WPA Rekeying problem with MacOSX client

Michael Guntsche mike at it-loops.com
Mon Aug 30 16:57:30 EDT 2004


Hi

I played around with hostapd and WPA a few months ago and wasn't able 
to get it working.
I tried it again today, but the problem persists.

Setup:
Linux server with an MA311 PCI card running in Master mode
Apple Powerbook as client.

If I start hostapd for the first time, the PB can connect to it without 
any problems.
For testing purposes I set the rekeying interval to 30 seconds. 
Rekeying works without any problem if the powerbook is up and running 
while it's happening. But if I put the notebook to sleep / turn it off 
and it misses a rekeying cycle it is no longer able to connec to the 
AP.

Part of the hostapd logfile.

<Initial connection of the PB>
Configuration file: hostapd.conf
Opening raw packet socket for ifindex 27
Using interface wlan0ap with hwaddr 00:09:5b:2f:13:1f and ssid 'vortex'
WPA: group state machine entering state GTK_INIT
GMK - hexdump(len=32): cd 63 6d 45 79 0a de 9c 3f c8 45 43 29 ff 3b 22 
b4 b2 18 bd e3 79 8d 60 ee 20 27 9b 2b 86 d8 0c
GTK - hexdump(len=32): de 1b ae de dc a1 6a 4e 6e 90 1a 1b 6e ed f3 c6 
7a c0 7d 5d ea c1 71 e6 ce 88 6a 47 90 92 70 83
WPA: group state machine entering state SETKEYSDONE
Flushing old station entries
Deauthenticate all stations
Received 30 bytes management frame
RX frame - hexdump(len=30): b0 00 3a 01 00 09 5b 2f 13 1f 00 0d 93 83 
92 7a 00 09 5b 2f 13 1f 60 13 00 00 01 00 00 00
MGMT
mgmt::auth
authentication: STA=00:0d:93:83:92:7a auth_alg=0 auth_transaction=1 
status_code=0 wep=0
   New STA
wlan0: STA 00:0d:93:83:92:7a IEEE 802.11: authentication OK (open 
system)
wlan0: STA 00:0d:93:83:92:7a WPA: event 0 notification
authentication reply: STA=00:0d:93:83:92:7a auth_alg=0 
auth_transaction=2 resp=0
Received 30 bytes management frame
RX frame - hexdump(len=30): b2 00 02 01 00 0d 93 83 92 7a 00 09 5b 2f 
13 1f 00 09 5b 2f 13 1f e0 f5 00 00 02 00 00 00
MGMT (TX callback) ACK
mgmt::auth cb
wlan0: STA 00:0d:93:83:92:7a IEEE 802.11: authenticated
Received 72 bytes management frame
RX frame - hexdump(len=72): 20 00 3a 01 00 09 5b 2f 13 1f 00 0d 93 83 
92 7a 00 09 5b 2f 13 1f 70 13 31 04 0a 00 00 09 5b 2f 13 1f 00 06 76 6f 
72 74 65 78 01 04 82 84 0b 16 dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 
00 50 f2 02 01 00 00 50 f2 02
MGMT
mgmt::reassoc_req
reassociation request: STA=00:0d:93:83:92:7a capab_info=0x431 
listen_interval=10 current_ap=00:09:5b:2f:13:1f
   new AID 1
wlan0: STA 00:0d:93:83:92:7a IEEE 802.11: association OK (aid 1)
Received 36 bytes management frame
RX frame - hexdump(len=36): 32 00 02 01 00 0d 93 83 92 7a 00 09 5b 2f 
13 1f 00 09 5b 2f 13 1f f0 f5 11 00 00 00 01 c0 01 04 82 84 0b 16
MGMT (TX callback) ACK
mgmt::reassoc_resp cb
wlan0: STA 00:0d:93:83:92:7a IEEE 802.11: associated (aid 1)
wlan0: STA 00:0d:93:83:92:7a WPA: event 1 notification
wlan0: STA 00:0d:93:83:92:7a WPA: start authentication
WPA: 00:0d:93:83:92:7a WPA_PTK entering state INITIALIZE
wlan0: STA 00:0d:93:83:92:7a IEEE 802.1X: unauthorizing port
WPA: 00:0d:93:83:92:7a WPA_PTK_GROUP entering state IDLE
WPA: 00:0d:93:83:92:7a WPA_PTK entering state AUTHENTICATION
WPA: 00:0d:93:83:92:7a WPA_PTK entering state AUTHENTICATION2
WPA: 00:0d:93:83:92:7a WPA_PTK entering state INITPSK
WPA: 00:0d:93:83:92:7a WPA_PTK entering state PTKSTART
wlan0: STA 00:0d:93:83:92:7a WPA: sending 1/4 msg of 4-Way Handshake
<snip>

<Successful rekeying>
WPA: 00:0d:93:83:92:7a WPA_PTK_GROUP entering state REKEYNEGOTIATING
wlan0: STA 00:0d:93:83:92:7a WPA: sending 1/2 msg of Group Key Handshake
Plaintext EAPOL-Key Key Data - hexdump(len=32): de 1b ae de dc a1 6a 4e 
6e 90 1a 1b 6e ed f3 c6 7a c0 7d 5d ea c1 71 e6 ce 88 6a 47 90 92 70 83
Received 183 bytes management frame
RX frame - hexdump(len=183): 0a 02 02 01 00 0d 93 83 92 7a 00 09 5b 2f 
13 1f 00 09 5b 2f 13 1f 30 f6 00 20 01 20 00 00 00 00 9a d9 5f 85 6b 92 
b9 38 68 7d 21 5b 51 fd da ca 39 5a f1 76 3c e2 c4 fb 81 72 d7 27 2f f6 
c7 7b 3f b0 6b df 90 ad b8 bc 28 34 82 e4 d4 11 eb dc 6b e9 45 75 1f 1d 
99 15 20 15 c8 61 89 c7 02 4a 0d 00 18 71 1e 46 23 40 68 72 e6 f7 3f 96 
e6 9f 17 5b 56 cc 85 2a 32 ca 2e a7 23 57 23 fd 4f ae 46 67 bf 14 07 d8 
4d 36 15 e3 52 5f b5 93 33 59 a0 f5 27 de a6 8c a4 d0 1f 0b c0 2c ba d4 
ec 6d 77 78 87 65 b2 cc ea 0e 43 b5 87 e6 4e d1 ce ff 24 16 74 45 c3 e3 
01
DATA (TX callback) ACK
Received 131 bytes management frame
RX frame - hexdump(len=131): 08 41 02 01 00 09 5b 2f 13 1f 00 0d 93 83 
92 7a 00 09 5b 2f 13 1f b0 13 aa aa 03 00 00 00 88 8e 01 03 00 5f fe 03 
01 00 00 00 00 00 00 00 00 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 a0 b4 c7 5e 48 00 ff 14 28 44 45 8c 20 50 3b a4 00 00DATA
IEEE 802.1X: 99 bytes from 00:0d:93:83:92:7a
    IEEE 802.1X: version=1 type=3 length=95
wlan0: STA 00:0d:93:83:92:7a WPA: received EAPOL-Key frame (2/2 Group)
WPA: 00:0d:93:83:92:7a WPA_PTK_GROUP entering state REKEYESTABLISHED
wlan0: STA 00:0d:93:83:92:7a WPA: group key handshake completed
WPA: 00:0d:93:83:92:7a WPA_PTK_GROUP entering state IDLE

<Now I turn off the WLAN card on the notebook>
Received 26 bytes management frame
RX frame - hexdump(len=26): a0 00 3a 01 00 09 5b 2f 13 1f 00 0d 93 83 
92 7a 00 09 5b 2f 13 1f 50 16 08 00
MGMT
mgmt::disassocdisassocation: STA=00:0d:93:83:92:7a reason_code=8
wlan0: STA 00:0d:93:83:92:7a WPA: event 2 notification
WPA: 00:0d:93:83:92:7a WPA_PTK entering state DISCONNECTED
WPA: 00:0d:93:83:92:7a WPA_PTK entering state INITIALIZE
wlan0: STA 00:0d:93:83:92:7a IEEE 802.1X: unauthorizing port
wlan0: STA 00:0d:93:83:92:7a IEEE 802.11: disassociatedWireless event: 
cmd=0x8c04 len=20

<Hostapd rekeys again>
wlan0: WPA rekeying GTK
WPA: group state machine entering state SETKEYS
GMK - hexdump(len=32): cd 63 6d 45 79 0a de 9c 3f c8 45 43 29 ff 3b 22 
b4 b2 18 bd e3 79 8d 60 ee 20 27 9b 2b 86 d8 0c
GTK - hexdump(len=32): 2b 86 b2 cd 53 75 16 48 d7 ef b5 25 bd e8 7a 68 
e7 8a d1 98 a1 c9 71 5d 08 6a b1 50 92 fb 9d 2d
WPA: 00:0d:93:83:92:7a WPA_PTK_GROUP entering state REKEYNEGOTIATING
wlan0: STA 00:0d:93:83:92:7a WPA: sending 1/2 msg of Group Key 
HandshakePlaintext EAPOL-Key Key Data - hexdump(len=32): 2b 86 b2 cd 53 
75 16 48 d7 ef b5 25 bd e8 7a 68 e7 8a d1 98 a1 c9 71 5d 08 6a b1 50 92 
fb 9d 2dwlan0: STA 00:0d:93:83:92:7a WPA: PTK not valid when sending 
EAPOL-Key frame
WPA: group state machine entering state SETKEYSDONE

Why is it trying to negotiate a key with the powerbook here?????

<Finally I turn on the WLAN card on the PB>
Received 30 bytes management frameRX frame - hexdump(len=30): b0 00 3a 
01 00 09 5b 2f 13 1f 00 0d 93 83 92 7a 00 09 5b 2f 13 1f 50 03 00 00 01 
00 00 00MGMTmgmt::authauthentication: STA=00:0d:93:83:92:7a auth_alg=0 
auth_transaction=1 status_code=0 wep=0wlan0: STA 00:0d:93:83:92:7a IEEE 
802.11: authentication OK (open system)wlan0: STA 00:0d:93:83:92:7a 
WPA: event 0 notificationFailed to set encryption.authentication reply: 
STA=00:0d:93:83:92:7a auth_alg=0 auth_transaction=2 resp=0Received 30 
bytes management frameRX frame - hexdump(len=30): b2 00 02 01 00 0d 93 
83 92 7a 00 09 5b 2f 13 1f 00 09 5b 2f 13 1f 90 15 00 00 02 00 00 
00MGMT (TX callback) ACKmgmt::auth cbwlan0: STA 00:0d:93:83:92:7a IEEE 
802.11: authenticatedReceived 66 bytes management frameRX frame - 
hexdump(len=66): 00 00 3a 01 00 09 5b 2f 13 1f 00 0d 93 83 92 7a 00 09 
5b 2f 13 1f 60 03 31 04 0a 00 00 06 76 6f 72 74 65 78 01 04 82 84 0b 16 
dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 
02MGMTmgmt::assoc_reqassociation request: STA=00:0d:93:83:92:7a 
capab_info=0x431 listen_interval=10  old AID 1wlan0: STA 
00:0d:93:83:92:7a IEEE 802.11: association OK (aid 1)Received 36 bytes 
management frameRX frame - hexdump(len=36): 12 00 02 01 00 0d 93 83 92 
7a 00 09 5b 2f 13 1f 00 09 5b 2f 13 1f a0 15 11 00 00 00 01 c0 01 04 82 
84 0b 16
MGMT (TX callback) ACK
mgmt::assoc_resp cb
wlan0: STA 00:0d:93:83:92:7a IEEE 802.11: associated (aid 1)
wlan0: STA 00:0d:93:83:92:7a WPA: event 1 notification
WPA: 00:0d:93:83:92:7a WPA_PTK entering state AUTHENTICATION2
WPA: 00:0d:93:83:92:7a WPA_PTK entering state AUTHENTICATION2
WPA: 00:0d:93:83:92:7a WPA_PTK entering state INITPSK
WPA: 00:0d:93:83:92:7a WPA_PTK entering state PTKSTART
wlan0: STA 00:0d:93:83:92:7a WPA: sending 1/4 msg of 4-Way Handshake
Wireless event: cmd=0x8c03 len=20
Received 131 bytes management frame
RX frame - hexdump(len=131): 0a 02 02 01 00 0d 93 83 92 7a 00 09 5b 2f 
13 1f 00 09 5b 2f 13 1f b0 15 aa aa 03 00 00 00 88 8e 01 03 00 5f fe 00 
89 00 20 00 00 00 00 00 00 00 01 64 d7 dc 12 61 ee 35 a9 37 a3 29 3b 40 
4f 82 93 c6 d2 12 78 ce 48 44 1b 55 49 ca 3b 88 55 2c 88 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
DATA (TX callback) ACK
IEEE 802.1X: 00:0d:93:83:92:7a TX status - version=1 type=3 length=95 - 
ack=1
Received 155 bytes management frame
RX frame - hexdump(len=155): 08 01 02 01 00 09 5b 2f 13 1f 00 0d 93 83 
92 7a 00 09 5b 2f 13 1f 80 03 aa aa 03 00 00 00 88 8e 01 03 00 77 fe 01 
09 00 00 00 00 00 00 00 00 00 01 6d 29 f8 73 d5 fd 0c b6 80 33 c5 7b 6b 
63 92 11 92 db df 73 17 18 80 8b f7 d7 5d 7e bf 25 f5 e1 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 bf 67 ea ae 73 72 6c ed 8c 80 38 7f 86 c0 1b 28 00 18 dd 16 00 
50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02
DATA
IEEE 802.1X: 123 bytes from 00:0d:93:83:92:7a
    IEEE 802.1X: version=1 type=3 length=119
wlan0: STA 00:0d:93:83:92:7a WPA: received EAPOL-Key frame (2/4 
Pairwise)
WPA: 00:0d:93:83:92:7a WPA_PTK entering state PTKCALCNEGOTIATING
PMK - hexdump(len=32): 3f 7d d3 b1 1c 67 3b c3 be db 65 d4 bd 41 df ef 
d3 9a 16 e3 fa a9 44 97 32 63 c0 0e 1a bf 2a b9
PTK - hexdump(len=64): 49 ca f9 7e bc 9b 31 27 88 a1 29 40 cb 0c 51 0a 
67 f6 a1 18 db 17 39 5c f8 79 f1 24 57 5c 8e bc 8b 5a 0a 32 67 1d 11 5f 
9e 2a d9 52 a5 99 46 be 53 30 e9 de 05 09 85 99 a2 ca 3c 4d 2e bc 9d b0
WPA: 00:0d:93:83:92:7a WPA_PTK entering state PTKCALCNEGOTIATING2
WPA: 00:0d:93:83:92:7a WPA_PTK entering state PTKINITNEGOTIATING
wlan0: STA 00:0d:93:83:92:7a WPA: sending 3/4 msg of 4-Way Handshake
Received 159 bytes management frame
RX frame - hexdump(len=159): 0a 02 02 01 00 0d 93 83 92 7a 00 09 5b 2f 
13 1f 00 09 5b 2f 13 1f d0 15 aa aa 03 00 00 00 88 8e 01 03 00 7b fe 01 
c9 00 20 00 00 00 00 00 00 00 02 64 d7 dc 12 61 ee 35 a9 37 a3 29 3b 40 
4f 82 93 c6 d2 12 78 ce 48 44 1b 55 49 ca 3b 88 55 2c 88 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 5f b9 e3 07 38 b5 f0 be 2d 60 cf 4c 8a 97 fc 9b 00 1c dd 1a 00 
50 f2 01 01 00 00 50 f2 02 02 00 00 50 f2 04 00 50 f2 02 01 00 00 50 f2 
02
DATA (TX callback) ACK
IEEE 802.1X: 00:0d:93:83:92:7a TX status - version=1 type=3 length=123 
- ack=1
Received 131 bytes management frame
RX frame - hexdump(len=131): 08 01 02 01 00 09 5b 2f 13 1f 00 0d 93 83 
92 7a 00 09 5b 2f 13 1f 90 03 aa aa 03 00 00 00 88 8e 01 03 00 5f fe 01 
09 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 8e 6d 7f 2b d4 1e ea d1 a2 de a9 10 c5 b6 72 79 00 00
DATA
IEEE 802.1X: 99 bytes from 00:0d:93:83:92:7a
    IEEE 802.1X: version=1 type=3 length=95
wlan0: STA 00:0d:93:83:92:7a WPA: received EAPOL-Key frame (4/4 
Pairwise)
WPA: 00:0d:93:83:92:7a WPA_PTK entering state PTKINITDONE
wlan0: STA 00:0d:93:83:92:7a IEEE 802.1X: authorizing port
wlan0: STA 00:0d:93:83:92:7a WPA: pairwise key handshake completed

Here communication stops and the PB tells me after a few seconds that 
it wasn't able to connect.
The only way to get it working again is to kill and start hostapd.
If I use WEP on the other hand the client is able to reconnect after 
turning on the card again.


Kind regards,
Michael










More information about the HostAP mailing list