group key handshake failure in WPA-EAP mode

Piotr Zawadzki pzawadzki at polsl.pl
Sun Apr 23 12:30:12 EDT 2006


Dnia niedziela, 23 kwietnia 2006 16:52, Jouni Malinen napisał:
> On Sun, Apr 23, 2006 at 02:21:13PM +0200, Piotr Zawadzki wrote:
> > I have working setup with hostapd 0.5.2 (RSN and TKIP encryption),
> > freeradius as a AAA server and wpa_supplicant 0.5.2.
> > But if i change protocol from RSN to WPA the group key handshake fails
> >  with the following log on hostapd
>
> What wlan cards and drivers (including version) are you using in the AP
> and client? Can you please send debug log from wpa_supplicant for the
> failed case?
>
> Group key handshake is the first user of the just configured pairwise
> keys and failure here could indicate that either the client or the AP
> has not configured TKIP keys properly at this point. Are you saying that
> the data connection works fine with RSN?
Yes it is. WPA2 works fine but WPA does not.
The following logs comes from the configuration with prism2 based cards in  
both AP and station. I have upgraded firmware to versions supporting RSN.
I'm using hostap driver that comes with 2.6.14 linux kernel (both endpoints).
However, I have also observed the effect of not working in WPA mode  for the 
Atheros (madwifi-ng) card in supplicant node. Fortunately this card also 
supported WPA2 and in this mode worked with no problems.

Cards identification:
AP: lspci -v
02:0a.0 Network controller: Intersil Corporation Prism 2.5 Wavelan chipset 
(rev 01)
        Subsystem: Intersil Corporation Prism 2.5 Wavelan chipset
        Flags: medium devsel, IRQ 169
        Memory at ef000000 (32-bit, prefetchable) [size=4K]
        Capabilities: [dc] Power Management version 2
STA: cardctl ident
Socket 1:
  product info: "PCMCIA", "11M WLAN Card v3.0", "", ""
  manfid: 0x0274, 0x1613
  function: 6 (network)

Firmware versions are the same:
AP:
Apr 23 17:24:32 dom kernel: wifi0: NIC: id=0x8013 v1.0.0
Apr 23 17:24:32 dom kernel: wifi0: PRI: id=0x15 v1.1.4
Apr 23 17:24:32 dom kernel: wifi0: STA: id=0x1f v1.8.4
STA:
Apr 23 17:30:24 laptop kernel: wifi0: NIC: id=0x801b v1.0.0
Apr 23 17:30:24 laptop kernel: wifi0: PRI: id=0x15 v1.1.1
Apr 23 17:30:24 laptop kernel: wifi0: STA: id=0x1f v1.8.4

The output from
wpa_supplicant -dd -i wlan0 -D hostap -c /etc/wpa_supplicant.conf
***
Initializing interface 'wlan0' conf '/etc/wpa_supplicant.conf' driver 'hostap' 
ctrl_interface 'N/A' bridge 'N/A'
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=1000
update_config=1
Line: 27 - start of a new network block
ssid - hexdump_ascii(len=6):
     6d 69 73 69 65 6b                                 misiek          
proto: 0x1
key_mgmt: 0x1
pairwise: 0x8
eap methods - hexdump(len=16): 00 00 00 00 19 00 00 00 00 00 00 00 00 00 00 00
... cut - authentication messages ...
EAP: Received EAP-Success
EAP: EAP entering state SUCCESS
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
CTRL_IFACE monitor send - hexdump(len=26): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 
6c 5f 31 39 32 38 33 2d 31 36 35 33 31 00
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
RX EAPOL from 00:0f:cb:b0:0d:9b
RX EAPOL - hexdump(len=99): 02 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 01 
87 67 37 82 eb a1 3d 11 af a1 6c 4d 38 31 52 87 36 85 de 2f 14 95 0f 69 ed 20 
16 44 fa 90 dc db 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00
EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines
IEEE 802.1X RX: version=2 type=3 length=95
  EAPOL-Key type=254
WPA: RX EAPOL-Key - hexdump(len=99): 02 03 00 5f fe 00 89 00 20 00 00 00 00 00 
00 00 01 87 67 37 82 eb a1 3d 11 af a1 6c 4d 38 31 52 87 36 85 de 2f 14 95 0f 
69 ed 20 16 44 fa 90 dc db 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00
State: ASSOCIATED -> 4WAY_HANDSHAKE
WPA: RX message 1 of 4-Way Handshake from 00:0f:cb:b0:0d:9b (ver=1)
WPA: PMK from EAPOL state machines - hexdump(len=32): [REMOVED]
WPA: WPA IE for msg 2/4 - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 
01 00 00 50 f2 02 01 00 00 50 f2 01
WPA: Renewed SNonce - hexdump(len=32): e6 7b b4 20 d4 37 35 15 5d 56 6c 4d 29 
98 70 de 08 78 33 db 84 04 b5 42 e6 a6 d2 71 da 72 8d 59
WPA: PMK - hexdump(len=32): [REMOVED]
WPA: PTK - hexdump(len=64): [REMOVED]
WPA: Sending EAPOL-Key 2/4
WPA: TX EAPOL-Key - hexdump(len=123): 01 03 00 77 fe 01 09 00 20 00 00 00 00 
00 00 00 01 e6 7b b4 20 d4 37 35 15 5d 56 6c 4d 29 98 70 de 08 78 33 db 84 04 
b5 42 e6 a6 d2 71 da 72 8d 59 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 79 3c c8 89 ab 4d d4 c9 1f d6 
65 91 12 06 e5 51 00 18 dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 
01 00 00 50 f2 01
RX EAPOL from 00:0f:cb:b0:0d:9b
RX EAPOL - hexdump(len=123): 02 03 00 77 fe 01 c9 00 20 00 00 00 00 00 00 00 
02 87 67 37 82 eb a1 3d 11 af a1 6c 4d 38 31 52 87 36 85 de 2f 14 95 0f 69 ed 
20 16 44 fa 90 dc db 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 41 ed 8f be 64 69 b7 b4 c0 02 af e4 0f 
f9 1c 0e 00 18 dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 
50 f2 01
EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines
IEEE 802.1X RX: version=2 type=3 length=119
  EAPOL-Key type=254
WPA: RX EAPOL-Key - hexdump(len=123): 02 03 00 77 fe 01 c9 00 20 00 00 00 00 
00 00 00 02 87 67 37 82 eb a1 3d 11 af a1 6c 4d 38 31 52 87 36 85 de 2f 14 95 
0f 69 ed 20 16 44 fa 90 dc db 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 41 ed 8f be 64 69 b7 b4 c0 02 
af e4 0f f9 1c 0e 00 18 dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 
01 00 00 50 f2 01
State: 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE
WPA: RX message 3 of 4-Way Handshake from 00:0f:cb:b0:0d:9b (ver=1)
WPA: IE KeyData - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 
00 50 f2 02 01 00 00 50 f2 01
WPA: Sending EAPOL-Key 4/4
WPA: TX EAPOL-Key - hexdump(len=99): 01 03 00 5f fe 01 09 00 20 00 00 00 00 00 
00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 dd ff 39 1f e8 4d 20 32 da 3d 60 
96 51 c4 eb 6d 00 00
WPA: Installing PTK to the driver.
WPA: RSC - hexdump(len=6): 00 00 00 00 00 00
wpa_driver_hostap_set_key: alg=TKIP key_idx=0 set_tx=1 seq_len=6 key_len=32
State: 4WAY_HANDSHAKE -> GROUP_HANDSHAKE
RX ctrl_iface - hexdump_ascii(len=4):
     50 49 4e 47                                       PING            
RX ctrl_iface - hexdump_ascii(len=6):
     53 54 41 54 55 53                                 STATUS          
RX ctrl_iface - hexdump_ascii(len=13):
     4c 49 53 54 5f 4e 45 54 57 4f 52 4b 53            LIST_NETWORKS   
RX ctrl_iface - hexdump_ascii(len=4):
     50 49 4e 47                                       PING            
EAPOL: startWhen --> 0
RX ctrl_iface - hexdump_ascii(len=4):
     50 49 4e 47                                       PING            
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
Setting scan request: 0 sec 100000 usec
Added BSSID 00:0f:cb:b0:0d:9b into blacklist
State: GROUP_HANDSHAKE -> DISCONNECTED
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
CTRL_IFACE monitor send - hexdump(len=26): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 
6c 5f 31 39 32 38 33 2d 31 36 35 33 31 00
*** end of debug

Thanks for your interest.
-- 
Piotr Zawadzki, Silesian Technical University
PGP: http://www.keyserver.net/



More information about the HostAP mailing list