Stoped at EPAOL-Key 4/4 in wpa_supplicant 0.25 and latest Madwifi

Michael Reilly michaelr at cisco.com
Mon Nov 15 00:59:28 EST 2004


This is a well documented problem.  Atheros cards fail with madwifi and 
ndiswrapper.  They work fine with driverloader.  I have not seen an 
explanation for the problem nor any determination as to whether the problem 
is in madwifi and ndiswrapper or it is in wpa_supplicant.

Based on your message it sounds like a change made to madwifi since the 
middle of August caused the problem.  Perhaps a similar change was made to 
ndiswrapper.

michael

YenJung Chang wrote:
> Hi, list,
> 
> I had tried the wpa_supplicant 0.25 with the madwifi checked out on
> the middle of August,  the EAP-PEAP and EPA-TLS are both worked fine,
> however, the wpa_supplicant 0.25 is not worked with the latest
> madwifi, which I checked out at Nov 15; the state machine stoped after
> sended EAPOL-Key 4/4.
> 
> Following are my configure file and log, please help me.
> Any advice is appreciated.
> 
> Configure file(wpa_supplicant.conf)
> ===========================================
> ctrl_interface=/var/run/wpa_supplicant
> ctrl_interface_group=0
> eapol_version=1
> ap_scan=1
> 
>  network={
>        ssid="1200b"
>        key_mgmt=WPA-EAP
>        pairwise=CCMP TKIP
>        group=CCMP TKIP
>        eap=TLS
>        identity="spencer"
>        ca_cert="/etc/ssl/certs/netgearca.pem"
>        client_cert="/etc/ssl/certs/netgear-mycert.pem"
>        private_key="/etc/ssl/certs/netgear-mykey.pem"
>        private_key_password="Ss=1234"
>        priority=1
>  }
> 
> 
> Log
> ===========================================
> Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
> Reading configuration file '/etc/wpa_supplicant.conf'
> ctrl_interface='/var/run/wpa_supplicant'
> ctrl_interface_group=0
> eapol_version=1
> ap_scan=1
> Priority group 1
>    id=0 ssid='1200b'
> EAPOL: SUPP_PAE entering state DISCONNECTED
> EAPOL: KEY_RX entering state NO_KEY_RECEIVE
> EAPOL: SUPP_BE entering state INITIALIZE
> EAP: EAP entering state DISABLED
> EAPOL: External notification - portEnabled=0
> EAPOL: External notification - portValid=0
> wpa_driver_madwifi_set_wpa: enabled=1
> wpa_driver_madwifi_del_key: keyidx=0
> wpa_driver_madwifi_del_key: keyidx=1
> wpa_driver_madwifi_del_key: keyidx=2
> wpa_driver_madwifi_del_key: keyidx=3
> wpa_driver_madwifi_set_countermeasures: enabled=0
> wpa_driver_madwifi_set_drop_unencrypted: enabled=1
> Setting scan request: 0 sec 100000 usec
> Starting AP scan (broadcast SSID)
> RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
> RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
> Wireless event: cmd=0x8b1a len=12
> Wireless event: cmd=0x8b19 len=12
> Received 3091 bytes of scan results (15 BSSes)
> Scan results: 15
> Selecting BSS from priority group 1
> 0: 00:0f:b5:10:a5:38 ssid='davidv3' wpa_ie_len=26 rsn_ie_len=0
>    skip - SSID mismatch
> 1: 00:30:ab:99:99:9c ssid='Broadcom3-91-7-0' wpa_ie_len=0 rsn_ie_len=26
>    skip - SSID mismatch
> 2: 00:0f:b5:0f:cd:8b ssid='3119g' wpa_ie_len=24 rsn_ie_len=0
>    skip - SSID mismatch
> 3: 00:0c:85:71:6e:a8 ssid='1200b' wpa_ie_len=24 rsn_ie_len=0
>    selected
> Trying to associate with 00:0c:85:71:6e:a8 (SSID='1200b' freq=2437 MHz)
> Cancelling scan request
> WPA: using IEEE 802.11i/D3.0
> WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02
> 01 00 00 50 f2 02 01 00 00 50 f2 01
> wpa_driver_madwifi_del_key: keyidx=0
> wpa_driver_madwifi_del_key: keyidx=1
> wpa_driver_madwifi_del_key: keyidx=2
> wpa_driver_madwifi_del_key: keyidx=3
> wpa_driver_madwifi_del_key: keyidx=0
> wpa_driver_madwifi_set_drop_unencrypted: enabled=1
> wpa_driver_madwifi_associate
> Setting authentication timeout: 5 sec 0 usec
> EAPOL: External notification - portControl=Auto
> Wireless event: cmd=0x8b1a len=18
> Wireless event: cmd=0x8b15 len=20
> Wireless event: new AP: 00:0c:85:71:6e:a8
> Association event - clear replay counter
> Associated to a new BSS: BSSID=00:0c:85:71:6e:a8
> wpa_driver_madwifi_del_key: keyidx=0
> wpa_driver_madwifi_del_key: keyidx=1
> wpa_driver_madwifi_del_key: keyidx=2
> wpa_driver_madwifi_del_key: keyidx=3
> wpa_driver_madwifi_del_key: keyidx=0
> EAPOL: External notification - portValid=0
> EAPOL: External notification - portEnabled=1
> EAPOL: SUPP_PAE entering state CONNECTING
> EAPOL: txStart
> EAPOL: SUPP_BE entering state IDLE
> EAP: EAP entering state INITIALIZE
> EAP: EAP entering state IDLE
> Setting authentication timeout: 10 sec 0 usec
> RX EAPOL from 00:0c:85:71:6e:a8
> Setting authentication timeout: 70 sec 0 usec
> EAPOL: Received EAP-Packet frame
> EAPOL: SUPP_PAE entering state RESTART
> EAP: EAP entering state INITIALIZE
> EAP: EAP entering state IDLE
> EAPOL: SUPP_PAE entering state AUTHENTICATING
> EAPOL: SUPP_BE entering state REQUEST
> EAPOL: getSuppRsp
> EAP: EAP entering state RECEIVED
> EAP: Received EAP-Request method=1 id=1
> EAP: EAP entering state IDENTITY
> EAP: EAP-Request Identity data - hexdump_ascii(len=0):
> EAP: using real identity - hexdump_ascii(len=7):
>      73 70 65 6e 63 65 72                              spencer         
> EAP: EAP entering state SEND_RESPONSE
> EAP: EAP entering state IDLE
> EAPOL: SUPP_BE entering state RESPONSE
> EAPOL: txSuppRsp
> EAPOL: SUPP_BE entering state RECEIVE
> WPA: EAPOL frame too short, len 46, expecting at least 99
> RX EAPOL from 00:0c:85:71:6e:a8
> EAPOL: Received EAP-Packet frame
> EAPOL: SUPP_BE entering state REQUEST
> EAPOL: getSuppRsp
> EAP: EAP entering state RECEIVED
> EAP: Received EAP-Request method=1 id=2
> EAP: EAP entering state IDENTITY
> EAP: EAP-Request Identity data - hexdump_ascii(len=0):
> EAP: using real identity - hexdump_ascii(len=7):
>      73 70 65 6e 63 65 72                              spencer         
> EAP: EAP entering state SEND_RESPONSE
> EAP: EAP entering state IDLE
> EAPOL: SUPP_BE entering state RESPONSE
> EAPOL: txSuppRsp
> EAPOL: SUPP_BE entering state RECEIVE
> WPA: EAPOL frame too short, len 46, expecting at least 99
> RX EAPOL from 00:0c:85:71:6e:a8
> EAPOL: Received EAP-Packet frame
> EAPOL: SUPP_BE entering state REQUEST
> EAPOL: getSuppRsp
> EAP: EAP entering state RECEIVED
> EAP: Received EAP-Request method=13 id=3
> EAP: EAP entering state GET_METHOD
> SSL: Trusted root certificate(s) loaded
> EAP: EAP entering state METHOD
> EAP-TLS: Received packet(len=6) - Flags 0x20
> EAP-TLS: Start
> SSL: (where=0x10 ret=0x1)
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:before/connect initialization
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 write client hello A
> SSL: (where=0x1002 ret=0xffffffff)
> SSL: SSL_connect:error in SSLv3 read server hello A
> SSL: SSL_connect - want more data
> SSL: 100 bytes left to be sent out (of total 100 bytes)
> EAP: EAP entering state SEND_RESPONSE
> EAP: EAP entering state IDLE
> EAPOL: SUPP_BE entering state RESPONSE
> EAPOL: txSuppRsp
> EAPOL: SUPP_BE entering state RECEIVE
> WPA: EAPOL frame too short, len 46, expecting at least 99
> RX EAPOL from 00:0c:85:71:6e:a8
> EAPOL: Received EAP-Packet frame
> EAPOL: SUPP_BE entering state REQUEST
> EAPOL: getSuppRsp
> EAP: EAP entering state RECEIVED
> EAP: Received EAP-Request method=13 id=4
> EAP: EAP entering state METHOD
> EAP-TLS: Received packet(len=1396) - Flags 0xc0
> EAP-TLS: TLS Message Length: 4723
> SSL: Need 3337 bytes more input data
> SSL: Building ACK
> EAP: EAP entering state SEND_RESPONSE
> EAP: EAP entering state IDLE
> EAPOL: SUPP_BE entering state RESPONSE
> EAPOL: txSuppRsp
> EAPOL: SUPP_BE entering state RECEIVE
> IEEE 802.1X RX: version=1 type=0 length=1396
> WPA: EAPOL frame (type 0) discarded, not a Key frame
> RX EAPOL from 00:0c:85:71:6e:a8
> EAPOL: Received EAP-Packet frame
> EAPOL: SUPP_BE entering state REQUEST
> EAPOL: getSuppRsp
> EAP: EAP entering state RECEIVED
> EAP: Received EAP-Request method=13 id=5
> EAP: EAP entering state METHOD
> EAP-TLS: Received packet(len=1396) - Flags 0x40
> SSL: Need 1947 bytes more input data
> SSL: Building ACK
> EAP: EAP entering state SEND_RESPONSE
> EAP: EAP entering state IDLE
> EAPOL: SUPP_BE entering state RESPONSE
> EAPOL: txSuppRsp
> EAPOL: SUPP_BE entering state RECEIVE
> IEEE 802.1X RX: version=1 type=0 length=1396
> WPA: EAPOL frame (type 0) discarded, not a Key frame
> RX EAPOL from 00:0c:85:71:6e:a8
> EAPOL: Received EAP-Packet frame
> EAPOL: SUPP_BE entering state REQUEST
> EAPOL: getSuppRsp
> EAP: EAP entering state RECEIVED
> EAP: Received EAP-Request method=13 id=6
> EAP: EAP entering state METHOD
> EAP-TLS: Received packet(len=1396) - Flags 0x40
> SSL: Need 557 bytes more input data
> SSL: Building ACK
> EAP: EAP entering state SEND_RESPONSE
> EAP: EAP entering state IDLE
> EAPOL: SUPP_BE entering state RESPONSE
> EAPOL: txSuppRsp
> EAPOL: SUPP_BE entering state RECEIVE
> IEEE 802.1X RX: version=1 type=0 length=1396
> WPA: EAPOL frame (type 0) discarded, not a Key frame
> RX EAPOL from 00:0c:85:71:6e:a8
> EAPOL: Received EAP-Packet frame
> EAPOL: SUPP_BE entering state REQUEST
> EAPOL: getSuppRsp
> EAP: EAP entering state RECEIVED
> EAP: Received EAP-Request method=13 id=7
> EAP: EAP entering state METHOD
> EAP-TLS: Received packet(len=563) - Flags 0x00
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 read server hello A
> SSL: eap_tls_verify_cb - preverify_ok=1 err=0 (ok) depth=1
> buf='/DC=com/DC=GUI/CN=Netgear CA'
> SSL: eap_tls_verify_cb - preverify_ok=1 err=0 (ok) depth=0
> buf='/CN=dni-9j5p6pp7hnj.GUI.com'
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 read server certificate A
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 read server certificate request A
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 read server done A
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 write client certificate A
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 write client key exchange A
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 write certificate verify A
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 write change cipher spec A
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 write finished A
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 flush data
> SSL: (where=0x1002 ret=0xffffffff)
> SSL: SSL_connect:error in SSLv3 read finished A
> SSL: SSL_connect - want more data
> SSL: 2954 bytes left to be sent out (of total 2954 bytes)
> SSL: sending 1398 bytes, more fragments will follow
> EAP: EAP entering state SEND_RESPONSE
> EAP: EAP entering state IDLE
> EAPOL: SUPP_BE entering state RESPONSE
> EAPOL: txSuppRsp
> EAPOL: SUPP_BE entering state RECEIVE
> IEEE 802.1X RX: version=1 type=0 length=563
> WPA: EAPOL frame (type 0) discarded, not a Key frame
> RX EAPOL from 00:0c:85:71:6e:a8
> EAPOL: Received EAP-Packet frame
> EAPOL: SUPP_BE entering state REQUEST
> EAPOL: getSuppRsp
> EAP: EAP entering state RECEIVED
> EAP: Received EAP-Request method=13 id=8
> EAP: EAP entering state METHOD
> EAP-TLS: Received packet(len=6) - Flags 0x00
> SSL: (where=0x1002 ret=0xffffffff)
> SSL: SSL_connect:error in SSLv3 read finished A
> SSL: SSL_connect - want more data
> SSL: 1556 bytes left to be sent out (of total 2954 bytes)
> SSL: sending 1398 bytes, more fragments will follow
> EAP: EAP entering state SEND_RESPONSE
> EAP: EAP entering state IDLE
> EAPOL: SUPP_BE entering state RESPONSE
> EAPOL: txSuppRsp
> EAPOL: SUPP_BE entering state RECEIVE
> WPA: EAPOL frame too short, len 46, expecting at least 99
> RX EAPOL from 00:0c:85:71:6e:a8
> EAPOL: Received EAP-Packet frame
> EAPOL: SUPP_BE entering state REQUEST
> EAPOL: getSuppRsp
> EAP: EAP entering state RECEIVED
> EAP: Received EAP-Request method=13 id=9
> EAP: EAP entering state METHOD
> EAP-TLS: Received packet(len=6) - Flags 0x00
> SSL: (where=0x1002 ret=0xffffffff)
> SSL: SSL_connect:error in SSLv3 read finished A
> SSL: SSL_connect - want more data
> SSL: 158 bytes left to be sent out (of total 2954 bytes)
> EAP: EAP entering state SEND_RESPONSE
> EAP: EAP entering state IDLE
> EAPOL: SUPP_BE entering state RESPONSE
> EAPOL: txSuppRsp
> EAPOL: SUPP_BE entering state RECEIVE
> WPA: EAPOL frame too short, len 46, expecting at least 99
> RX EAPOL from 00:0c:85:71:6e:a8
> EAPOL: Received EAP-Packet frame
> EAPOL: SUPP_BE entering state REQUEST
> EAPOL: getSuppRsp
> EAP: EAP entering state RECEIVED
> EAP: Received EAP-Request method=13 id=10
> EAP: EAP entering state METHOD
> EAP-TLS: Received packet(len=53) - Flags 0x80
> EAP-TLS: TLS Message Length: 43
> SSL: (where=0x1001 ret=0x1)
> SSL: SSL_connect:SSLv3 read finished A
> SSL: (where=0x20 ret=0x1)
> SSL: (where=0x1002 ret=0x1)
> SSL: No data to be sent out
> EAP-TLS: Done
> EAP-TLS: Derived key - hexdump(len=64): 64 6c 4a ab 01 26 b1 2d 6f ca
> af ed 16 43 a6 b7 cf 80 61 d8 9a 80 87 93 6b 5e 89 e8 d4 aa 29 41 70
> 99 17 be 03 5a 57 53 f3 45 7e f8 1e 31 1f 17 2b 8d b7 f0 f7 62 d2 f8
> 76 1a a7 f5 c4 92 d6 fd
> SSL: Building ACK
> EAP: EAP entering state SEND_RESPONSE
> EAP: EAP entering state IDLE
> EAPOL: SUPP_BE entering state RESPONSE
> EAPOL: txSuppRsp
> EAPOL: SUPP_BE entering state RECEIVE
> WPA: EAPOL frame too short, len 57, expecting at least 99
> RX EAPOL from 00:0c:85:71:6e:a8
> EAPOL: Received EAP-Packet frame
> EAPOL: SUPP_BE entering state REQUEST
> EAPOL: getSuppRsp
> EAP: EAP entering state RECEIVED
> EAP: Received EAP-Success
> EAP: EAP entering state SUCCESS
> EAPOL: SUPP_BE entering state RECEIVE
> EAPOL: SUPP_BE entering state SUCCESS
> EAPOL: SUPP_BE entering state IDLE
> WPA: EAPOL frame too short, len 46, expecting at least 99
> RX EAPOL from 00:0c:85:71:6e:a8
> EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines
> IEEE 802.1X RX: version=1 type=3 length=95
>   EAPOL-Key type=254
> WPA: RX message 1 of 4-Way Handshake from 00:0c:85:71:6e:a8 (ver=1)
> WPA: WPA IE for msg 2/4 - hexdump(len=24): dd 16 00 50 f2 01 01 00 00
> 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01
> WPA: Renewed SNonce - hexdump(len=32): c1 69 a1 b0 c4 66 f8 ec e0 b6
> bd 00 0c 29 af 93 42 65 0c 92 95 5c 51 b7 b3 35 9c bf 7f da 28 80
> WPA: PMK from EAPOL state machines - hexdump(len=32): 64 6c 4a ab 01
> 26 b1 2d 6f ca af ed 16 43 a6 b7 cf 80 61 d8 9a 80 87 93 6b 5e 89 e8
> d4 aa 29 41
> WPA: PMK - hexdump(len=32): 64 6c 4a ab 01 26 b1 2d 6f ca af ed 16 43
> a6 b7 cf 80 61 d8 9a 80 87 93 6b 5e 89 e8 d4 aa 29 41
> WPA: PTK - hexdump(len=64): 2f a1 50 f6 97 5b 99 fb fb c2 41 55 c7 74
> b5 fe 9c da 2c 9f af e7 c7 41 fd b0 89 d9 10 7a 58 04 ff 1f 38 8a 6c
> 9b 69 45 6a a1 4c d7 f2 2e a5 f0 8c 13 24 d4 1e 9d 47 03 ce db 51 bf
> d2 63 68 43
> WPA: EAPOL-Key MIC - hexdump(len=16): 1e 36 e6 7b 29 90 e2 4c 4c 06 33
> 96 d0 ad e6 90
> WPA: Sending EAPOL-Key 2/4
> RX EAPOL from 00:0c:85:71:6e:a8
> EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines
> IEEE 802.1X RX: version=1 type=3 length=119
>   EAPOL-Key type=254
> WPA: RX message 3 of 4-Way Handshake from 00:0c:85:71:6e:a8 (ver=1)
> WPA: Sending EAPOL-Key 4/4
> WPA: Installing PTK to the driver.
> WPA: RSC - hexdump(len=6): 00 00 00 00 00 00
> wpa_driver_madwifi_set_key: alg=TKIP key_idx=0 set_tx=1 seq_len=6 key_len=32
> Wireless event: cmd=0x8b15 len=20
> Wireless event: new AP: 00:00:00:00:00:00
> Setting scan request: 0 sec 100000 usec
> EAPOL: External notification - portEnabled=0
> EAPOL: SUPP_PAE entering state DISCONNECTED
> EAPOL: SUPP_BE entering state INITIALIZE
> EAP: EAP entering state DISABLED
> EAPOL: External notification - portValid=0
> Disconnect event - remove keys
> wpa_driver_madwifi_del_key: keyidx=0
> wpa_driver_madwifi_del_key: keyidx=1
> wpa_driver_madwifi_del_key: keyidx=2
> wpa_driver_madwifi_del_key: keyidx=3
> wpa_driver_madwifi_del_key: keyidx=0
> 
> Regards,
> yj.
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap

-- 
---- ---- ----
Michael Reilly    michaelr at cisco.com
     Cisco Systems,  California



More information about the HostAP mailing list