wpa_supplicant: Group Key Handshake Timeout- KRACK

Sat Feb 10 09:41:22 PST 2018

Hi,
I want to report this very annoying problem. I always get
deauthentication with reason: 16=GROUP_KEY_HANDSHAKE_TIMEOUT in my
system. My system connected to Cisco AP with WPA2-EAP PEAP encryption.
This disconnection happens everytime if one of this THREE cases meets:

1) invoke "reauthentication" through wpa_cli OR

2) if dot11RSNAConfigPMKReauthThreshold is reached OR

3) if the reauthentication is forced by the radius server (when I configured
dot11RSNAConfigPMKLifetime too big and the radius server of my
organization is also configured to do this forced reauth).

Everytime, one of the three above happens, the internet connection
will not work but my system is still connected to AP (just like
zoombie, connected without internet). The MOST ANNOYING thing is, It
lasts up to 25-30 mins with this zoombie connection until my system is
disconnected from AP and deauthentication reason 16 is thrown.

After I ran wpa_supplicant in debug mode -dd, I got this piece of strange logs:

1518093706.797931: wlan0: WPA: Installing PTK to the driver
1518093706.798030: wpa_driver_nl80211_set_key: ifindex=7 (wlan0) alg=3
addr=0x77afc2d8 key_idx=0 set_tx=1 seq_len=6 key_len=16
1518093706.798085: nl80211: KEY_DATA - hexdump(len=16): [REMOVED]
1518093706.798107: nl80211: KEY_SEQ - hexdump(len=6): 00 00 00 00 00 00
1518093706.798140:    addr=aa:aa:aa:aa:aa:aa
1518093706.798864: EAPOL: External notification - portValid=1
1518093706.798942: wlan0: State: 4WAY_HANDSHAKE -> GROUP_HANDSHAKE
1518093706.798985: RSN: received GTK in pairwise handshake -
hexdump(len=18): [REMOVED]
1518093706.799035: wlan0: WPA: Not reinstalling already in-use GTK to
the driver (keyidx=1 tx=0 len=16)
1518093706.799098: wlan0: WPA: Key negotiation completed with
aa:aa:aa:aa:aa:aa [PTK=CCMP GTK=CCMP]
1518093706.799128: CTRL-DEBUG: ctrl_sock-sendmsg: sock=16
sndbuf=163840 outq=0 send_len=73
1518093706.799686: CTRL_IFACE monitor sent successfully to
/tmp/wpa_ctrl_1411-2\x00
1518093706.799750: wlan0: Cancelling authentication timeout
1518093706.799804: wlan0: State: GROUP_HANDSHAKE -> COMPLETED
1518093706.799835: EAPOL: External notification - portValid=1
1518093708.836567: EAPOL: startWhen --> 0
1518093735.863477: EAPOL: authWhile --> 0

If I interpret it correctly, before the reauthentication or before one
of the THREE cases above happened, the system already connected with
its working GTK, but when one of the THREE cases above happens, and
GTK is renegotiated, wpa_supplicant detects it as key reinstallation
attack and ignores the new negotiated GTK. It makes the wpa_supplicant
is still using the old GTK, while the router already updated its GTK
to all stations and causes my system cannot communicate with the AP
anymore.

During the zoombie connection, my system tried to do group key
handhake many times. But it still doenst work as wpa_supplicant dont
want to reinstall the new GTK to driver.

Is that maybe caused by this wpa_supplicant patch for KRACK?:
[PATCH] Prevent reinstallation of an already in-use group key

If I suggest it correctly, maybe there should be an exception of the
key reinstallation if three cases above happens so that wpa_supplicant
allows GTK to be replaced by the new key.

I really need help because it makes my connection unstable and
restarting router everytime it happens regulary, rather than having up
to 30 minutes zoombie connection is not convenience workaround. Any
help will be appreciated! Thank you!

Bima Hutama