madwifi WPA

Jouni Malinen jkmaline at cc.hut.fi
Tue Jul 6 21:31:29 EDT 2004


On Tue, Jul 06, 2004 at 03:11:27PM -0400, Derek Schuff wrote:

> I'm trying to test the madwifi driver (checked out from CVS today) with 
> wpa_supplicant (latest CVS snapshot). I'm using a Cisco CB21AG card and 
> kernel 2.4.26, using PEAP/MSCHAPv2
> 
> One thing that may make my situation unique is that I have APs with multiple 
> SSIDs (each on a different VLAN), one of which has a beaconing SSID and no 
> WEP, one of which has WEP, and another of which has WPA.

Which AP is this? Cisco 1200? Can you enable debugging for WPA in the AP
or get any kind of event log etc.?

> EAP: Received EAP-Success

OK. No problems with IEEE 802.1X/EAP authentication.

> WPA: RX message 3 of 4-Way Handshake from 00:0c:85:60:f1:f1 (ver=1)
> WPA: Sending EAPOL-Key 4/4

4-Way Handshake was successful, too.

> WPA: Installing PTK to the driver.
> WPA: RSC - hexdump(len=6): 00 00 00 00 00 00
> wpa_driver_madwifi_set_key: alg=TKIP key_idx=0 set_tx=1 seq_len=6 key_len=32

That looks correct, so after this, pairwise (unicast) keys should be
set.

> WPA: RX message 1 of Group Key Handshake from 00:0c:85:60:f1:f1 (ver=1)

Group Key message is usually encrypted, so this seems to indicate that
the pairwise keys were actually working.

> WPA: Installing GTK to the driver (keyidx=1 tx=0).
> WPA: RSC - hexdump(len=6): 00 00 00 00 00 00
> wpa_driver_madwifi_set_key: alg=TKIP key_idx=1 set_tx=0 seq_len=6 key_len=32

This looks fine, too. Broadcast key was configured to use another
key_idx and set_tx was not set.

> WPA: Sending EAPOL-Key 2/2
> WPA: Key negotiation completed with 00:0c:85:60:f1:f1
> Cancelling authentication timeout
> EAPOL: External notification - portValid=1
> EAPOL: SUPP_PAE entering state AUTHENTICATED

At this point, wpa_supplicant has completed authentication. However, the
AP might have not received (or liked) Group Key message 2/2.

> --> but immediately here I get this. Is my AP confused and restarting the 
> negotiations? or is the Radius server doing this?

> WPA: RX message 1 of Group Key Handshake from 00:0c:85:60:f1:f1 (ver=1)

This looks like a retry of the Group Key message 1/2. AP would send this
if it did not receive msg 2/2 or if it dropped it for any reason.

> WPA: RX message 1 of Group Key Handshake from 00:0c:85:60:f1:f1 (ver=1)

Another retry..

> EAPOL: External notification - portValid=1
> Wireless event: cmd=0x8b15 len=20
> Wireless event: new AP: 00:00:00:00:00:00

.. and the AP seemed to have deauthenticated the station.

Either the AP does not receive the 2/2 message from the client (e.g.,
because of decryption failing) or it does not like something in the
message. If possible, I would like to see some debug/event log
information from the AP. If not possible, I would at least need to know
which AP this was (vendor, model, firmware version).

Did I understand correctly that the same AP is actually working with
another client that is using Host AP driver? Would it be possible for
you to try the exact same wpa_supplicant version with these two drivers
to verify that the problem is indeed in the driver or driver interface
code of wpa_supplicant and not in some generic code that may have
changed during the last few weeks?

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list