Dealing with retransmitted EAPOL msg 3/4 and 4/4

Mathy Vanhoef vanhoefm at gmail.com
Wed Mar 8 06:32:52 PST 2017


Thanks for the info.

On Wed, Mar 8, 2017 at 12:59 PM, Jouni Malinen <j at w1.fi> wrote:
>> Linux allows unencrypted EAPOL frames, even if keys have been set. See
>> the function ieee80211_frame_allowed:
>> http://lxr.free-electrons.com/source/net/mac80211/rx.c#L2166 So the
>> client will receive the retransmitted 3/4. At least on Linux. While
>> this behavior may not be explicitly allowed by the standard, it does
>> not pose any (security) issues (AFIAK?). EAPOL frames are protected on
>> their own.
>
> That is needed for WPA, but with WPA2 (= RSN), unencrypted EAPOL frames
> are not supposed to be accepted after TK has been configured.

Interesting. Is it needed for some specific reason for WPA, or was it
just a requirement of the older WPA standard?



More information about the Hostap mailing list