with wpa_supplicant, only broadcast/multicast packets received, none transmitted

Sat Jun 12 00:26:20 EDT 2004

On Fri, Jun 11, 2004 at 11:22:28PM -0400, Brian J. Murrell wrote:

> I have a Fedora Core 2 system (laptop) with hostap-driver-0.2.2 and
> wpa_supplicant-0.2.2 installed.  I am simply trying to set up a wpa
> protected connection from this laptop to an SMC 7004VWBR AP.

> WPA: RX message 3 of 4-Way Handshake from 00:04:e2:b2:c9:52 (ver=1)
> WPA: Sending EAPOL-Key 4/4
> WPA: Installing PTK to the driver.
> WPA: RSC - hexdump(len=6): 00 00 00 00 00 00
> wpa_driver_hostap_set_key: alg=TKIP key_idx=0 set_tx=1 seq_len=6 key_len=32

This configured the pairwise (unicast) key. 

> RX EAPOL from 00:04:e2:b2:c9:52
> EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines
> IEEE 802.1X RX: version=1 type=3 length=127
>   EAPOL-Key type=254

This frame was actually encrypted, so the unicast decryption seems to be
working.

> WPA: RX message 1 of Group Key Handshake from 00:04:e2:b2:c9:52 (ver=1)
> WPA: Installing GTK to the driver (keyidx=2 tx=1).
> WPA: RSC - hexdump(len=6): 00 00 00 00 00 00
> wpa_driver_hostap_set_key: alg=TKIP key_idx=2 set_tx=1 seq_len=6 key_len=32

Hmm.. that set_tx=1 does not sound correct.. Group Key should not have
this set when using pairwise keys. I think wpa_supplicant ended up
configuring this key for Tx, although it should have been configured
only for Rx.

The AP should not set this bit, but likewise, the Supplicant should just
ignore it. I modified wpa_supplicant to ignore this. Please re-test with
the current CVS snapshot version or by fixing v0.2.2 with the attached
patch.

-- 
Jouni Malinen                                            PGP id EFC895FA
-------------- next part --------------
Index: wpa_supplicant/wpa.c
===================================================================
RCS file: /home/jm/cvsroot/hostap/wpa_supplicant/wpa.c,v
retrieving revision 1.34
retrieving revision 1.35
diff -u -p -r1.34 -r1.35

--- wpa_supplicant/wpa.c	6 Jun 2004 18:05:08 -0000	1.34
+++ wpa_supplicant/wpa.c	12 Jun 2004 04:23:50 -0000	1.35
@@ -1502,6 +1502,18 @@ static void wpa_supplicant_process_1_of_
 			}
 		}
 		tx = !!(key_info & WPA_KEY_INFO_TXRX);
+		if (tx && wpa_s->pairwise_cipher != WPA_CIPHER_NONE) {
+			/* Ignore Tx bit in Group Key message if a pairwise key
+			 * is used. Some APs seem to setting this bit
+			 * (incorrectly, since Tx is only when doing Group Key
+			 * only APs) and without this workaround, the data
+			 * connection does not work because wpa_supplicant
+			 * configured non-zero keyidx to be used for unicast.
+			 */
+			wpa_printf(MSG_INFO, "WPA: Tx bit set for GTK, but "
+				   "pairwise keys are used - ignore Tx bit");
+			tx = 0;
+		}
 	}
 	wpa_hexdump(MSG_DEBUG, "WPA: Group Key", gtk, keylen);
 	wpa_printf(MSG_DEBUG, "WPA: Installing GTK to the driver (keyidx=%d "
