Sequences for PTK rekeying

Mark Powell Mark.Powell
Tue Dec 5 04:34:32 PST 2006 

Hi,

We are trying to understand the possible message sequences for PTK/GTK
establishment and rekeying that wpa_supplicant uses via the
Wireless Extensions API, and the interaction with the driver.

Looking at PTKs first, it seems to me that there are six possible
scenarios:

1) Us as initiator, success.
2) Us as responder, success.
3) Us as initiator, fails at second stage.
4) Us as responder, fails at second stage.
5) Us as initiator, fails at first stage.
6) Us as responder, fails at first stage.

These get progressively harder!

1) Us initiator, success.
The sequence is:

    Tx EAPOL Auth 1
    Rx EAPOL Auth 2
    Tx EAPOL Auth 3
    Rx EAPOL Auth 4
    Set keys

Is this correct?

2) Us responder, success.

    Rx EAPOL Auth 1
    Tx EAPOL Auth 2
    Rx EAPOL Auth 3
    Tx EAPOL Auth 4
    Set keys

Is this correct?
Particularly, does the SetKeys happen after the Tx EAPOL Auth 4 or could
it happen after the Rx EAPOL Auth 3?
Does the system wait for acknowledgement of the second tx before setting
the keys?

3) Us initiator, fails at second stage.

    Tx EAPOL Auth 1
    Rx EAPOL Auth 2
    Tx EAPOL Auth 3
    Timeout or rx bad EAPOL Auth 4

Is there any indication to the driver that the key
establishment/rekeying has failed?

4) Us responder, fails at second stage.

    Rx EAPOL Auth 1
    Tx EAPOL Auth 2
    Timeout or rx bad EAPOL Auth 3

Is there any indication to the driver that the key
establishment/rekeying has failed?

5) Us initiator, fails at first stage.

    Tx EAPOL Auth 1
    Timeout or rx bad EAPOL Auth 2

Is there any indication to the driver that the key
establishment/rekeying has failed?

6) Us responder, fails at first stage.

    Rx bad EAPOL Auth 1


Well, at least this one is easy!



Is there any difference between initial PTK establishment and
rekeying?



Similarly, for GTKs there seem to be four possible scenarios:

1) Us initiator, success.
2) Us responder, success.
3) Us initiator, fails.
4) Us responder, fails.

1) Us initiator, success.

    Tx EAPOL Auth 1
    Rx EAPOL Auth 2
    Set keys

Correct?

2) Us responder, success.

    Rx EAPOL Auth 1
    Tx EAPOL Auth 2
    Set keys

Is this correct?
Particularly, does the SetKeys happen after the Tx or could it happen
after the Rx?
Does the system wait for acknowledgement of the tx before setting the keys?

3) Us initiator, fails.

    Tx EAPOL Auth 1
    Timeout or rx bad EAPOL Auth 2

Is there any indication to the driver that the key
establishment/rekeying has failed?

4) Us responder, fails.

    Rx bad EAPOL Auth 1

As easy as before.


Again, is there any difference between the initial GTK establishment and
GTK rekeying?


Thanks for your help,

Mark


-- 
Mark Powell mailto:Mark.Powell at csr.com
Group Leader, Host Drivers Tel: +44 (0)1223 692000
CSR, Churchill House, Cambridge Business Park, Cowley Road, Cambridge,
CB24 0WZ, UK


To access the latest news from CSR copy this link into a web browser:  http://www.csr.com/email_sig.php

More information about the Hostap mailing list