wpa_supplicant fails group key attacks even after krack patch
djpark121 at gmail.com
Wed Dec 13 15:51:45 PST 2017
So I updated the mt7601u (this is the chipset I'm using), mac80211 and
cfg80211 drivers with all the latest patches as of the 4.14 kernel
release. Also I built the latest wpa_supplicant from the master
branch. However, even with these updates, I'm still failing the 4.1.3
and 4.2.1 using the WMA v2 tool.
What else could be missing?
On Tue, Dec 5, 2017 at 2:27 AM, Jouni Malinen <j at w1.fi> wrote:
> On Sun, Dec 03, 2017 at 02:04:27PM -0800, David Park wrote:
>> I downloaded and cross-compiled wpa_supplicant for ARM from commit
>> a0e3e22 which had all the patches relating to KRACK.
>> Using the vulnerability detection tool from the wifi alliance, I am
>> now passing all the pairwise tests, but not the group key related
>> tests. Specifically, I am failing the 4.1.3 and 4.2.1.
>> My wifi driver is part of the mainline kernel, interfacing with
>> mac82011 and cfg82011, so I would have thought all the KRACK
>> vulnerabilities would be completely handled by the wpa_supplicant
>> patches. Is there something I'm missing?
> Assuming that wpa_supplicant build does indeed include the applicable
> patches, I would assume this is showing an issue in replay protection:
>> [17:34:45] d0:c1:93:02:ed:72: Received 5 unique replies to replayed
>> broadcast ARP requests. Client is vulnerable to group
>> [17:34:45] key reinstallations in the 4-way
>> handshake (or client accepts replayed broadcast frames)!
> i.e., that "client accepts replayed broadcast frames" part. You may need
> WLAN driver and/or firmware fixes to address that (the actual CCMP
> replay protection is performed at lower layers than wpa_supplicant).
> Jouni Malinen PGP id EFC895FA
More information about the Hostap