[PATCH] KRACK backports for 1.0 / Debian LTS

Antoine Beaupré anarcat at debian.org
Thu Oct 26 14:51:57 PDT 2017


I finalized a backport and review of the KRACK patchset against ancient
wpa code, for the Debian LTS project, which ships a modified version of
the 1.0 release. I wasn't able to track a tag or commit in the hostapd
repository that matches the code in LTS, so unfortunately those are
synthetic patches that are not directly derived from git, even though
they have headers that may look as such.

Those patches are derived from the patchset shipped in Debian
"oldstable" (jessie, wpa 2.3) as part of the coordinated release,
towards "oldoldstable" (wheezy, LTS, wpa 1.0).



I submit those patches here for review before an upload in Debian LTS,
but I hope those can also be useful for other providers and distributors
that ship older versions of WPA and cannot upgrade them in any practical

I hope that anyone using those patches or testing the resulting binaries
will report back here (or privately) their results. My knowledge of
WPA's is somewhat limited in time and depth so I hope some more
experienced developers can look at the patchset and confirm the approach
is correct.

As I previously mentioned, I have some concerns regarding the resulting


After a more thorough review, I am confident that removing patches 3, 6,
7 and 8 is the correct approach, as WNM sleep support is completely
missing from 1.0. I am unsure, however, whether the nonce setup in patch
#5 is correct, considering how 1.0 was doing things. In the last chunk,
you'll notice I reset peer->tk_set to negociate a new TK. The other
approach I considered was to backport 1380fcbd9f ("TDLS: Do not modify
RNonce for an TPK M1 frame with same INonce").

Updated binary and source debian packages are available for amd64 at the
following site:


I'll upload i386, armel and armhf binaries as they are built.

Note that those differ from the ones posted on monday slightly: I have
modified parts of the source code after a review, so be sure to review
this version and not the previous one if you already downloaded them.

Thanks for any feedback,


Evil exists to glorify the good. Evil is negative good.
It is a relative term. Evil can be transmuted into good.
What is evil to one at one time,
becomes good at another time to somebody else.
                        - Sivananda
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
Type: text/x-diff
Size: 3325 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20171026/ed85cdfc/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
Type: text/x-diff
Size: 6208 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20171026/ed85cdfc/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0004-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
Type: text/x-diff
Size: 1952 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20171026/ed85cdfc/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0005-TDLS-Reject-TPK-TK-reconfiguration.patch
Type: text/x-diff
Size: 3718 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20171026/ed85cdfc/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0009-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
Type: text/x-diff
Size: 2675 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20171026/ed85cdfc/attachment-0004.bin>

More information about the Hostap mailing list