Problem setting keys with ndiswrapper after authentication?

Romano Giannetti romanol at upco.es
Fri Nov 26 04:16:21 EST 2004


Hi. I have a problem with wpa_supplicant that is driving me crazy; I think
that I am very near to the success but I am blocked by this last problem. If
I manage to solve this up, I *promise* I'll wrote a little HOWTO... (bribing
mode...)

Well. I have ndiswrapper installed (last version, 0.12rc3), with a realtek
ndis5 driver version 173. 

First of all, I set essid manually (no way to obtain this in scan mode, so I
disabled it) and "up" the interface 

Script started on Wed 24 Nov 2004 12:33:37 PM CET
[root at rukbat wifi]# iwconfig wlan0 mode managed essid upco_wlan key 0 open
[root at rukbat wifi]# iwconfig wlan0 && ifconfig wlan0
wlan0     IEEE 802.11b  ESSID:"upco_wlan"  
          Mode:Managed  Frequency:2.427GHz  Access Point: 00:11:5C:77:82:40  
          Bit Rate:11Mb/s   Tx-Power:20 dBm   Sensitivity=0/3  
          RTS thr:2432 B   Fragment thr:2432 B   
          Encryption key:00   Security mode:open
          Power Management:off
          Link Quality:100/100  Signal level:-59 dBm  Noise level:-256 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

wlan0     Link encap:Ethernet  HWaddr 00:0B:9D:00:B2:6E  
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:2 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:120 (120.0 b)  TX bytes:0 (0.0 b)
          Interrupt:9 Memory:10800000-108000ff 

The configuration file is here (password deleted)

          
[root at rukbat wifi]# cat /etc/wpa_supplicant.conf | egrep -v "^#"

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=0
network={
        ssid="upco_wlan"
	key_mgmt=IEEE8021X
 	eap=PEAP
	identity="romano at upcont.es"
	password="-------"
	phase2="auth=MSCHAPV2"
	priority=1
}

Then I start wpa_supplicant --- a version with a little modification; I added 

        fprintf(stderr, "key data: key_idx=%d set_tx=%d\n", key_idx, set_tx);

        fprintf(stderr, "trying to set key...\n");
	if ((a=iw_set_ext(ifname, WPA_SET_KEY, &priv_req)) < 0)
		ret = -1;
        fprintf(stderr, "result of iw_set_ext, RESULT %d\n", a);
        
in wpa_ndiswrapper_set_key(), obtaining (I will comment with a leading *****
the logs, so that you can skip this rapidly...) 

[root at rukbat wifi]# ./wpa_supplicant-0.2.5/wpa_supplicant -Dndiswrapper \
   -iwlan0  -c/etc/wpa_supplicant.conf -dd
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=0
eapol_version=1
ap_scan=0
Line: 191 - start of a new network block
SSID - hexdump_ascii(len=9):
     75 70 63 6f 5f 77 6c 61 6e                        upco_wlan       
key_mgmt: 0x8
eap methods - hexdump(len=2): 19 00
identity - hexdump_ascii(len=16):
     72 6f 6d 61 6e 6f 40 75 70 63 6f 6e 74 2e 65 73   romano at upcont.es
password - hexdump_ascii(len=9):

*****     [removed]

phase2=auth=MSCHAPV2
priority=1
Priority group 1
   id=0 ssid='upco_wlan'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
key data: key_idx=0 set_tx=0
trying to set key...
result of iw_set_ext, RESULT 0
key data: key_idx=1 set_tx=0
trying to set key...
result of iw_set_ext, RESULT 0
key data: key_idx=2 set_tx=0
trying to set key...
result of iw_set_ext, RESULT 0
key data: key_idx=3 set_tx=0
trying to set key...
result of iw_set_ext, RESULT 0

***** setting keys seems to work...

Setting scan request: 0 sec 100000 usec
Already associated with a configured network - generating associated event
Association event - clear replay counter
Associated to a new BSS: BSSID=00:11:5c:6b:8f:20

***** [more successfull setting keys removed] 

Network configuration found for the current AP
EAPOL: External notification - portControl=Auto
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING

***** [lot of handshaking removed, available on request]

EAP: EAP entering state METHOD
EAP-PEAP: Received packet(len=75) - Flags 0x01
EAP-PEAP: received 69 bytes encrypted data for Phase 2
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=32): 01 e9 00 20 1a 01 e9 00 1b 10 5b 0c 40 a0 d7 0b 7c 83 94 fa 20 81 8a 4a 18 f6 45 4f 4c 49 4f 4e
EAP-PEAP: received Phase 2: code=1 identifier=233 length=32
EAP-PEAP: Phase 2 Request: type=26
EAP-PEAP: Phase 2 EAP packet
EAP-MSCHAPV2: Received challenge
EAP-MSCHAPV2: Authentication Servername - hexdump_ascii(len=6):
     45 4f 4c 49 4f 4e                                 EOLION          
EAP-MSCHAPV2: Generating Challenge Response
EAP-MSCHAPV2: auth_challenge - hexdump(len=16): 5b 0c 40 a0 d7 0b 7c 83 94 fa 20 81 8a 4a 18 f6
EAP-MSCHAPV2: peer_challenge - hexdump(len=16): 96 8f 28 d6 ef 19 6d eb 33 57 1b 75 3c 78 00 80
EAP-MSCHAPV2: username - hexdump_ascii(len=16):
     72 6f 6d 61 6e 6f 40 75 70 63 6f 6e 74 2e 65 73   romano at upcont.es
EAP-MSCHAPV2: password - hexdump_ascii(len=9):

***** removed password 

EAP-MSCHAPV2: response - hexdump(len=24): 75 78 05 02 b9 b5 aa b7 b7 d1 18 47 47 db 50 6e 75 e8 06 a7 ad 01 6a 5e
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=75): 02 e9 00 4b 1a 02 e9 00 46 31 96 8f 28 d6 ef 19 6d eb 33 57 1b 75 3c 78 00 80 00 00 00 00 00 00 00 00 75 78 05 02 b9 b5 aa b7 b7 d1 18 47 47 db 50 6e 75 e8 06 a7 ad 01 6a 5e 00 72 6f 6d 61 6e 6f 40 75 70 63 6f 6e 74 2e 65 73
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=162): 00 11 5c 6b 8f 20 00 0b 9d 00 b2 6e 88 8e 01 00 00 90 02 e9 00 90 19 01 17 03 01 00 20 66 ca c7 76 8d 99 00 9f 94 2e 61 0e 3b 50 50 db 98 40 e3 f8 e3 41 7a ed 90 35 8a f3 2c 05 f6 cf 17 03 01 00 60 8e 9c 7d e3 3f 50 8c a5 79 51 c8 d3 a3 3f 9e 6b 5b 13 b8 d8 49 d4 e8 37 cd f1 58 aa 61 31 5d 97 12 65 c0 d0 e5 27 84 1e fb 58 ab fb ac 9e da 42 53 a4 eb 54 f4 4f 03 fd 73 0a 16 24 b8 1d c3 c4 98 79 ce 3a 24 7d 8b cf dc ca 71 79 26 a0 fc a9 cd 66 27 bd f1 f3 a9 3f 14 30 de d8 3e ce a2 b4
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 79, expecting at least 99
RX EAPOL from 00:11:5c:6b:8f:20
RX EAPOL - hexdump(len=95): 01 00 00 5b 01 ea 00 5b 19 01 17 03 01 00 50 e5 18 7f b5 b3 45 69 12 f5 f4 32 bc f3 ea 9f 8a 39 6f 85 77 58 eb 65 21 e9 5a b4 f2 87 7c 21 86 a4 6d e3 db b3 16 a8 c7 ab ac 00 55 17 5c cf 0b 04 16 2d 7a 81 81 83 a6 48 59 41 ab 09 89 ec 62 36 9d 0e 6d c0 f0 60 44 83 a3 af d2 03 82 4c 7a
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=25 id=234
EAP: EAP entering state METHOD
EAP-PEAP: Received packet(len=91) - Flags 0x01
EAP-PEAP: received 85 bytes encrypted data for Phase 2
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=51): 01 ea 00 33 1a 03 e9 00 2e 53 3d 33 31 42 44 42 32 38 37 38 42 37 44 42 34 35 42 39 35 30 42 30 32 34 43 30 38 35 41 34 45 38 45 46 35 35 33 38 46 42 35
EAP-PEAP: received Phase 2: code=1 identifier=234 length=51
EAP-PEAP: Phase 2 Request: type=26
EAP-PEAP: Phase 2 EAP packet
EAP-MSCHAPV2: Received success
EAP-MSCHAPV2: Success message - hexdump(len=0):
EAP-MSCHAPV2: Authentication succeeded

***** So it's all ok, or not? It seems to authenticate correctly!

EAP-PEAP: Encrypting Phase 2 data - hexdump(len=6): 02 ea 00 06 1a 03
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=98): 00 11 5c 6b 8f 20 00 0b 9d 00 b2 6e 88 8e 01 00 00 50 02 ea 00 50 19 01 17 03 01 00 20 c3 bb f6 20 a1 fd c5 0f 3c 9e 6c 68 d5 40 d7 c1 f0 88 7e 58 09 b1 86 c1 f7 b2 35 50 c5 48 aa 10 17 03 01 00 20 e2 cc ff 70 6e d8 0a c1 0d 7f bb cc 85 8b 59 0e 10 15 11 1f 90 c3 00 82 1f 7f 19 e7 21 2b cb 05
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 95, expecting at least 99
RX EAPOL from 00:11:5c:6b:8f:20
RX EAPOL - hexdump(len=47): 01 00 00 2b 01 eb 00 2b 19 01 17 03 01 00 20 5a 58 1d 70 85 74 29 f1 01 dd 7e ff 85 57 0b a3 b7 8e 3f 2f d2 8d ae 01 70 83 0c 41 c0 a0 bc c6
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=25 id=235
EAP: EAP entering state METHOD
EAP-PEAP: Received packet(len=43) - Flags 0x01
EAP-PEAP: received 37 bytes encrypted data for Phase 2
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=11): 01 eb 00 0b 21 80 03 00 02 00 01
EAP-PEAP: received Phase 2: code=1 identifier=235 length=11
EAP-PEAP: Phase 2 Request: type=33
EAP-PEAP: Received TLVs - hexdump(len=6): 80 03 00 02 00 01
EAP-PEAP: Result TLV - hexdump(len=2): 00 01
EAP-PEAP: TLV Result - Success - EAP-PEAP/Phase2 Completed
EAP-PEAP: Encrypting Phase 2 data - hexdump(len=11): 02 eb 00 0b 21 80 03 00 02 00 01
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=98): 00 11 5c 6b 8f 20 00 0b 9d 00 b2 6e 88 8e 01 00 00 50 02 eb 00 50 19 01 17 03 01 00 20 fa 25 f6 15 40 74 62 d2 6b 8f e8 8c e2 0d 39 ed 74 09 01 52 14 34 73 5f 9d 2b 8c 9e af 61 37 03 17 03 01 00 20 70 9d 4a f4 a1 8d e9 be ac 8c 9b 19 a1 a6 83 37 0f 4c 19 6d 65 cb 1b 89 1b f5 ee 59 31 24 54 b2
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 47, expecting at least 99
RX EAPOL from 00:11:5c:6b:8f:20
RX EAPOL - hexdump(len=46): 01 00 00 04 03 eb 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: EAP entering state SUCCESS
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
WPA: EAPOL frame too short, len 46, expecting at least 99
RX EAPOL from 00:11:5c:6b:8f:20
RX EAPOL - hexdump(len=61): 01 03 00 39 01 00 0d 00 00 41 a4 71 e1 00 09 98 e7 2e ff e2 83 9c a2 06 11 7e 1d 41 0d 8b c3 00 bf 80 38 ee c6 55 e9 c1 cb 9c c4 81 7b 97 14 ec 30 9e f6 36 4a aa c0 88 a6 95 36 38 7b
EAPOL: Received EAPOL-Key frame
EAPOL: KEY_RX entering state KEY_RECEIVE
EAPOL: processKey
EAPOL: RX IEEE 802.1X ver=1 type=3 len=57 EAPOL-Key: type=1 key_length=13 key_index=0x0
EAPOL: EAPOL-Key key signature verified
EAPOL: Decrypted(RC4) key - hexdump(len=13): 13 ab d7 39 ef 08 e0 bc 63 a7 d1 a8 b9
EAPOL: Setting dynamic WEP key: broadcast keyidx 0 len 13
key data: key_idx=0 set_tx=0
trying to set key...
result of iw_set_ext, RESULT -1

***** HERE is the fault!!!

EAPOL: Failed to set WEP key to the  driver.
WPA: EAPOL frame too short, len 61, expecting at least 99
EAPOL: Port Timers tick - authWhile=29 heldWhile=0 startWhen=29 idleWhile=59
EAPOL: Port Timers tick - authWhile=28 heldWhile=0 startWhen=28 idleWhile=58
EAPOL: Port Timers tick - authWhile=27 heldWhile=0 startWhen=27 idleWhile=57
Signal 2 received - terminating
***** [more successfull setting keys removed] 
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0


Well, if anyone can help me on this, me and the whole (little but growing)
linux community at my University will forever ever be grateful. 

Thank you very much, 	
                        Romano 


-- 
Romano Giannetti             -  Univ. Pontificia Comillas (Madrid, Spain)
Electronic Engineer - phone +34 915 422 800 ext 2416  fax +34 915 596 569



More information about the HostAP mailing list