Why no Secure flag when using WPA (not WPA2) in 3/4 and 4/4 EAPOL messages

[Jouni Malinen]

On Wed, Jan 04, 2017 at 04:23:00PM -0800, Ben Greear wrote:
> [resend, seems list ate the first??]

I see no sign of the previous email nor this newer email on the list for
that matter.. Not even in the moderation queue.

> I am trying to figure out if hostapd/supplicant is doing the right thing
> when using WPA.  Neither the 3/4 or 4/4 messages have the Secure bit
> set.  I found this code in hostapd, which looks pertinent, but I don't
> know if it is correct or not.

As far as I know, the implementation is correct.

> I looked in the 802.11i-2004.pdf document, and found this text
> on page 94.

IEEE Std 802.11i-2004 does not define WPA (v1)..

> 7) Secure (bit 9) is set once the initial key exchange is complete.
> The Authenticator shall set the Secure bit to 0 in all EAPOL-Key frames sent before the
> Supplicant has the PTK and the GTK. The Authenticator shall set the Secure bit to 1 in all
> EAPOL-Key frames it sends to the Supplicant containing the last key needed to complete the
> Supplicant’s initialization.

But even if it were, please note the "and the GTK" part there..

> Does the 3/4 message not have the 'last key needed' to complete supplicant's initialization?

Not in WPA.

> If not, then what packet does?

In WPA, the GTK is not delivered as part of the 4-way handshake; it is
delivered in group key handshake following that, i.e., the group key msg
1/2 which is sent after the 4-way handshake message 4/4 is the first
frame that provides the full set of keys to the station.

-- 
Jouni Malinen                                            PGP id EFC895FA