wpa_supplicant & hermes: michael_mic failure on between 4-way and group handshakes

Tony Beville tbeville at intellidot.net
Sat Aug 27 16:15:24 EDT 2005


Hi all,

I am working with trying get the wpa_supplicant (0.4.3) working on our 
ARM (Atmel At91) system, using a Hermes-2 wireless under uClinux.  I am 
using version 7.20 of the  Agere driver and have Wireless Extensions 16 
in my kernel.

I am testing against a Enterasys RoamAbout RBT3000, and have verified 
the same wpa_supplicant version working on my Debian laptop with IPW2100.

Agere throws in an older version of the driver_hermes.c module, but it 
was fairly trivial to update it to the current driver wrapper API.

EAP seems to work great.  I was able to do EAP-LEAP authentication on my 
target against a Cisco AP and freeRADIUS server. WPA-PSK is another story.

My problem is this:  I get a Michael MIC failure after 4-Way 
handshaking, but before the Group handshake.  The client acknowledges 
this, but then ignores it, and decides that it it connected.  Inspecting 
the AP log shows countermeasures taken.  After a minute, the client 
tries to re-associate, and goes thru the same procedure, ad infinitum.  
I am new to this code, and don't know the Agere code at all, but it 
_seems_ complete.  Can anyone provide with me with some insight as to 
what might be going wrong?  (logs follow)

Thanks!

Tony Beville
tbeville at intellidot dot net

---------------------------------------------------------------
# cat /tmp/conf.1
ap_scan=1
network={
       ssid="RoamAbout0"
       key_mgmt=WPA-PSK
       pairwise=TKIP
       psk="mysecretpassphrase"
}




# /tmp/wpa_supplicant -ieth0 -Dhermes -c/tmp/conf.1 -dd

# Initializing interface 'eth0' conf '/tmp/conf.1' driver 'hermes'
Configuration file '/tmp/conf.1' -> '/tmp/conf.1'
Reading configuration file '/tmp/conf.1'
ap_scan=1
Line: 2 - start of a new network block
ssid - hexdump_ascii(len=10):
    52 6f 61 6d 41 62 6f 75 74 30                     RoamAbout0
key_mgmt: 0x2
pairwise: 0x8
PSK (ASCII passphrase) - hexdump_ascii(len=11): [REMOVED]
PSK (from passphrase) - hexdump(len=32): [REMOVED]
Line 9: removed CCMP from group cipher list since it was not allowed for 
pairwise cipher
Priority group 0
  id=0 ssid='RoamAbout0'
Initializing interface (2) 'eth0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
ioctl[SIOCSIWPMKSA]: Operation not supported
Own MAC address: 00:0d:c2:00:02:46
wpa_driver_hermes_set_wpa: enabled=1
PRI CompID  : 31
PRI Variant : 3
PRI Version : 2.26
Found Hermes-2
wpa_driver_hermes_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_hermes_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_hermes_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_hermes_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_hermes_set_countermeasures: enabled=0
wpa_driver_hermes_set_drop_unencrypted: enabled=1
Setting scan request: 0 sec 100000 usec
Wireless event: cmd=0x8b06 len=8
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:0f:24:9e:99:a0
State: SCANNING -> ASSOCIATED
Associated to a new BSS: BSSID=00:0f:24:9e:99:a0
No keys have been configured - skip key clearing
No network configuration found for the current AP
State: ASSOCIATED -> DISCONNECTED
wpa_driver_hermes_disassociate
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Wireless event: cmd=0x8b19 len=12
Received 4096 bytes of scan results (6 BSSes)
Scan results: 6
Selecting BSS from priority group 0
0: 00:0c:41:42:53:74 ssid='3dot' wpa_ie_len=24 rsn_ie_len=0 caps=0x11
  skip - SSID mismatch
1: 00:01:f4:7a:f0:4b ssid='RoamAbout0' wpa_ie_len=26 rsn_ie_len=0 caps=0x11
  selected
Trying to associate with 00:01:f4:7a:f0:4b (SSID='RoamAbout0' freq=0 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
WPA: using IEEE 802.11i/D3.0
WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2
WPA: set AP WPA IE - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 f2 
02 01 00 00 50 f2 02 01 00 00 50 f2 02 00 00
WPA: clearing AP RSN IE
WPA: using GTK TKIP
WPA: using PTK TKIP
WPA: using KEY_MGMT WPA-PSK
WPA: Set own WPA IE default - hexdump(len=24): dd 16 00 50 f2 01 01 00 
00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02
No keys have been configured - skip key clearing
wpa_driver_hermes_set_drop_unencrypted: enabled=1
State: DISCONNECTED -> ASSOCIATING
wpa_driver_hermes_associate
ioctl[SIOCSIWAP]: Operation not supported
Association request to the driver failed
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - EAP success=0
EAPOL: External notification - EAP fail=0
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b04 len=12
Wireless event: cmd=0x8b1a len=22
Wireless event: cmd=0x8c02 len=82
Custom wireless event: 
'ASSOCINFO(ReqIEs=dd180050f20101000050f20201000050f20201000050f2020000)'
Association info event
req_ies - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 f2 02 01 00 00 
50 f2 02 01 00 00 50 f2 02 00 00
resp_ies - hexdump(len=0):
WPA: set own WPA/RSN IE - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 
f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 00 00
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:01:f4:7a:f0:4b
State: ASSOCIATING -> ASSOCIATED
Associated to a new BSS: BSSID=00:01:f4:7a:f0:4b
No keys have been configured - skip key clearing
Associated with 00:01:f4:7a:f0:4b
WPA: Association event - clear replay counter
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - EAP success=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
WPA: drop TX EAPOL in non-IEEE 802.1X mode (type=1 len=0)
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RX EAPOL from 00:01:f4:7a:f0:4b
RX EAPOL - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 
00 00 a5 a9 ea df 71 98 b9 28 25 60 8e 8d 40 82 23 7c 09 d2 9d0
Setting authentication timeout: 10 sec 0 usec
IEEE 802.1X RX: version=1 type=3 length=95
 EAPOL-Key type=254
WPA: RX EAPOL-Key - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00 
00 00 00 00 00 a5 a9 ea df 71 98 b9 28 25 60 8e 8d 40 82 23 7c0
State: ASSOCIATED -> 4WAY_HANDSHAKE
WPA: RX message 1 of 4-Way Handshake from 00:01:f4:7a:f0:4b (ver=1)
WPA: WPA IE for msg 2/4 - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 
f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 00 00
WPA: Renewed SNonce - hexdump(len=32): d0 55 de 94 7d e6 d1 f5 79 a5 29 
54 db a0 15 6d dd e7 ea fa 39 fb 9e fe e8 45 81 a1 c9 da d3 32
WPA: PMK - hexdump(len=32): [REMOVED]
WPA: PTK - hexdump(len=64): [REMOVED]
WPA: Sending EAPOL-Key 2/4
WPA: TX EAPOL-Key - hexdump(len=139): 00 01 f4 7a f0 4b 00 0d c2 00 02 
46 88 8e 01 03 00 79 fe 01 09 00 20 00 00 00 00 00 00 00 00 d0 50
RX EAPOL from 00:01:f4:7a:f0:4b
RX EAPOL - hexdump(len=125): 01 03 00 79 fe 01 c9 00 20 00 00 00 00 00 
00 00 01 a5 a9 ea df 71 98 b9 28 25 60 8e 8d 40 82 23 7c 09 d2 90
IEEE 802.1X RX: version=1 type=3 length=121
 EAPOL-Key type=254
WPA: RX EAPOL-Key - hexdump(len=125): 01 03 00 79 fe 01 c9 00 20 00 00 
00 00 00 00 00 01 a5 a9 ea df 71 98 b9 28 25 60 8e 8d 40 82 23 70
State: 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE
WPA: RX message 3 of 4-Way Handshake from 00:01:f4:7a:f0:4b (ver=1)
WPA: IE KeyData - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 f2 02 
01 00 00 50 f2 02 01 00 00 50 f2 02 00 00
WPA: Sending EAPOL-Key 4/4
WPA: TX EAPOL-Key - hexdump(len=113): 00 01 f4 7a f0 4b 00 0d c2 00 02 
46 88 8e 01 03 00 5f fe 01 09 00 20 00 00 00 00 00 00 00 01 00 00
WPA: Installing PTK to the driver.
WPA: RSC - hexdump(len=6): 00 00 00 00 00 00
wpa_driver_hermes_set_key: alg=TKIP key_idx=0 set_tx=1 seq_len=6 key_len=32
State: 4WAY_HANDSHAKE -> GROUP_HANDSHAKE
Wireless event: cmd=0x8c02 len=85
Custom wireless event: 'MLME-MICHAELMICFAILURE.indication(keyid=0 
unicast addr=00:01:F4:7A:F0:4B)'
Michael MIC failure detected
WPA: Sending EAPOL-Key Request (error=1 pairwise=1 ptk_set=1 len=113)
WPA: TX EAPOL-Key - hexdump(len=113): 00 01 f4 7a f0 4b 00 0d c2 00 02 
46 88 8e 01 03 00 5f fe 0d 09 00 00 00 00 00 00 00 00 00 00 00 00
RX EAPOL from 00:01:f4:7a:f0:4b
RX EAPOL - hexdump(len=131): 01 03 00 7f fe 03 91 00 20 00 00 00 00 00 
00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06
IEEE 802.1X RX: version=1 type=3 length=127
 EAPOL-Key type=254
WPA: RX EAPOL-Key - hexdump(len=131): 01 03 00 7f fe 03 91 00 20 00 00 
00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06
State: GROUP_HANDSHAKE -> GROUP_HANDSHAKE
WPA: RX message 1 of Group Key Handshake from 00:01:f4:7a:f0:4b (ver=1)
WPA: Group Key - hexdump(len=32): [REMOVED]
WPA: Installing GTK to the driver (keyidx=1 tx=0).
WPA: RSC - hexdump(len=6): 00 00 00 00 00 00
wpa_driver_hermes_set_key: alg=TKIP key_idx=1 set_tx=0 seq_len=6 key_len=32
WPA: Sending EAPOL-Key 2/2
WPA: TX EAPOL-Key - hexdump(len=113): 00 01 f4 7a f0 4b 00 0d c2 00 02 
46 88 8e 01 03 00 5f fe 03 11 00 20 00 00 00 00 00 00 00 02 00 00
WPA: Key negotiation completed with 00:01:f4:7a:f0:4b [PTK=TKIP GTK=TKIP]
Cancelling authentication timeout
State: GROUP_HANDSHAKE -> COMPLETED
CTRL-EVENT-CONNECTED - Connection to 00:01:f4:7a:f0:4b completed (auth)
EAPOL: External notification - portValid=1
EAPOL: External notification - EAP success=1
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_PAE entering state AUTHENTICATED
EAPOL: SUPP_BE entering state IDLE
{{After a minute, things repaeat....}}






More information about the HostAP mailing list