GTK msg 1/2 fields possibly incorrect

Andrew Zaborowski balrogg at googlemail.com
Mon Jan 30 17:20:34 PST 2017 

Hi,

i'm receiving a GTK-handshake msg 1/2 after an FT roam which our code
can't validate.  This is confirmed by hostapd code in
SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING) in src/ap/wpa_auth.c.  The
comment says hostap sends the following msg 1/2:

EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN])

I couldn't firgure out what sm->Pair is exactly but with FT it's going
to be false, unlike after an EAPOL 4-Way handshake and the install bit
will be true in effect.  Is there any reason the install bit isn't
just hardcoded to 0, as defined by 11.6.2 and illustrated by the
message sequences in 11.6.7?

Similarly it seems the nonce should just be 0 since it's neither
ANonce or SNonce, and Key Length should be hardcoded to 0 in
__wpa_send_eapol.  Patch for illustration.

Best regards

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 69e3a5d..a5eaeb0 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -1409,7 +1409,6 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
        struct ieee802_1x_hdr *hdr;
        struct wpa_eapol_key *key;
        size_t len, mic_len, keyhdrlen;
-       int alg;
        int key_data_len, pad_len = 0;
        u8 *buf, *pos;
        int version, pairwise;
@@ -1481,9 +1480,9 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
                key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT;
        WPA_PUT_BE16(key->key_info, key_info);

-       alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
-       WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
-       if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
+       if (pairwise && !(key_info & WPA_KEY_INFO_SMK_MESSAGE))
+               WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(sm->pairwise));
+       else
                WPA_PUT_BE16(key->key_length, 0);

        /* FIX: STSL: what to use as key_replay_counter? */
@@ -3058,7 +3057,7 @@ SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
        if (sm->wpa == WPA_VERSION_WPA)
                sm->PInitAKeys = FALSE;
        sm->TimeoutEvt = FALSE;
-       /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
+       /* Send EAPOL(1, 1, 1, 0, G, RSC, 0, MIC(PTK), GTK[GN]) */
        os_memset(rsc, 0, WPA_KEY_RSC_LEN);
        if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
                wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
@@ -3097,9 +3096,8 @@ SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
        wpa_send_eapol(sm->wpa_auth, sm,
                       WPA_KEY_INFO_SECURE |
                       (wpa_mic_len(sm->wpa_key_mgmt) ? WPA_KEY_INFO_MIC : 0) |
-                      WPA_KEY_INFO_ACK |
-                      (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0),
-                      rsc, gsm->GNonce, kde, kde_len, gsm->GN, 1);
+                      WPA_KEY_INFO_ACK,
+                      rsc, NULL, kde, kde_len, gsm->GN, 1);

        os_free(kde_buf);
 }

More information about the Hostap mailing list