.de wrote:
>> Otherwise the station might end up using old ANonce.
> Could you please clarify what type of Authentication frame
> retransmission case are you addressing here? It sounds like the station
> is broken if it sends another FT Authentication frame and does not use
> the ANonce it receives from the response to that frame. Is this because
> of mac80211 Authentication frame retries? If so, the correct fix would
> be in mac80211, not in hostapd.

I tried using wpa_supplicant as client. This was with hostapd being very
slow due to being run on real hardware with debugging and address
sanitizer enabled.

I think this was due to the following sequence:

[Over-the-air FT Protocol in an RSN]
1. client sends auth req frame and ap receives it
2. client resends auth req frame due to timeout (no reply from AP) and
   ap receives it
3. hostapd processes auth request, generates a nonce and sends reply
4. hostapd processes second auth request, generates a-nonce,
   overwrites and the old A-Nonce and sends reply
5. client receives first reply and uses that a-nonce
6. client ignores second reply
7. now hostapd and wpa_supplicant have different A-Nonce stored and
   reassociation fails (A-Nonce mismatch) [and so would key derivation
   result in different keys]

It works similarly with FT-over-DS, where additionally the FT Request /
Reply might be lost while being forwarded between the APs.

I'm not sure how mac80211 should resolve this.

 M. Braun

More information about the Hostap mailing list