Dealing with encrypted message 4 of the WPA 4-way handshake

Michal Růžička michal.ruza at gmail.com
Fri May 4 06:59:27 PDT 2018


Hi,
I'm having problems connecting to wpa_supplicant/hostap running on linux
from newer Android devices (Android 6.0 and above).
The problem is that the newer Android devices encrypt (with rare
exceptions) the message 4 of the WPA 4-way handshake. Such message is
likely dropped by the linux kernel as it cannot be decrypted, in
consequence the wpa_supplicant does not consider the handshake to be
completed successfully and after a couple of re-sends of the message 3
it disassociates the Android device.

I've logged a bug report with Fedora [1] where I included a patch
providing a best effort solution which I don't consider to be suitable
for inclusion in the wpa_supplicant as it is racy and as a consequence
can be ineffective on slower hardware. The solution it provides is to
install the PTK key as soon as the message 3 is sent by the
wpa_supplicant, so that the message 4 can be decrypted if STA encrypts
it. Additionally if there is a need to re-send the message 3, the key is
uninstalled before the re-send and installed again afterwards (this is
totally untested and may likely interfere with frame sequence numbers).
Nevertheless in the happy case scenario (no retransmissions) it works.
Further in the bug report I envision a better, race-free solution which
would install the PTK even before sending the message 3 but despite that
it would then send the message 3 (including its possible re-sends)
unencrypted. The problem is I don't know how to achieve that: I don't
see a way to send an unencrypted frame once the PTK is installed. I tend
to think that a recent kernel patch [2] is supposed to address this
exact issue.

What's your opinion on the best effort solution provided in the patch?
Would it make sense to include it the wpa_supplicant?
Does the race-free solution make sense? (Is so could it be implemented
by other means than those introduced in [2]? I.e. is there some other
way to send an unencrypted frame once the PTK is installed?)

Cheers,
Michal

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1571256
[2]
https://github.com/torvalds/linux/commit/2576a9ace47eba28a682d249d1d6402f891808c9



More information about the Hostap mailing list