wpa_supplicant WPA-PSK pairwise OK, group fails

Dimitris Kogias dimitris at gmail.com
Tue May 17 12:13:03 EDT 2005


[resend, caught in list problems]

Hi everyone,

My setup:
Debian unstable distro.
Kernel 2.6.11.9 from kernel.org, all crypto modules built.
ipw2200 1.0.3
wpa_supplicant 0.4.0 (debian unstable package).
D-Link DWL-900AP+ access point configured for WPA-PSK.

wpa_supplicant.conf:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1
network={
        ssid="DLinkSucksAss"
        proto=WPA
        key_mgmt=WPA-PSK
        pairwise=CCMP TKIP
        group=CCMP TKIP WEP104 WEP40
        psk="my key"
        priority=2
}


Here's the first part of the wpa_supplicant run:



d at 0x19:/etc$ sudo wpa_supplicant -dd -ieth1 -Dipw -cwpa_supplicant.conf
Initializing interface 'eth1' conf 'wpa_supplicant.conf' driver 'ipw'
Configuration file 'wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1
Line: 23 - start of a new network block
ssid - hexdump_ascii(len=13):
     44 4c 69 6e 6b 53 75 63 6b 73 41 73 73            DLinkSucksAss
proto: 0x1
key_mgmt: 0x2
pairwise: 0x18
group: 0x1e
PSK (ASCII passphrase) - hexdump_ascii(len=24): [REMOVED]
priority=2 (0x2)
PSK (from passphrase) - hexdump(len=32): [REMOVED]
Priority group 2
   id=0 ssid='DLinkSucksAss'
Initializing interface (2) 'eth1'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_ipw_init is called
ioctl[SIOCSIWPMKSA]: Operation not supported
Own MAC address: 00:12:f0:13:51:dc
wpa_driver_ipw_set_wpa: enabled=1
wpa_driver_ipw_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_ipw_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_ipw_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_ipw_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_ipw_set_countermeasures: enabled=0
wpa_driver_ipw_set_drop_unencrypted: enabled=1
Setting scan request: 0 sec 100000 usec
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Scan timeout - try to get results
Received 1220 bytes of scan results (6 BSSes)
Scan results: 6
Selecting BSS from priority group 2
0: 00:40:05:5b:3f:34 ssid='DLinkSucksAss' wpa_ie_len=26 rsn_ie_len=0
caps=0x11
   selected
Trying to associate with 00:40:05:5b:3f:34 (SSID='DLinkSucksAss' freq=0 MHz)
Cancelling scan request
Automatic auth_alg selection: 0x1
wpa_driver_ipw_set_auth_alg: auth_alg=0x1
WPA: using IEEE 802.11i/D3.0
WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2
WPA: using GTK TKIP
WPA: using PTK TKIP
WPA: using KEY_MGMT WPA-PSK
WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02
01 00 00 50 f2 02 01 00 00 50 f2 02
No keys have been configured - skip key clearing
wpa_driver_ipw_set_drop_unencrypted: enabled=1
State: SCANNING -> ASSOCIATING
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - EAP success=0
EAPOL: External notification - EAP fail=0
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b1a len=26
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:40:05:5b:3f:34
State: ASSOCIATING -> ASSOCIATED
Association event - clear replay counter
Associated to a new BSS: BSSID=00:40:05:5b:3f:34
No keys have been configured - skip key clearing
Associated with 00:40:05:5b:3f:34
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - EAP success=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
WPA: drop TX EAPOL in non-IEEE 802.1X mode (type=1 len=0)
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
RX EAPOL from 00:40:05:5b:3f:34
RX EAPOL - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00 00 00 00
00 01 ee 60 69 b3 aa 3d 1b a6 7e 3c 14 3d 31 7f ce 23 61 25 07 42 63 8e
9e c9 8b 4c 55 f1 cd 59 32 b9 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
Setting authentication timeout: 10 sec 0 usec
IEEE 802.1X RX: version=1 type=3 length=95
  EAPOL-Key type=254
WPA: RX EAPOL-Key - hexdump(len=99): 01 03 00 5f fe 00 89 00 20 00 00 00
00 00 00 00 01 ee 60 69 b3 aa 3d 1b a6 7e 3c 14 3d 31 7f ce 23 61 25 07
42 63 8e 9e c9 8b 4c 55 f1 cd 59 32 b9 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
State: ASSOCIATED -> 4WAY_HANDSHAKE
WPA: RX message 1 of 4-Way Handshake from 00:40:05:5b:3f:34 (ver=1)
WPA: Renewed SNonce - hexdump(len=32): 79 15 aa 14 d9 21 81 31 f0 e3 2e
83 b4 04 fb 07 ba 1e fb 6f 07 f8 4f fc f8 3b 04 0b 3c d2 96 c1
WPA: PMK - hexdump(len=32): [REMOVED]
WPA: PTK - hexdump(len=64): [REMOVED]
WPA: Sending EAPOL-Key 2/4
WPA: TX EAPOL-Key - hexdump(len=137): 00 40 05 5b 3f 34 00 12 f0 13 51
dc 88 8e 01 03 00 77 fe 01 09 00 20 00 00 00 00 00 00 00 01 79 15 aa 14
d9 21 81 31 f0 e3 2e 83 b4 04 fb 07 ba 1e fb 6f 07 f8 4f fc f8 3b 04 0b
3c d2 96 c1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 f0 dc 16 c4 5a fb cf 02 b1 74 17 0a
7c 21 4d 3a 00 18 dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02
01 00 00 50 f2 02
RX EAPOL from 00:40:05:5b:3f:34
RX EAPOL - hexdump(len=125): 01 03 00 79 fe 01 c9 00 20 00 00 00 00 00
00 00 02 ee 60 69 b3 aa 3d 1b a6 7e 3c 14 3d 31 7f ce 23 61 25 07 42 63
8e 9e c9 8b 4c 55 f1 cd 59 32 b9 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f2 bd ae 3f e5
bd 21 23 f0 2f 7b c8 e2 7f 2e ac 00 1a dd 18 00 50 f2 01 01 00 00 50 f2
02 01 00 00 50 f2 02 01 00 00 50 f2 02 00 00
IEEE 802.1X RX: version=1 type=3 length=121
  EAPOL-Key type=254
WPA: RX EAPOL-Key - hexdump(len=125): 01 03 00 79 fe 01 c9 00 20 00 00
00 00 00 00 00 02 ee 60 69 b3 aa 3d 1b a6 7e 3c 14 3d 31 7f ce 23 61 25
07 42 63 8e 9e c9 8b 4c 55 f1 cd 59 32 b9 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f2 bd
ae 3f e5 bd 21 23 f0 2f 7b c8 e2 7f 2e ac 00 1a dd 18 00 50 f2 01 01 00
00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 02 00 00
State: 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE
WPA: RX message 3 of 4-Way Handshake from 00:40:05:5b:3f:34 (ver=1)
WPA: IE KeyData - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 f2 02
01 00 00 50 f2 02 01 00 00 50 f2 02 00 00
WPA: Sending EAPOL-Key 4/4
WPA: TX EAPOL-Key - hexdump(len=113): 00 40 05 5b 3f 34 00 12 f0 13 51
dc 88 8e 01 03 00 5f fe 01 09 00 20 00 00 00 00 00 00 00 02 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 5e 25 b0 29 92 15 42 d2 ca 7c f5 85
88 20 ec d4 00 00
WPA: Installing PTK to the driver.
WPA: RSC - hexdump(len=6): 00 00 00 00 00 00
wpa_driver_ipw_set_key: alg=TKIP key_idx=0 set_tx=1 seq_len=6 key_len=32
State: 4WAY_HANDSHAKE -> GROUP_HANDSHAKE



At this point, I can ping other hosts on the WLAN (static IP, have
already ifconfig'd the interface and set default route).  However,
wpa_supplicant continues with:



Authentication with 00:40:05:5b:3f:34 timed out.
Added BSSID 00:40:05:5b:3f:34 into blacklist
State: GROUP_HANDSHAKE -> DISCONNECTED
wpa_driver_ipw_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_ipw_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_ipw_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_ipw_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_ipw_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
Setting scan request: 0 sec 0 usec
State: DISCONNECTED -> SCANNING



And it keeps cycling for ever until Ctrl-C.

For the few seconds that, I presume, wpa_supplicant is trying to set up
the group keying, I have connectivity to the WLAN.  Also, the AP's log
says that my station has connected and authenticated successfully - I
suppose that reflects the end of the pairwise key setup.

While all of the above is going on, I see this in the kernel logs:

May 15 18:50:18 0x19 kernel: TKIP: replay detected:
STA=00:40:05:5b:3f:34 previous TSC 000000000000 received TSC 000000000000


Any ideas?

Thanks,

Dimitris.




More information about the HostAP mailing list