failure after 4 way handshake
jkmaline at cc.hut.fi
Sat Oct 15 11:54:39 EDT 2005
On Sat, Oct 15, 2005 at 01:46:16PM +0200, matthieu castet wrote:
> I am trying to add native support for WPA for Aironet WPA cards.
Do you mean that you are modifying the airo_cs driver to allow WPA
> With ndiswrapper everything works correctly, but with my implementation
> the master don't send anything after the "4 way handshake" (I have check
> that with a card in monitor mode) and the Managed client fails with
> timeout failure. See the ethereal dump (ether file) and wpa_supplicant
> log (case1)
Can you send a wireless sniffer log showing this behavior? I'm assuming
you have two cards, one acting as a client and the other one in monitor
> Sometimes the Master send a packet and is received by the client. But
> this packet seems incorrect : the size is too long (wpa_supplicant
> ignore the end) and the key seems wrong : after an exchange of 2-4
> packets the client is disassociated. 
> Why the master don't send an encrypted packet after the '4 way handshake' ?
> Is it because of some failure in '4 way handshake' ?
This sounds like the PTK configuration could have failed. I would need
to see the sniffer log to verify whether there is a Group Key packet
(the first encrypted frames that is sent just after 4-Way Handshake).
Have you tried swapping Michael MIC TX/RX keys? That is one of the most
common problems with TKIP key configuration. This can be done be
swapping bytes 16..23 and 24..31 in the TKIP key.
> When it sends an encrypted packet why it is the decrypted version is too
> long ?
The AP is likely sending a correct frame but the client card/driver
could do something odd while trying to decrypt this frame.
> What happen if the key is wrong ?
The received frames would normally be dropped, but if you are working on
modifying a driver without hardware documentation, I wouldn't be too
surprised if the driver is now just passing the incorrectly decrypted
> status : 810e <- Deauthentication mic failure
This would sound like something that could indeed be triggered by
incorrect Michael MIC TX/RX keys..
Jouni Malinen PGP id EFC895FA
More information about the HostAP