questions about WPA-PSK and EAP-PSK

joseph_chen chenifang at giga.net.tw
Fri Jan 28 05:44:16 EST 2005


I have the similar question with you.  In WPA-PSK, it indeed needs EAPOL-KEY
messages to complete four-way handshake.
However, when I set 'ieee8021x=1', it will complain "no EAP
configured......" (I know it want to me to set up RADIUS-related settings)
So , I think WPA-PSK  needs to set wpa=1 or 3 and ieee8021x=0.

In fact, I still cannot find the method to make WPA-PSK work. I find my STA
send EAPOL-start , but it cannot get the EAPOL-KEY from AP.


        Joseph



##### WPA/IEEE 802.11i configuration
##########################################

wpa=1

wpa_passphrase=secretap

wpa_key_mgmt=WPA-PSK WPA-EAP

wpa_pairwise=TKIP CCMP

wpa_group_rekey=600

wpa_gmk_rekey=86400





##### Message dump from hostapd ##########################################

madwifi_set_iface_flags: dev_up=0

Using interface ath0 with hwaddr 00:03:be:ef:ad:00 and ssid 'joseph'

madwifi_set_ieee8021x: enabled=1

madwifi_configure_wpa: group key cipher=1

madwifi_configure_wpa: pairwise key ciphers=0xa

madwifi_configure_wpa: key management algorithms=0x3

madwifi_configure_wpa: rsn capabilities=0x0

madwifi_configure_wpa: enable WPA= 0x1

madwifi_set_iface_flags: dev_up=1

madwifi_set_privacy: enabled=1

WPA: group state machine entering state GTK_INIT

GMK - hexdump(len=32): 2c aa de fa 1a 22 0b 83 95 3d 43 1e 33 96 ac e5 83

6b 98

a9 73 03 8c 00 da 8c 01 a7 60 0a 47 7e

GTK - hexdump(len=32): c7 9a 08 f0 4c e5 d0 85 e9 7e 17 bb 6e d1 b2 3e 71

b8 58

30 81 ba eb 7c d5 04 8c 71 f0 6b 8f c2

WPA: group state machine entering state SETKEYSDONE

madwifi_set_key: alg=TKIP addr=00:00:00:00:00:00 key_idx=1

Flushing old station entries

Deauthenticate all stations

l2_packet_receive - recv: Network is down

Wireless event: cmd=0x8c03 len=20

ath0: STA 00:0e:2e:00:00:00 IEEE 802.11: associated

  New STA

WPA: 00:0e:2e:00:00:00 WPA_PTK entering state INITIALIZE

madwifi_del_key: addr=00:0e:2e:00:00:00 key_idx=0

WPA: 00:0e:2e:00:00:00 WPA_PTK_GROUP entering state IDLE

WPA: 00:0e:2e:00:00:00 WPA_PTK entering state AUTHENTICATION

WPA: 00:0e:2e:00:00:00 WPA_PTK entering state AUTHENTICATION2

Wireless event: cmd=0x8c03 len=20

ath0: STA 00:0e:2e:00:00:00 IEEE 802.11: associated

madwifi_del_key: addr=00:0e:2e:00:00:00 key_idx=0

madwifi_del_key: addr=00:0e:2e:00:00:00 key_idx=0

WPA: 00:0e:2e:00:00:00 WPA_PTK entering state AUTHENTICATION2

IEEE 802.1X: 5 bytes from 00:0e:2e:00:00:00

   IEEE 802.1X: version=1 type=1 length=0

   ignoring 1 extra octets after IEEE 802.1X packet

Wireless event: cmd=0x8c03 len=20

ath0: STA 00:0e:2e:00:00:00 IEEE 802.11: associated

madwifi_del_key: addr=00:0e:2e:00:00:00 key_idx=0

madwifi_del_key: addr=00:0e:2e:00:00:00 key_idx=0

WPA: 00:0e:2e:00:00:00 WPA_PTK entering state AUTHENTICATION2

IEEE 802.1X: 5 bytes from 00:0e:2e:00:00:00

   IEEE 802.1X: version=1 type=1 length=0

   ignoring 1 extra octets after IEEE 802.1X packet

Wireless event: cmd=0x8c03 len=20











----- Original Message ----- 'From: "SHI YU-SONG-W20040"
<W20040 at motorola.com>
To: "'Manoj Verma, Noida'" <manojv at hcltech.com>; <hostap at shmoo.com>
Sent: Friday, January 28, 2005 6:08 PM
Subject: RE: questions about WPA-PSK and EAP-PSK


Noida:
  Thanks your quick help.
  How to send EAPOL-Key messages if we do not config IEEE802.1x?  I think
EAPOL-Key is a part of IEEE802.1x.

  I know the pre-shared key is the PMK, In WPA-PSK mode, need not 802.1x
authentication with server, but still need 802.1x to transfer EAPOL-Key
messages. and we still need to build eapol_sm.c and eap.c files, right?

  EAP-PSK is a method of open source wpa_supplicant. I also confused it.




-----Original Message-----
From: Manoj Verma, Noida [mailto:manojv at hcltech.com]
Sent: 2005年1月28日 17:49
To: SHI YU-SONG-W20040; hostap at shmoo.com
Subject: RE: questions about WPA-PSK and EAP-PSK


See comments below..

>-----Original Message-----
>From: hostap-bounces+manojv=noida.hcltech.com at shmoo.com [mailto:hostap-
>bounces+manojv=noida.hcltech.com at shmoo.com] On Behalf Of SHI YU-SONG-W20040
>Sent: Friday, January 28, 2005 3:10 PM
>To: hostap at shmoo.com
>Subject: questions about WPA-PSK and EAP-PSK
>
>Hi:
>   Would anyone please help to clarify the following issues, any help is
>very appreciated.
>
>    Does the WPA-PSK mode also need to config IEEE802.1x? because WPA-PSK
>also support WPA 4-Way Handshake to generating encrytion data key, by
>exchanging EAPOL-Key messages between supplicant and authenticator, right?

There are two types of Infrastructure BSS:
1. Enterprise mode: This is the place where 802.1x authentication is used.
Through 802.1x only the PMK is obtained which are used for derivation of
(PTK) - EPAOL and temporal keys. After this 4-way and Group h/s starts.


2. Personal mode: Here 802.1x is not used. Rather the Passphrase which we
set at the AP and Supplicant side, is used for the derivation of EPAOL and
temporal keys. After this 4-way and Group h/s starts which are nothing but
part of EAPOL protocol.



>    What's the difference between WPA-PSK and EAP-PSK? If I only try to
>WPA-PSK, Does I need to config EAP-PSK to include IEEE802.1x? (But in the
>README, which said that WPA-PSK mode does not require EAPOL/EAP
>implementation, I think need EAPOL-Key to support WPA 4-Way Handshake).
>

I think the above should answer this.
(Also I haven't heard of EAP-PSK).

>Best Regards
>Yusong
>
>
>
>_______________________________________________
>HostAP mailing list
>HostAP at shmoo.com
>http://lists.shmoo.com/mailman/listinfo/hostap
_______________________________________________
HostAP mailing list
HostAP at shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap




More information about the HostAP mailing list