hostapd: invalid MIC in msg 2/4 of 4-Way Handshake

Nazeer Khan Nazeer.Khan at nicta.com.au
Sat Mar 31 22:39:05 EDT 2007


Hey,

Thank you so much for your time. The exact problem that i was facing was
that PMK were same on station and hostapd, but the PTK generated were
different which was used to calculate MIC. The difference was because one
parameter to calculate PTK from PMK was missing at hostapd.

Now its fixed.

Thank you so much for help and guidance.

Nazeer


> On Tue, Mar 27, 2007 at 07:36:22PM +1000, Nazeer Khan wrote:
>
>> I am using hostapd/madwifi. I have made changes in driver_madwifi and
>> broken the hostapd code into two parts. The code_1 that interacts with
>> driver runs separately and the code_2 doing all the state machine things
>> run separately. Data is collected from driver using code_1 and send to
>> code_2 for processing. Similarly when code_2 wants to send any data to
>> STA, it sends it to code_1 and code_1 gives it to the driver. The data
>> is
>> passed between code_1 and code_2 using UDP sockets.
>
> Are you also sending all events (things that are not just data frames)
> from code_1 to code_2? Are the messages/events/commands delivered in the
> same order that they would be when this kind of separation is not used?
>
>> I am using EAP-TLS. The station is successfully authenticated by RADIUS
>> server. But when code_2 enters "WPA_PTK entering state PTKSTART", it
>> gives
>> error on the 2nd message of the 4 way handshake. Actually the MIC is
>> failing as clear from the debug message.
>>
>> I wanted to ask why is this happening. I have verified that the data
>> code_2 is getting from code_1 is exactly the same which code_1 is
>> getting
>> from the driver. I have put a hostapd_hexdump statement both in code_1
>> and
>> code_2 to verify that. I have not made any changes in the state machines
>> etc etc. Changes are in just "driver_madwifi.c".
>
> Can you please send the debug log from both code_1 and code_2 showing
> this failure? Can you publish the changes you have made to
> driver_madwifi.c?
>
>> One weired thing is that if i don't send data from code_1 to code_2, and
>> do the processing and all stuff in the same process, i don't get any MIC
>> error.
>
>> Can someone help me that why is MIC failing although the contents of the
>> MSG are not being changed.
>
> It's difficult to guess what could be causing this since I have not seen
> the changes you've done. You could add some more debug prints to both
> the supplicant and the device running code_2 and verify that the
> parameters to MIC calculation (including the key) are indeed same.
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>



--------------------------------------------------------------------------
This email and any attachments may be confidential. They may contain legally
privileged information or copyright material. You should not read, copy,
use or disclose them without authorisation. If you are not an intended
recipient, please contact us at once by return email and then delete both
messages. We do not accept liability in connection with computer virus,
data corruption, delay, interruption, unauthorised access or unauthorised
amendment. This notice should not be removed.



More information about the HostAP mailing list