WPA-PSK Message 2 MIC calculation question

Jim Howard jim at grayraven.com
Tue Mar 29 17:35:32 EST 2005


Howdy,

I'm working on my own TKIP WPA-PSK client.  I'm having trouble with message 2 of the four way handshake.

Specifcally, using Ethereal I can verify that I correctly send EAPOL start, and that I correctly parse Message 1 from the Access point to the supplicant.

I compose Message 2 according to the spec.  My routines for calculating the password hash, pairwise temporal key, and HMAC-MD5 hash produce the correct answers when using the spec test vectors.

When I send Message 2 it is ignored by the AP, and ethereal complains that it is a malformed packet.

Here is my Message 2 as captured:

=================================
No.     Time        Source                Destination           Protocol Info
     14 38.256563   172.16.1.6            D-Link_bc:28:e9       EAPOL    Key[Malformed Packet]

Frame 14 (121 bytes on wire, 121 bytes captured)
    Arrival Time: Mar 29, 2005 16:22:20.661177000
    Time delta from previous packet: 1.250820000 seconds
    Time since reference or first frame: 38.256563000 seconds
    Frame Number: 14
    Packet Length: 121 bytes
    Capture Length: 121 bytes
Ethernet II, Src: 00:02:8a:c8:33:2a, Dst: 00:0d:88:bc:28:e9
    Destination: 00:0d:88:bc:28:e9 (D-Link_bc:28:e9)
    Source: 00:02:8a:c8:33:2a (172.16.1.6)
    Type: 802.1X Authentication (0x888e)
802.1x Authentication
    Version: 1
    Type: Key (3)
    Length: 121
    Descriptor Type: EAPOL WPA key (254)
    Key Information: 0x0109
        .... .... .... .001 = Key Descriptor Version: HMAC-MD5 for MIC and RC4 for encryption (1)
        .... .... .... 1... = Key Type: Pairwise key
        .... .... ..00 .... = Key Index: 0
        .... .... .0.. .... = Install flag: Not set
        .... .... 0... .... = Key Ack flag: Not set
        .... ...1 .... .... = Key MIC flag: Set
        .... ..0. .... .... = Secure flag: Not set
        .... .0.. .... .... = Error flag: Not set
        .... 0... .... .... = Request flag: Not set
        ...0 .... .... .... = Encrypted Key Data flag: Not set
    Key Length: 32
    Replay Counter: 3
    Nonce: FCFB4B2ADC5C314394AB890413628B3D1F571880369EE664...
    Key IV: 00000000000000000000000000000000
    WPA Key RSC: 0000000000000000
    WPA Key ID: 0000000000000000
    WPA Key MIC: 5BC9C16E109AB8C9347A2156283A4396
    WPA Key Length: 26
[Malformed Packet: EAPOL]

0000  00 0d 88 bc 28 e9 00 02 8a c8 33 2a 88 8e 01 03   ....(.....3*....
0010  00 79 fe 01 09 00 20 00 00 00 00 00 00 00 03 fc   .y.... .........
0020  fb 4b 2a dc 5c 31 43 94 ab 89 04 13 62 8b 3d 1f   .K*.\1C.....b.=.
0030  57 18 80 36 9e e6 64 16 38 38 97 84 fa fa 8e 00   W..6..d.88......
0040  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0050  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5b   ...............[
0060  c9 c1 6e 10 9a b8 c9 34 7a 21 56 28 3a 43 96 00   ..n....4z!V(:C..
0070  1a dd 18 00 50 f2 01 01 00                        ....P....
======================================

I am not sure what the problem is, but I have two suspections:

1) I may not be correctly calcuting the MIC.  Specifically, am I correct in saying that:
   a)  the MIC is calculated using HMAC-MD5 ,
   and 
   b) the input to the HMAC-MD5 has function should be the  frame as shown above begining just past the destination and source address, that is starting with the ethernet verison packet:  01, 03, 00, 79..... and continuing through the end of the Information Element at the end of the packet?  

As you see, Ethereal is truncating the IE for some reason.

2)  I am returning the Information Element exactly as I receive it from the access point.  Is that correct, or should I do some kind of processing on it?

Thanks,


Jim Howard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20050329/96983fa0/attachment.htm 


More information about the HostAP mailing list