Am 28.02.2016 um 18:19 schrieb Jouni Malinen: > On Wed, Feb 24, 2016 at 12:53:40PM +0100, michael-dev@xxxxxxxxxxxxx wrote: >> Otherwise the station might end up using old ANonce. > > Could you please clarify what type of Authentication frame > retransmission case are you addressing here? It sounds like the station > is broken if it sends another FT Authentication frame and does not use > the ANonce it receives from the response to that frame. Is this because > of mac80211 Authentication frame retries? If so, the correct fix would > be in mac80211, not in hostapd. > I tried using wpa_supplicant as client. This was with hostapd being very slow due to being run on real hardware with debugging and address sanitizer enabled. I think this was due to the following sequence: [Over-the-air FT Protocol in an RSN] 1. client sends auth req frame and ap receives it 2. client resends auth req frame due to timeout (no reply from AP) and ap receives it 3. hostapd processes auth request, generates a nonce and sends reply 4. hostapd processes second auth request, generates a-nonce, overwrites and the old A-Nonce and sends reply 5. client receives first reply and uses that a-nonce 6. client ignores second reply 7. now hostapd and wpa_supplicant have different A-Nonce stored and reassociation fails (A-Nonce mismatch) [and so would key derivation result in different keys] It works similarly with FT-over-DS, where additionally the FT Request / Reply might be lost while being forwarded between the APs. I'm not sure how mac80211 should resolve this. Regards, M. Braun _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap