Hi, I downloaded and cross-compiled wpa_supplicant for ARM from commit a0e3e22 which had all the patches relating to KRACK. Using the vulnerability detection tool from the wifi alliance, I am now passing all the pairwise tests, but not the group key related tests. Specifically, I am failing the 4.1.3 and 4.2.1. My wifi driver is part of the mainline kernel, interfacing with mac82011 and cfg82011, so I would have thought all the KRACK vulnerabilities would be completely handled by the wpa_supplicant patches. Is there something I'm missing? [17:30:38] Vulnerablity Detection Tool [17:30:38] Version 1.1 [17:30:38] Note: disable Wi-Fi in network manager & disable hardware encryption. Both may interfere with this script. [17:30:39] Starting hostapd ... Configuration file: ./hostapd.conf Using interface wlan1 with hwaddr e8:94:f6:24:db:59 and ssid "test_client" wlan1: interface state UNINITIALIZED->ENABLED wlan1: AP-ENABLED [17:30:40] Ready. Connect to this Access Point to start the tests. Make sure the client requests an IP using DHCP! wlan1: STA d0:c1:93:02:ed:72 IEEE 802.11: authenticated wlan1: STA d0:c1:93:02:ed:72 IEEE 802.11: associated (aid 1) [17:34:32] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key and sending Msg3/4 wlan1: AP-STA-CONNECTED d0:c1:93:02:ed:72 wlan1: STA d0:c1:93:02:ed:72 RADIUS: starting accounting session 70FD5AD6416A7E22 [17:34:32] d0:c1:93:02:ed:72: transmitted data using IV=1 (seq=0) [17:34:34] d0:c1:93:02:ed:72: Hostapd: already installing pairwise key [17:34:34] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key and sending Msg3/4 [17:34:34] d0:c1:93:02:ed:72: transmitted data using IV=2 (seq=2) [17:34:35] d0:c1:93:02:ed:72: DHCP reply 192.168.100.2 to d0:c1:93:02:ed:72 [17:34:35] d0:c1:93:02:ed:72: transmitted data using IV=3 (seq=1) [17:34:35] d0:c1:93:02:ed:72: client has IP address -> testing for group key reinstallation in the 4-way handshake [17:34:35] d0:c1:93:02:ed:72: sent 1 broadcasts ARPs this interval [17:34:35] d0:c1:93:02:ed:72: sending broadcast ARP to 192.168.100.2 from 192.168.100.1 [17:34:35] d0:c1:93:02:ed:72: DHCP reply 192.168.100.2 to d0:c1:93:02:ed:72 [17:34:35] d0:c1:93:02:ed:72: transmitted data using IV=4 (seq=2) [17:34:36] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key and sending Msg3/4 [17:34:36] d0:c1:93:02:ed:72: transmitted data using IV=5 (seq=3) [17:34:37] d0:c1:93:02:ed:72: sent 2 broadcasts ARPs this interval [17:34:37] d0:c1:93:02:ed:72: sending broadcast ARP to 192.168.100.2 from 192.168.100.1 [17:34:37] d0:c1:93:02:ed:72: received 1 replies to the replayed broadcast ARP requests [17:34:37] d0:c1:93:02:ed:72: transmitted data using IV=6 (seq=3) [17:34:38] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key and sending Msg3/4 [17:34:38] d0:c1:93:02:ed:72: transmitted data using IV=7 (seq=4) [17:34:38] d0:c1:93:02:ed:72: no pairwise IV resets seem to have occured for one interval [17:34:38] d0:c1:93:02:ed:72: transmitted data using IV=8 (seq=4) [17:34:38] d0:c1:93:02:ed:72: transmitted data using IV=9 (seq=5) [17:34:39] d0:c1:93:02:ed:72: sent 3 broadcasts ARPs this interval [17:34:39] d0:c1:93:02:ed:72: sending broadcast ARP to 192.168.100.2 from 192.168.100.1 [17:34:39] d0:c1:93:02:ed:72: received 2 replies to the replayed broadcast ARP requests [17:34:39] d0:c1:93:02:ed:72: transmitted data using IV=10 (seq=6) [17:34:40] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key and sending Msg3/4 [17:34:40] d0:c1:93:02:ed:72: transmitted data using IV=11 (seq=5) [17:34:41] d0:c1:93:02:ed:72: sent 4 broadcasts ARPs this interval [17:34:41] d0:c1:93:02:ed:72: sending broadcast ARP to 192.168.100.2 from 192.168.100.1 [17:34:41] d0:c1:93:02:ed:72: received 3 replies to the replayed broadcast ARP requests [17:34:41] d0:c1:93:02:ed:72: transmitted data using IV=12 (seq=7) [17:34:42] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key and sending Msg3/4 [17:34:42] d0:c1:93:02:ed:72: transmitted data using IV=13 (seq=6) [17:34:43] d0:c1:93:02:ed:72: got a reply to broadcast ARP during this interval [17:34:43] d0:c1:93:02:ed:72: sent 1 broadcasts ARPs this interval [17:34:43] d0:c1:93:02:ed:72: sending broadcast ARP to 192.168.100.2 from 192.168.100.1 [17:34:43] d0:c1:93:02:ed:72: received 4 replies to the replayed broadcast ARP requests [17:34:43] d0:c1:93:02:ed:72: transmitted data using IV=14 (seq=8) [17:34:43] d0:c1:93:02:ed:72: transmitted data using IV=15 (seq=9) [17:34:43] d0:c1:93:02:ed:72: no pairwise IV resets seem to have occured for one interval [17:34:44] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key and sending Msg3/4 [17:34:44] d0:c1:93:02:ed:72: transmitted data using IV=16 (seq=7) [17:34:45] d0:c1:93:02:ed:72: sent 2 broadcasts ARPs this interval [17:34:45] d0:c1:93:02:ed:72: sending broadcast ARP to 192.168.100.2 from 192.168.100.1 [17:34:45] d0:c1:93:02:ed:72: transmitted data using IV=17 (seq=10) [17:34:45] d0:c1:93:02:ed:72: received 5 replies to the replayed broadcast ARP requests [17:34:45] d0:c1:93:02:ed:72: Received 5 unique replies to replayed broadcast ARP requests. Client is vulnerable to group [17:34:45] key reinstallations in the 4-way handshake (or client accepts replayed broadcast frames)! [17:34:46] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key and sending Msg3/4 [17:34:46] d0:c1:93:02:ed:72: transmitted data using IV=18 (seq=8) [17:34:48] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key and sending Msg3/4 [17:34:48] d0:c1:93:02:ed:72: transmitted data using IV=19 (seq=9) [17:34:48] d0:c1:93:02:ed:72: transmitted data using IV=20 (seq=11) [17:34:48] d0:c1:93:02:ed:72: no pairwise IV resets seem to have occured for one interval [17:34:50] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key and sending Msg3/4 [17:34:50] d0:c1:93:02:ed:72: transmitted data using IV=21 (seq=10) [17:34:52] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key and sending Msg3/4 [17:34:52] d0:c1:93:02:ed:72: transmitted data using IV=22 (seq=11) [17:34:54] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key and sending Msg3/4 [17:34:54] d0:c1:93:02:ed:72: transmitted data using IV=23 (seq=12) [17:34:54] d0:c1:93:02:ed:72: no pairwise IV resets seem to have occured for one interval [17:34:54] d0:c1:93:02:ed:72: client DOESN'T seem vulnerable to pairwise key reinstallation in the 4-way handshake (using standard attack). [17:34:54] Pairwise key test : NOT Vulnerable [17:34:54] Group key test : Vulnerable [17:34:54] Test Finished [17:34:54] Closing hostapd and cleaning up ... -- _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
