On Sun, 2017-12-03 at 14:04 -0800, David Park wrote: > Hi, > > I downloaded and cross-compiled wpa_supplicant for ARM from commit > a0e3e22 which had all the patches relating to KRACK. > > Using the vulnerability detection tool from the wifi alliance, I am > now passing all the pairwise tests, but not the group key related > tests. Specifically, I am failing the 4.1.3 and 4.2.1. > > My wifi driver is part of the mainline kernel, interfacing with > mac82011 and cfg82011, so I would have thought all the KRACK > vulnerabilities would be completely handled by the wpa_supplicant > patches. Is there something I'm missing? There were some kernel-side mac80211 patches that resulted from KRACK too, not sure if they fix your issue though. fdf7cb4185b60c68e1a75e61691c4afdc15dea0e cfbb0d90a7abb289edc91833d0905931f8805f12 Dan > [17:30:38] Vulnerablity Detection Tool > [17:30:38] Version 1.1 > [17:30:38] Note: disable Wi-Fi in network manager & disable hardware > encryption. Both may interfere with this script. > [17:30:39] Starting hostapd ... > Configuration file: ./hostapd.conf > Using interface wlan1 with hwaddr e8:94:f6:24:db:59 and ssid > "test_client" > wlan1: interface state UNINITIALIZED->ENABLED > wlan1: AP-ENABLED > [17:30:40] Ready. Connect to this Access Point to start the tests. > Make sure the client requests an IP using DHCP! > wlan1: STA d0:c1:93:02:ed:72 IEEE 802.11: authenticated > wlan1: STA d0:c1:93:02:ed:72 IEEE 802.11: associated (aid 1) > [17:34:32] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key > and sending Msg3/4 > wlan1: AP-STA-CONNECTED d0:c1:93:02:ed:72 > wlan1: STA d0:c1:93:02:ed:72 RADIUS: starting accounting session > 70FD5AD6416A7E22 > [17:34:32] d0:c1:93:02:ed:72: transmitted data using IV=1 (seq=0) > [17:34:34] d0:c1:93:02:ed:72: Hostapd: already installing pairwise > key > [17:34:34] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key > and sending Msg3/4 > [17:34:34] d0:c1:93:02:ed:72: transmitted data using IV=2 (seq=2) > [17:34:35] d0:c1:93:02:ed:72: DHCP reply 192.168.100.2 to > d0:c1:93:02:ed:72 > [17:34:35] d0:c1:93:02:ed:72: transmitted data using IV=3 (seq=1) > [17:34:35] d0:c1:93:02:ed:72: client has IP address -> testing for > group key reinstallation in the 4-way handshake > [17:34:35] d0:c1:93:02:ed:72: sent 1 broadcasts ARPs this interval > [17:34:35] d0:c1:93:02:ed:72: sending broadcast ARP to 192.168.100.2 > from 192.168.100.1 > [17:34:35] d0:c1:93:02:ed:72: DHCP reply 192.168.100.2 to > d0:c1:93:02:ed:72 > [17:34:35] d0:c1:93:02:ed:72: transmitted data using IV=4 (seq=2) > [17:34:36] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key > and sending Msg3/4 > [17:34:36] d0:c1:93:02:ed:72: transmitted data using IV=5 (seq=3) > [17:34:37] d0:c1:93:02:ed:72: sent 2 broadcasts ARPs this interval > [17:34:37] d0:c1:93:02:ed:72: sending broadcast ARP to 192.168.100.2 > from 192.168.100.1 > [17:34:37] d0:c1:93:02:ed:72: received 1 replies to the replayed > broadcast ARP requests > [17:34:37] d0:c1:93:02:ed:72: transmitted data using IV=6 (seq=3) > [17:34:38] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key > and sending Msg3/4 > [17:34:38] d0:c1:93:02:ed:72: transmitted data using IV=7 (seq=4) > [17:34:38] d0:c1:93:02:ed:72: no pairwise IV resets seem to have > occured for one interval > [17:34:38] d0:c1:93:02:ed:72: transmitted data using IV=8 (seq=4) > [17:34:38] d0:c1:93:02:ed:72: transmitted data using IV=9 (seq=5) > [17:34:39] d0:c1:93:02:ed:72: sent 3 broadcasts ARPs this interval > [17:34:39] d0:c1:93:02:ed:72: sending broadcast ARP to 192.168.100.2 > from 192.168.100.1 > [17:34:39] d0:c1:93:02:ed:72: received 2 replies to the replayed > broadcast ARP requests > [17:34:39] d0:c1:93:02:ed:72: transmitted data using IV=10 (seq=6) > [17:34:40] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key > and sending Msg3/4 > [17:34:40] d0:c1:93:02:ed:72: transmitted data using IV=11 (seq=5) > [17:34:41] d0:c1:93:02:ed:72: sent 4 broadcasts ARPs this interval > [17:34:41] d0:c1:93:02:ed:72: sending broadcast ARP to 192.168.100.2 > from 192.168.100.1 > [17:34:41] d0:c1:93:02:ed:72: received 3 replies to the replayed > broadcast ARP requests > [17:34:41] d0:c1:93:02:ed:72: transmitted data using IV=12 (seq=7) > [17:34:42] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key > and sending Msg3/4 > [17:34:42] d0:c1:93:02:ed:72: transmitted data using IV=13 (seq=6) > [17:34:43] d0:c1:93:02:ed:72: got a reply to broadcast ARP during > this interval > [17:34:43] d0:c1:93:02:ed:72: sent 1 broadcasts ARPs this interval > [17:34:43] d0:c1:93:02:ed:72: sending broadcast ARP to 192.168.100.2 > from 192.168.100.1 > [17:34:43] d0:c1:93:02:ed:72: received 4 replies to the replayed > broadcast ARP requests > [17:34:43] d0:c1:93:02:ed:72: transmitted data using IV=14 (seq=8) > [17:34:43] d0:c1:93:02:ed:72: transmitted data using IV=15 (seq=9) > [17:34:43] d0:c1:93:02:ed:72: no pairwise IV resets seem to have > occured for one interval > [17:34:44] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key > and sending Msg3/4 > [17:34:44] d0:c1:93:02:ed:72: transmitted data using IV=16 (seq=7) > [17:34:45] d0:c1:93:02:ed:72: sent 2 broadcasts ARPs this interval > [17:34:45] d0:c1:93:02:ed:72: sending broadcast ARP to 192.168.100.2 > from 192.168.100.1 > [17:34:45] d0:c1:93:02:ed:72: transmitted data using IV=17 (seq=10) > [17:34:45] d0:c1:93:02:ed:72: received 5 replies to the replayed > broadcast ARP requests > [17:34:45] d0:c1:93:02:ed:72: Received 5 unique replies to replayed > broadcast ARP requests. Client is vulnerable to group > [17:34:45] key reinstallations in the 4-way > handshake (or client accepts replayed broadcast frames)! > [17:34:46] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key > and sending Msg3/4 > [17:34:46] d0:c1:93:02:ed:72: transmitted data using IV=18 (seq=8) > [17:34:48] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key > and sending Msg3/4 > [17:34:48] d0:c1:93:02:ed:72: transmitted data using IV=19 (seq=9) > [17:34:48] d0:c1:93:02:ed:72: transmitted data using IV=20 (seq=11) > [17:34:48] d0:c1:93:02:ed:72: no pairwise IV resets seem to have > occured for one interval > [17:34:50] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key > and sending Msg3/4 > [17:34:50] d0:c1:93:02:ed:72: transmitted data using IV=21 (seq=10) > [17:34:52] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key > and sending Msg3/4 > [17:34:52] d0:c1:93:02:ed:72: transmitted data using IV=22 (seq=11) > [17:34:54] d0:c1:93:02:ed:72: Hostapd: Resetting Tx IV of group key > and sending Msg3/4 > [17:34:54] d0:c1:93:02:ed:72: transmitted data using IV=23 (seq=12) > [17:34:54] d0:c1:93:02:ed:72: no pairwise IV resets seem to have > occured for one interval > [17:34:54] d0:c1:93:02:ed:72: client DOESN'T seem vulnerable to > pairwise key reinstallation in the 4-way handshake (using standard > attack). > [17:34:54] Pairwise key test : NOT Vulnerable > [17:34:54] Group key test : Vulnerable > [17:34:54] Test Finished > [17:34:54] Closing hostapd and cleaning up ... > > -- > > _______________________________________________ > Hostap mailing list > Hostap@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/hostap _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
