[PATCHv6 3/5] FT RRB: add msg replay and msg delay protection
michael-dev
michael-dev at fami-braun.de
Mon Apr 17 07:41:58 PDT 2017
Am 17.04.2017 12:12, schrieb Jouni Malinen:
> This seems to be breaking a number of hwsim test cases. For example,
> ap_ft_sae fails every time when run on its own. When run after some
> other FT test cases, it can pass, but that is not really good behavior,
> i.e., every single case should work.
I've tested my series on top of 2971da2 and it passes ap_ft_sae for me
also when that test is run alone.
Same goes for the series you send (https://w1.fi/p/ft-rrb/).
Do you use a config file different from example-hostapd.conf?
> Something seems to be going wrong with sequence number updating:
> FT: Received push
the original message
> FT: Received sequence number request
> FT: Received sequence number response
The remote AP send
dom = 11 22 b1 de
seq = 62 22 3f bc
ts = 03 00 00 00
when resetting the sequence number.
So seq in range [ seq - 16 - 1; seq ) + (seq, ...) should be accepted
then, see wpa_ft_rrb_rx_seq_resp.
> FT: Received push
The original message got restarted automatically.
Its sequence number contains
dom = 11 22 b1 de
seq = 61 22 3f bc
ts = 03 00 00 00
So dom matches and ts cannot fail as well.
The sequence number is in the range configured to be accepted, so this
is fine as well.
When running ap_ft_sae alone on top of the series, I get:
FT: Received push
FT: sequence number - hexdump(len=12): f3 e2 0b 0e c3 e5 aa 47 ac cc 27
00
FT: Possibly invalid sequence number in push from 02:00:00:00:03:00
FT: RRB-OUI type 4 send to 02:00:00:00:03:00
FT: RRB received packet 02:00:00:00:04:00 -> 02:00:00:00:03:00
FT: Received sequence number request
FT: RRB-OUI type 5 send to 02:00:00:00:04:00
FT: Received sequence number response
FT: seq response - nonce - hexdump(len=16): 9a 66 fb 33 2f 38 2f 6b 88
e1 cf ef 66 67 52 5e
FT: sequence number - hexdump(len=12): f3 e2 0b 0e c4 e5 aa 47 ac cc 27
00
FT: Invalid sequence number in seq response from 02:00:00:00:03:00
FT: seq response - reset seq number
FT: Received push
FT: R0KH-ID - hexdump(len=10): 6e 61 73 31 2e 77 31 2e 66 69
FT: R1KH-ID=00:01:02:03:04:06
FT: sequence number - hexdump(len=12): f3 e2 0b 0e c3 e5 aa 47 ac cc 27
00
FT: S1KH-ID=02:00:00:00:00:00
So I'm puzzled.
Regards,
M. Braun
More information about the Hostap
mailing list