No broadcast after 2nd rekey using extended key IDs

James Prestwood prestwoj at
Fri Oct 1 13:17:52 PDT 2021


While implementing extended key IDs for IWD I ran into this problem
where a second set of rekeys (PTK + GTK) ended up losing broadcast
traffic. Figuring it was a bug in my code I tried the same setup with
wpa_supplicant + hostapd and ran into the exact same behavior.

Monitoring NL80211 I can see there isn't much difference between my
implementation and wpa_supplicant, in short both do the following:

 - Parse the extended key ID KDE from message 3
 - Use NEW_KEY with an RX only flag
 - Send message 4
 - Use SET_KEY with TX enable flag

The kernel is happy with this, and the first rekey does in fact work.
But when I rekey again I lose broadcast. One thing to note is that if I
only rekey the PTK I can do this many times (I tried 10 in a row).

One thing I noticed is that the PTK key ID toggles between 0 and 1, and
the GTK key ID toggles between 1 and 2. They are never the same value
at the same time, of course. I'm thinking the kernel has the old PTK
and is using that instead of the GTK since the indexes (1) overlap.

I can send logs upon request, but large messages need approval and in
the past I haven't had much luck with that.


More information about the Hostap mailing list