CVS: WPA/WPA2 WPA-PSK/TLS TKIP/CCMP: EAPOL-Key timeout s in 1/4 msg of 4-Way Handshake: win+linux clients, madwifi with WG311T, DWL-G650

thomas schorpp t.schorpp at gmx.de
Thu May 19 03:15:32 EDT 2005


Jouni Malinen wrote:
> On Thu, May 19, 2005 at 04:09:33AM +0200, thomas schorpp wrote:
> 
> 
>>softwares: hostapd 0.3.6...CVS, client: dlink supplicant on win98 or
>>wpasupplicant 0.3.8-1 debian on linux, madwifi cvs on both.
> 
> 
> Which version of madwifi cvs are you using? The CVS trunk does not seem
> to work with hostapd, but I was able to use the snapshot version from
> 'BSD' branch with hostapd couple of weeks ago.
> 

yes, verified, authentication to hostapd with wpa-psk set in supplicant
on clientis possible with madwifi bsd branch now :)

but one stone left with wpa-eap, see below.

nice thanks.

BTW:

1. compile madwifi with make (install) KERNELRELEASE=2.6.x-m-nnn on
debian with debian distri kernels, or the modules get outside the
lib/modules tree in 2.6.x... enhancement in makefile needed.

2. debugged "Hostapd segmentation fault". dont forget to setup madwifi
in .config correctly before build or hostapd will access driver
"default" at startup instead of madwifi, leading to access violation due
to invalid pointer... sorry, lost the gdb output.


hostapd log on eap-tls auth: (breaks on ath0: STA 00:0f:3d:86:fd:ab WPA:
sending 3/4 msg of 4-Way Handshake) :

tom3:~# /usr/local/bin/hostapd /etc/hostapd/hostapd.conf
Configuration file: /etc/hostapd/hostapd.conf
Using interface ath0 with hwaddr 00:0f:b5:63:e0:f2 and ssid 'madwifi'
madwifi_configure_wpa: group key cipher=3
madwifi_configure_wpa: pairwise key ciphers=0x8
madwifi_configure_wpa: key management algorithms=0x1
madwifi_configure_wpa: rsn capabilities=0x0
madwifi_configure_wpa: enable WPA= 0x2
madwifi_set_privacy: enabled=1
WPA: group state machine entering state GTK_INIT
GMK - hexdump(len=32): 71 f2 9b e4 85 4b af 7e a3 ea 9f 0e ab 55 a5 3e
55 9d 6c 32 a1 92 2d 04 57 18 0e 5c db 78 17 11
GTK - hexdump(len=16): f9 d3 70 fb 3c 05 5c cf a9 f5 4c 09 99 55 ab 88
WPA: group state machine entering state SETKEYSDONE
madwifi_set_key: alg=CCMP addr=00:00:00:00:00:00 key_idx=1
Flushing old station entries
Deauthenticate all stations
l2_packet_receive - recv: Network is down
ath0: STA 00:0f:3d:86:fd:ab IEEE 802.11: associated
  New STA
RSN IE: STA PMKID - hexdump(len=16): ac 8c f3 81 b5 9c 11 84 ce 53 e4 bb
cb c8 d8 c4
ath0: STA 00:0f:3d:86:fd:ab WPA: event 1 notification
ath0: STA 00:0f:3d:86:fd:ab IEEE 802.1X: start authentication
EAP: State machine created
IEEE 802.1X: 00:0f:3d:86:fd:ab AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab BE_AUTH entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab AUTH_KEY_TX entering state NO_KEY_TRANSMIT
IEEE 802.1X: 00:0f:3d:86:fd:ab KEY_RX entering state NO_KEY_RECEIVE
IEEE 802.1X: 00:0f:3d:86:fd:ab CTRL_DIR entering state IN_OR_BOTH
IEEE 802.1X: 00:0f:3d:86:fd:ab AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab BE_AUTH entering state IDLE
IEEE 802.1X: 00:0f:3d:86:fd:ab KEY_RX entering state NO_KEY_RECEIVE
IEEE 802.1X: 00:0f:3d:86:fd:ab CTRL_DIR entering state FORCE_BOTH
IEEE 802.1X: 00:0f:3d:86:fd:ab AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab KEY_RX entering state NO_KEY_RECEIVE
ath0: STA 00:0f:3d:86:fd:ab WPA: start authentication
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state INITIALIZE
madwifi_del_key: addr=00:0f:3d:86:fd:ab key_idx=0
WPA: 00:0f:3d:86:fd:ab WPA_PTK_GROUP entering state IDLE
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state AUTHENTICATION
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state AUTHENTICATION2
IEEE 802.1X: 00:0f:3d:86:fd:ab AUTH_PAE entering state DISCONNECTED
ath0: STA 00:0f:3d:86:fd:ab IEEE 802.1X: unauthorizing port
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab AUTH_PAE entering state RESTART
IEEE 802.1X: Integrated EAP Authenticator in use - do not generate
EAP-Request/Identity
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: no identity known yet -> CONTINUE
EAP: EAP entering state PROPOSE_METHOD
EAP: getNextMethod: type 1
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 103
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
IEEE 802.1X: 00:0f:3d:86:fd:ab AUTH_PAE entering state CONNECTING
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab AUTH_PAE entering state AUTHENTICATING
IEEE 802.1X: 00:0f:3d:86:fd:ab BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:0f:3d:86:fd:ab (identifier 103)
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 13 bytes from 00:0f:3d:86:fd:ab
   IEEE 802.1X: version=2 type=0 length=9
   EAP: code=2 identifier=103 length=9 (response)
ath0: STA 00:0f:3d:86:fd:ab IEEE 802.1X: received EAP packet (code=2
id=103 len=9) from STA: EAP Response-Identity (1)
ath0: STA 00:0f:3d:86:fd:ab IEEE 802.1X: STA identity 'tom2'
IEEE 802.1X: 00:0f:3d:86:fd:ab BE_AUTH entering state RESPONSE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 respId=103 respMethod=1
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
EAP-Identity: Peer identity - hexdump_ascii(len=4):
     74 6f 6d 32                                       tom2
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: another method available -> CONTINUE
EAP: EAP entering state PROPOSE_METHOD
EAP: getNextMethod: type 13
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 104
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
IEEE 802.1X: 00:0f:3d:86:fd:ab BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:0f:3d:86:fd:ab (identifier 104)
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 110 bytes from 00:0f:3d:86:fd:ab
   IEEE 802.1X: version=2 type=0 length=106
   EAP: code=2 identifier=104 length=106 (response)
ath0: STA 00:0f:3d:86:fd:ab IEEE 802.1X: received EAP packet (code=2
id=104 len=106) from STA: EAP Response-TLS (13)
IEEE 802.1X: 00:0f:3d:86:fd:ab BE_AUTH entering state RESPONSE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 respId=104 respMethod=13
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
EAP-TLS: Received packet(len=106) - Flags 0x00
SSL: (where=0x10 ret=0x1)
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:before/accept initialization
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3 read client hello A
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3 write server hello A
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3 write certificate A
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3 write certificate request A
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3 flush data
SSL: (where=0x2002 ret=0xffffffff)
SSL: SSL_accept:error in SSLv3 read client certificate A
SSL: 1391 bytes pending from ssl_out
SSL: 1391 bytes left to be sent out (of total 1391 bytes)
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 105
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
IEEE 802.1X: 00:0f:3d:86:fd:ab BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:0f:3d:86:fd:ab (identifier 105)
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 1412 bytes from 00:0f:3d:86:fd:ab
   IEEE 802.1X: version=2 type=0 length=1408
   EAP: code=2 identifier=105 length=1408 (response)
ath0: STA 00:0f:3d:86:fd:ab IEEE 802.1X: received EAP packet (code=2
id=105 len=1408) from STA: EAP Response-TLS (13)
IEEE 802.1X: 00:0f:3d:86:fd:ab BE_AUTH entering state RESPONSE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 respId=105 respMethod=13
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
EAP-TLS: Received packet(len=1408) - Flags 0xc0
EAP-TLS: TLS Message Length: 1651
SSL: Need 253 bytes more input data
SSL: data reassembly failed
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 106
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
IEEE 802.1X: 00:0f:3d:86:fd:ab BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:0f:3d:86:fd:ab (identifier 106)
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 263 bytes from 00:0f:3d:86:fd:ab
   IEEE 802.1X: version=2 type=0 length=259
   EAP: code=2 identifier=106 length=259 (response)
ath0: STA 00:0f:3d:86:fd:ab IEEE 802.1X: received EAP packet (code=2
id=106 len=259) from STA: EAP Response-TLS (13)
IEEE 802.1X: 00:0f:3d:86:fd:ab BE_AUTH entering state RESPONSE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 respId=106 respMethod=13
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
EAP-TLS: Received packet(len=259) - Flags 0x00
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=1
buf='/C=DE/ST=BW/L=KARLSRUHE/O=RUE19/OU=WLAN/CN=madwifi
wlan/emailAddress=root at tom3'
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=0
buf='/C=DE/ST=BW/L=KARLSRUHE/O=RUE19/OU=WLAN/CN=tom2/emailAddress=root at tom3'
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3 read client certificate A
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3 read client key exchange A
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3 read certificate verify A
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3 read finished A
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3 write change cipher spec A
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3 write finished A
SSL: (where=0x2001 ret=0x1)
SSL: SSL_accept:SSLv3 flush data
SSL: (where=0x20 ret=0x1)
SSL: (where=0x2002 ret=0x1)
SSL: 59 bytes pending from ssl_out
SSL: 59 bytes left to be sent out (of total 59 bytes)
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 107
EAP-TLS: Done
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
IEEE 802.1X: 00:0f:3d:86:fd:ab BE_AUTH entering state REQUEST
IEEE 802.1X: Sending EAP Packet to 00:0f:3d:86:fd:ab (identifier 107)
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 10 bytes from 00:0f:3d:86:fd:ab
   IEEE 802.1X: version=2 type=0 length=6
   EAP: code=2 identifier=107 length=6 (response)
ath0: STA 00:0f:3d:86:fd:ab IEEE 802.1X: received EAP packet (code=2
id=107 len=6) from STA: EAP Response-TLS (13)
IEEE 802.1X: 00:0f:3d:86:fd:ab BE_AUTH entering state RESPONSE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 respId=107 respMethod=13
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
EAP-TLS: Received packet(len=6) - Flags 0x00
SSL: 0 bytes pending from ssl_out
SSL: No data to be sent out
EAP-TLS: Derived key - hexdump(len=64): e2 86 1f 64 83 ce 49 f1 99 e0 a1
d7 83 31 29 a4 90 41 29 db 97 1a f4 37 84 83 30 87 a2 a3 d5 a6 1f cc 6e
28 e7 88 df 82 fd 2d 41 65 af a2 a4 0a c6 9b 6b 7f 92 20 e2 78 af 83 b0
32 53 56 aa a6
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: method succeeded -> SUCCESS
EAP: EAP entering state SUCCESS
EAP: Building EAP-Success (id=107)
IEEE 802.1X: 00:0f:3d:86:fd:ab BE_AUTH entering state SUCCESS
IEEE 802.1X: Sending EAP Packet to 00:0f:3d:86:fd:ab (identifier 107)
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab BE_AUTH entering state IDLE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state INITPMK
WPA: PMK from EAPOL state machine (len=32)
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state PTKSTART
ath0: STA 00:0f:3d:86:fd:ab WPA: sending 1/4 msg of 4-Way Handshake
IEEE 802.1X: 139 bytes from 00:0f:3d:86:fd:ab
   IEEE 802.1X: version=2 type=3 length=135
ath0: STA 00:0f:3d:86:fd:ab WPA: received EAPOL-Key frame (2/4 Pairwise)
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state PTKCALCNEGOTIATING
PMK - hexdump(len=32): e2 86 1f 64 83 ce 49 f1 99 e0 a1 d7 83 31 29 a4
90 41 29 db 97 1a f4 37 84 83 30 87 a2 a3 d5 a6
PTK - hexdump(len=64): d2 bb a8 70 b7 63 79 c6 24 77 d4 6c 98 57 1c 5a
5a f9 43 38 96 d8 4c 30 6e 34 bc e8 7b 52 56 5e 1c 57 2e 10 44 95 3e 9f
cc a7 22 3f be 83 31 78 f7 d2 bb 83 93 27 8a e8 0f e2 cf 76 25 6e 80 e1
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state PTKCALCNEGOTIATING2
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state PTKINITNEGOTIATING
madwifi_get_seqnum: addr=00:00:00:00:00:00 idx=1
ath0: STA 00:0f:3d:86:fd:ab WPA: sending 3/4 msg of 4-Way Handshake
Plaintext EAPOL-Key Key Data - hexdump(len=56): 30 14 01 00 00 0f ac 04
01 00 00 0f ac 04 01 00 00 0f ac 01 00 00 dd 16 000f ac 01 01 00 f9 d3
70 fb 3c 05 5c cf a9 f5 4c 09 99 55 ab 88 dd 00 00 00 00 00 00 00 00 00
Custom wireless event: 'STA-TRAFFIC-STAT
mac=00:0f:3d:86:fd:ab
rx_packets=6
tx_packets=8
rx_bytes=2031
tx_bytes=1846
'
ath0: STA 00:0f:3d:86:fd:ab IEEE 802.11: deassociated
ath0: STA 00:0f:3d:86:fd:ab WPA: event 2 notification
madwifi_del_key: addr=00:0f:3d:86:fd:ab key_idx=0
ioctl[IEEE80211_IOCTL_DELKEY]: Invalid argument
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state DISCONNECTED
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state INITIALIZE
madwifi_del_key: addr=00:0f:3d:86:fd:ab key_idx=0
ioctl[IEEE80211_IOCTL_DELKEY]: Invalid argument
IEEE 802.1X: station 00:0f:3d:86:fd:ab port disabled
IEEE 802.1X: 00:0f:3d:86:fd:ab AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab KEY_RX entering state NO_KEY_RECEIVE
IEEE 802.1X: 00:0f:3d:86:fd:ab AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab KEY_RX entering state NO_KEY_RECEIVE
EAP: EAP entering state DISABLED
IEEE 802.1X: 00:0f:3d:86:fd:ab AUTH_PAE entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:3d:86:fd:ab KEY_RX entering state NO_KEY_RECEIVE
EAP: State machine removed
Signal 2 received - terminating
Flushing old station entries
Deauthenticate all stations
madwifi_set_privacy: enabled=0
tom3:~#









More information about the HostAP mailing list