So I updated the mt7601u (this is the chipset I'm using), mac80211 and cfg80211 drivers with all the latest patches as of the 4.14 kernel release. Also I built the latest wpa_supplicant from the master branch. However, even with these updates, I'm still failing the 4.1.3 and 4.2.1 using the WMA v2 tool. What else could be missing? -- On Tue, Dec 5, 2017 at 2:27 AM, Jouni Malinen <j@xxxxx> wrote: > On Sun, Dec 03, 2017 at 02:04:27PM -0800, David Park wrote: >> I downloaded and cross-compiled wpa_supplicant for ARM from commit >> a0e3e22 which had all the patches relating to KRACK. >> >> Using the vulnerability detection tool from the wifi alliance, I am >> now passing all the pairwise tests, but not the group key related >> tests. Specifically, I am failing the 4.1.3 and 4.2.1. >> >> My wifi driver is part of the mainline kernel, interfacing with >> mac82011 and cfg82011, so I would have thought all the KRACK >> vulnerabilities would be completely handled by the wpa_supplicant >> patches. Is there something I'm missing? > > Assuming that wpa_supplicant build does indeed include the applicable > patches, I would assume this is showing an issue in replay protection: > >> [17:34:45] d0:c1:93:02:ed:72: Received 5 unique replies to replayed >> broadcast ARP requests. Client is vulnerable to group >> [17:34:45] key reinstallations in the 4-way >> handshake (or client accepts replayed broadcast frames)! > > i.e., that "client accepts replayed broadcast frames" part. You may need > WLAN driver and/or firmware fixes to address that (the actual CCMP > replay protection is performed at lower layers than wpa_supplicant). > > -- > Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
