speedtouch 580
Jouni Malinen
jkmaline at cc.hut.fi
Sun Aug 6 13:32:33 EDT 2006
On Sun, Aug 06, 2006 at 12:09:44PM +0200, Santiago Garcia Mantinan wrote:
> I guess it is because the sniffer card couldn't receive the frames as the AP
> is far away (on my cousin's house) and the card was a pcmcia card without
> external antenna. The pcmcia card I have with a good antenna is only 802.11b
> and that's why I used this one. I'll try to figure out how I can set things
> so that I can capture with a better antenna.
Thanks for the new capture files. They are showing all the needed frames
and make it easier to figure out exact differences in behavior.
> > What would be the easiest mechanism for you to test some changes? I can,
> > for example, create a set of patch files against the latest release
> > (0.5.4).
>
> Yes, that would be fine for me.
The attached patches modify wpa_supplicant to use BSSID instead of
source address of the EAPOL-Key frame. Could you please test these one
by one to see whether the behavior changes? I would like to see at least
the debug log from wpa_supplicant for each change (with -ddt on the
command line). If it is easy for you to record the capture logs, that
could be additional help, especially so, if the behavior does not match
my expectations.
These are against wpa_supplicant v0.5.4 and they can be applied with the
following commands in the root source directory (these are incremental,
so the previous changes should be left in when applying the next patch
in sequence):
patch -p1 < 1-eapol_key_dest.patch
patch -p1 < 2-pmk_derivation.patch
patch -p1 < 3-key_conf_addr.patch
patch -p1 < 4-cleanup.patch
The first patch changes only the destination address of EAPOL-Key frames
from wpa_supplicant. I don't expect this to fix the issue and it may end
up in the AP behaving more or less in the identical way as with
unmodified wpa_supplicant v0.5.4.
The second patch changes key derivation to use BSSID. I would expect
this to allow wpa_supplicant to complete 4-way handshake successfully.
However, this may not allow the following group key handshake to be
completed.
The third patch changes key configuration to use BSSID. I would expect
this to allow group key handshake to be completed and data connection
being available.
The fourth patch is just some minor cleanup and I would not expect it to
change behavior.
--
Jouni Malinen PGP id EFC895FA
-------------- next part --------------
--- wpa.c.orig 2006-08-06 10:10:17.000000000 -0700
+++ wpa.c 2006-08-06 10:09:23.000000000 -0700
@@ -1390,7 +1390,7 @@ static int wpa_supplicant_get_pmk(struct
static int wpa_supplicant_send_2_of_4(struct wpa_sm *sm,
- const unsigned char *src_addr,
+ const unsigned char *dst,
const struct wpa_eapol_key *key,
int ver, const u8 *nonce,
const u8 *wpa_ie, size_t wpa_ie_len,
@@ -1431,7 +1431,7 @@ static int wpa_supplicant_send_2_of_4(st
memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
- wpa_eapol_key_send(sm, ptk->kck, ver, src_addr, ETH_P_EAPOL,
+ wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
rbuf, rlen, reply->key_mic);
return 0;
@@ -1499,7 +1499,7 @@ static void wpa_supplicant_process_1_of_
memcpy(ptk->u.auth.rx_mic_key, buf, 8);
sm->tptk_set = 1;
- if (wpa_supplicant_send_2_of_4(sm, src_addr, key, ver, sm->snonce,
+ if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
sm->assoc_wpa_ie, sm->assoc_wpa_ie_len,
ptk))
return;
@@ -1864,7 +1864,7 @@ static int wpa_supplicant_validate_ie(st
static int wpa_supplicant_send_4_of_4(struct wpa_sm *sm,
- const unsigned char *src_addr,
+ const unsigned char *dst,
const struct wpa_eapol_key *key,
u16 ver, u16 key_info,
const u8 *kde, size_t kde_len,
@@ -1900,7 +1900,7 @@ static int wpa_supplicant_send_4_of_4(st
memcpy(reply + 1, kde, kde_len);
wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
- wpa_eapol_key_send(sm, ptk->kck, ver, src_addr, ETH_P_EAPOL,
+ wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
rbuf, rlen, reply->key_mic);
return 0;
@@ -1961,7 +1961,7 @@ static void wpa_supplicant_process_3_of_
break;
}
- if (wpa_supplicant_send_4_of_4(sm, src_addr, key, ver, key_info,
+ if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
NULL, 0, &sm->ptk))
return;
@@ -3073,7 +3073,6 @@ static int wpa_supplicant_process_1_of_2
static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
- const unsigned char *src_addr,
const struct wpa_eapol_key *key,
int ver, u16 key_info)
{
@@ -3101,7 +3100,7 @@ static int wpa_supplicant_send_2_of_2(st
WPA_PUT_BE16(reply->key_data_length, 0);
wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
- wpa_eapol_key_send(sm, sm->ptk.kck, ver, src_addr, ETH_P_EAPOL,
+ wpa_eapol_key_send(sm, sm->ptk.kck, ver, sm->bssid, ETH_P_EAPOL,
rbuf, rlen, reply->key_mic);
return 0;
@@ -3149,7 +3148,7 @@ static void wpa_supplicant_process_1_of_
return;
if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
- wpa_supplicant_send_2_of_2(sm, src_addr, key, ver, key_info))
+ wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
return;
if (rekey) {
-------------- next part --------------
--- wpa.c.dst 2006-08-06 10:10:53.000000000 -0700
+++ wpa.c 2006-08-06 10:11:40.000000000 -0700
@@ -1491,7 +1491,7 @@ static void wpa_supplicant_process_1_of_
* been verified when processing message 3/4. */
ptk = &sm->tptk;
wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
- sm->own_addr, src_addr, sm->snonce, key->key_nonce,
+ sm->own_addr, sm->bssid, sm->snonce, key->key_nonce,
(u8 *) ptk, sizeof(*ptk));
/* Supplicant: swap tx/rx Mic keys */
memcpy(buf, ptk->u.auth.tx_mic_key, 8);
-------------- next part --------------
--- wpa.c.pmk 2006-08-06 10:14:04.000000000 -0700
+++ wpa.c 2006-08-06 10:18:10.000000000 -0700
@@ -1552,7 +1552,6 @@ static void wpa_supplicant_key_neg_compl
static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
- const unsigned char *src_addr,
const struct wpa_eapol_key *key)
{
int alg, keylen, rsclen;
@@ -1589,7 +1588,7 @@ static int wpa_supplicant_install_ptk(st
wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
}
- if (wpa_sm_set_key(sm, alg, src_addr, 0, 1, key_rsc, rsclen,
+ if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
(u8 *) sm->ptk.tk1, keylen) < 0) {
wpa_printf(MSG_WARNING, "WPA: Failed to set PTK to the "
"driver.");
@@ -1719,7 +1718,6 @@ static int wpa_supplicant_gtk_tx_bit_wor
static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
- const unsigned char *src_addr,
const struct wpa_eapol_key *key,
const u8 *gtk, size_t gtk_len,
int key_info)
@@ -1759,7 +1757,7 @@ static int wpa_supplicant_pairwise_gtk(s
return -1;
}
- wpa_supplicant_key_neg_complete(sm, src_addr,
+ wpa_supplicant_key_neg_complete(sm, sm->bssid,
key_info & WPA_KEY_INFO_SECURE);
return 0;
#else /* CONFIG_NO_WPA2 */
@@ -1971,19 +1969,19 @@ static void wpa_supplicant_process_3_of_
sm->renew_snonce = 1;
if (key_info & WPA_KEY_INFO_INSTALL) {
- wpa_supplicant_install_ptk(sm, src_addr, key);
+ wpa_supplicant_install_ptk(sm, key);
}
if (key_info & WPA_KEY_INFO_SECURE) {
wpa_sm_mlme_setprotection(
- sm, src_addr, MLME_SETPROTECTION_PROTECT_TYPE_RX,
+ sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
eapol_sm_notify_portValid(sm->eapol, TRUE);
}
wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
if (ie.gtk &&
- wpa_supplicant_pairwise_gtk(sm, src_addr, key,
+ wpa_supplicant_pairwise_gtk(sm, key,
ie.gtk, ie.gtk_len, key_info) < 0) {
wpa_printf(MSG_INFO, "RSN: Failed to configure GTK");
}
@@ -3154,10 +3152,10 @@ static void wpa_supplicant_process_1_of_
if (rekey) {
wpa_msg(sm->ctx->ctx, MSG_INFO, "WPA: Group rekeying "
"completed with " MACSTR " [GTK=%s]",
- MAC2STR(src_addr), wpa_cipher_txt(sm->group_cipher));
+ MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
wpa_sm_set_state(sm, WPA_COMPLETED);
} else {
- wpa_supplicant_key_neg_complete(sm, src_addr,
+ wpa_supplicant_key_neg_complete(sm, sm->bssid,
key_info &
WPA_KEY_INFO_SECURE);
}
-------------- next part --------------
--- wpa.c.key 2006-08-06 10:18:48.000000000 -0700
+++ wpa.c 2006-08-06 10:19:53.000000000 -0700
@@ -1906,7 +1906,6 @@ static int wpa_supplicant_send_4_of_4(st
static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
- const unsigned char *src_addr,
const struct wpa_eapol_key *key,
u16 ver)
{
@@ -1916,7 +1915,7 @@ static void wpa_supplicant_process_3_of_
wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
wpa_printf(MSG_DEBUG, "WPA: RX message 3 of 4-Way Handshake from "
- MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
+ MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver);
key_info = WPA_GET_BE16(key->key_info);
@@ -1929,13 +1928,13 @@ static void wpa_supplicant_process_3_of_
return;
}
- if (wpa_supplicant_validate_ie(sm, src_addr, &ie) < 0)
+ if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
return;
if (memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
wpa_printf(MSG_WARNING, "WPA: ANonce from message 1 of 4-Way "
"Handshake differs from 3 of 4-Way Handshake - drop"
- " packet (src=" MACSTR ")", MAC2STR(src_addr));
+ " packet (src=" MACSTR ")", MAC2STR(sm->bssid));
return;
}
@@ -1945,7 +1944,7 @@ static void wpa_supplicant_process_3_of_
if (keylen != 16) {
wpa_printf(MSG_WARNING, "WPA: Invalid CCMP key length "
"%d (src=" MACSTR ")",
- keylen, MAC2STR(src_addr));
+ keylen, MAC2STR(sm->bssid));
return;
}
break;
@@ -1953,7 +1952,7 @@ static void wpa_supplicant_process_3_of_
if (keylen != 32) {
wpa_printf(MSG_WARNING, "WPA: Invalid TKIP key length "
"%d (src=" MACSTR ")",
- keylen, MAC2STR(src_addr));
+ keylen, MAC2STR(sm->bssid));
return;
}
break;
@@ -3591,7 +3590,7 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, c
#endif /* CONFIG_PEERKEY */
if (key_info & WPA_KEY_INFO_MIC) {
/* 3/4 4-Way Handshake */
- wpa_supplicant_process_3_of_4(sm, src_addr, key, ver);
+ wpa_supplicant_process_3_of_4(sm, key, ver);
} else {
/* 1/4 4-Way Handshake */
wpa_supplicant_process_1_of_4(sm, src_addr, key,
More information about the HostAP
mailing list