Patchwork hostapd: RSN 4-way handshake issue with Cisco WET200 client

login
register
mail settings
Submitter Jouni Malinen
Date Jan. 22, 2012, 10:26 a.m.
Message ID <20120122102612.GB5805@w1.fi>
Download mbox | patch
Permalink /patch/137221/
State Accepted
Headers show

Comments

Jouni Malinen - Jan. 22, 2012, 10:26 a.m.
On Mon, Jan 16, 2012 at 02:19:00PM +0100, Helmut Schaa wrote:
> I've got a strange problem with a Cisco WET200 wireless bridge connecting
> to a hostapd AP. The AP is configured as WPA2-CCMP and the 4-way HS
> looks like this:
> 
> 1of4: KeyDescriptor=2 (RSN)
> 2of4: KeyDescriptor=2 (RSN)
> 3of4: KeyDescriptor=2 (RSN)
> 4of4: KeyDescriptor=254 (WPA) ???

Well, that sucks. It's unfortunate if that type of broken
implementations are deployed in large number.

> Of course this appears to be a pure client issue but other APs accept that
> strange 4of4 message.

Anything based on hostapd prior to May 2009 would have accepted that..

> Jouni, would it be ok to relax the constraints a bit and allow a WPA
> descriptor type to be used also for WPA2?

It looks like we need to do that taken into account that this issue has
apparently been reported with number of deployed devices. I would have
preferred not doing this, but well, since lack of the validation should
not open security issues, I committed the following change as a
workaround for interoperability issues. Could you please confirm that it
resolves the issue with the station device you tested with?

 commit 74590e710f65134522b9a654609ac38d0ce54852
 Author: Jouni Malinen <j@w1.fi>
 Date:   Sun Jan 22 12:23:28 2012 +0200

    Work around interop issue with WPA type EAPOL-Key 4/4 in WPA2 mode
    
    Some deployed station implementations seem to send msg 4/4 with
    incorrect type value in WPA2 mode. Add a workaround to ignore that issue
    so that such stations can interoperate with hostapd authenticator. The
    validation checks were added in commit
    f8e96eb6fd960a017793942cff0eb43b09f444c6.
    
    Signed-hostap: Jouni Malinen <j@w1.fi>
Helmut Schaa - Jan. 23, 2012, 12:57 p.m.
Hi,

On Sun, Jan 22, 2012 at 11:26 AM, Jouni Malinen <j@w1.fi> wrote:
> It looks like we need to do that taken into account that this issue has
> apparently been reported with number of deployed devices. I would have
> preferred not doing this, but well, since lack of the validation should
> not open security issues, I committed the following change as a
> workaround for interoperability issues. Could you please confirm that it
> resolves the issue with the station device you tested with?

I've just tested your patch with the affected device, works like a charm!
Thanks.

Felix, you might want to add Jounis patch to the openwrt tree?

Helmut

>  commit 74590e710f65134522b9a654609ac38d0ce54852
>  Author: Jouni Malinen <j@w1.fi>
>  Date:   Sun Jan 22 12:23:28 2012 +0200
>
>    Work around interop issue with WPA type EAPOL-Key 4/4 in WPA2 mode
>
>    Some deployed station implementations seem to send msg 4/4 with
>    incorrect type value in WPA2 mode. Add a workaround to ignore that issue
>    so that such stations can interoperate with hostapd authenticator. The
>    validation checks were added in commit
>    f8e96eb6fd960a017793942cff0eb43b09f444c6.
>
>    Signed-hostap: Jouni Malinen <j@w1.fi>
>
> diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
> index 9da5609..c4d77bf 100644
> --- a/src/ap/wpa_auth.c
> +++ b/src/ap/wpa_auth.c
> @@ -795,7 +795,14 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
>        }
>
>        if (sm->wpa == WPA_VERSION_WPA2) {
> -               if (key->type != EAPOL_KEY_TYPE_RSN) {
> +               if (key->type == EAPOL_KEY_TYPE_WPA) {
> +                       /*
> +                        * Some deployed station implementations seem to send
> +                        * msg 4/4 with incorrect type value in WPA2 mode.
> +                        */
> +                       wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key "
> +                                  "with unexpected WPA type in RSN mode");
> +               } else if (key->type != EAPOL_KEY_TYPE_RSN) {
>                        wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
>                                   "unexpected type %d in RSN mode",
>                                   key->type);
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP@lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap

Patch

diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 9da5609..c4d77bf 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -795,7 +795,14 @@  void wpa_receive(struct wpa_authenticator *wpa_auth,
 	}
 
 	if (sm->wpa == WPA_VERSION_WPA2) {
-		if (key->type != EAPOL_KEY_TYPE_RSN) {
+		if (key->type == EAPOL_KEY_TYPE_WPA) {
+			/*
+			 * Some deployed station implementations seem to send
+			 * msg 4/4 with incorrect type value in WPA2 mode.
+			 */
+			wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key "
+				   "with unexpected WPA type in RSN mode");
+		} else if (key->type != EAPOL_KEY_TYPE_RSN) {
 			wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
 				   "unexpected type %d in RSN mode",
 				   key->type);