Problem with 4-way

Chuck Tuffli CTuffli at dspg.com
Thu Aug 7 20:06:52 EDT 2008 

Hi -

The 0.5.10 supplicant is having some trouble completing the 4-way
hand-shake with a new Netgear router (WNDR3300), where as another
Windows driver (DLink DWA-160) *not* using wpa_supplicant is able to
complete the 4-way. Looking at a sniffer trace, I can see the AP
repeatedly sending 1/4 in response to every 2/4 that the supplicant
sends, as if there is a problem with the 2/4 message. Comparing the
sniffer trace of the Windows driver and the wpa_supplicant, there were 2
differences in the 2/4 message: first it uses EAPOL version 2 and sets
the key length to 16. I modified wpa_supplicant.conf to set
eapol_version=2 and wpa_supplicant_send_2_of_4() function to set the key
length field to 16 instead of 0, but this didn't get me any further. I
can send the whole trace to people who are interested, but the relevant
part is below. Has anyone run across something like this before or have
any ideas of other things to try? TIA

---chuck

33967.378567: RX EAPOL from 00:1f:33:b4:36:f4
33967.378783: RX EAPOL - hexdump(len=99): 02 03 00 5f 02 00 8a 00 10 00
00 00 00 00 00 00 00 37 dc 76 ff b3 e5 7b c1 72 ab 87 ce a4 54 93 9d 52
13 82 0f 25 1b ac 49 53 42 9c c8 f1 92 91 76 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
33967.381114: Setting authentication timeout: 10 sec 0 usec
33967.381350: IEEE 802.1X RX: version=2 type=3 length=95
33967.381504:   EAPOL-Key type=2
33967.381595:   key_info 0x8a (ver=2 keyidx=0 rsvd=0 Pairwise Ack)
33967.381859:   key_length=16 key_data_length=0
33967.381963:   replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 00
33967.382232:   key_nonce - hexdump(len=32): 37 dc 76 ff b3 e5 7b c1 72
ab 87 ce a4 54 93 9d 52 13 82 0f 25 1b ac 49 53 42 9c c8 f1 92 91 76
33967.382993:   key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00
33967.383425:   key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00
33967.383691:   key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00
00
33967.383957:   key_mic - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00
33967.384394: WPA: RX EAPOL-Key - hexdump(len=99): 02 03 00 5f 02 00 8a
00 10 00 00 00 00 00 00 00 00 37 dc 76 ff b3 e5 7b c1 72 ab 87 ce a4 54
93 9d 52 13 82 0f 25 1b ac 49 53 42 9c c8 f1 92 91 76 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
33967.386761: State: ASSOCIATED -> 4WAY_HANDSHAKE
33967.386910: WPA: RX message 1 of 4-Way Handshake from
00:1f:33:b4:36:f4 (ver=2)
33967.387106: RSN: msg 1/4 key data - hexdump(len=0):
33967.396992: WPA: Renewed SNonce - hexdump(len=32): b6 25 1b 31 cf 79
0f cd c5 ca 9e 31 3f f7 ad 5e b6 47 1b 5a 95 73 d4 cd 2f 51 d4 aa 0e 8b
af 72
33967.398870: WPA: PMK - hexdump(len=32): 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
33967.399666: WPA: PTK - hexdump(len=64): 8b 71 99 87 75 a4 41 80 d8 bf
bf d2 4a fa ed 35 7a b3 69 64 1f 4a 4d 93 4a c4 51 f9 ac 3d 38 86 56 a3
5a 55 aa f2 d2 dd 31 f5 eb 30 b2 75 1b 7d 71 ec 7e 63 76 e9 a0 15 4a b8
c1 20 0a f4 04 01
33967.401185: WPA: WPA IE for msg 2/4 - hexdump(len=22): 30 14 01 00 00
0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
33967.401784: WPA: Sending EAPOL-Key 2/4
33967.402095: WPA: TX EAPOL-Key - hexdump(len=121): 02 03 00 75 02 01 0a
00 10 00 00 00 00 00 00 00 00 b6 25 1b 31 cf 79 0f cd c5 ca 9e 31 3f f7
ad 5e b6 47 1b 5a 95 73 d4 cd 2f 51 d4 aa 0e 8b af 72 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 07 78 6a 1d 36 21 7b c7 74 65 bc 15 c0 e4 ee 67 00 16 30 14 01 00
00 0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
33968.405062: RX EAPOL from 00:1f:33:b4:36:f4
33968.405315: RX EAPOL - hexdump(len=99): 02 03 00 5f 02 00 8a 00 10 00
00 00 00 00 00 00 01 37 dc 76 ff b3 e5 7b c1 72 ab 87 ce a4 54 93 9d 52
13 82 0f 25 1b ac 49 53 42 9c c8 f1 92 91 76 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
33968.407506: IEEE 802.1X RX: version=2 type=3 length=95
33968.407639:   EAPOL-Key type=2
33968.407725:   key_info 0x8a (ver=2 keyidx=0 rsvd=0 Pairwise Ack)
33968.407990:   key_length=16 key_data_length=0
33968.408096:   replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 01
33968.408362:   key_nonce - hexdump(len=32): 37 dc 76 ff b3 e5 7b c1 72
ab 87 ce a4 54 93 9d 52 13 82 0f 25 1b ac 49 53 42 9c c8 f1 92 91 76
33968.409334:   key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00
33968.409776:   key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00
33968.410148:   key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00
00
33968.410424:   key_mic - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00
33968.410866: WPA: RX EAPOL-Key - hexdump(len=99): 02 03 00 5f 02 00 8a
00 10 00 00 00 00 00 00 00 01 37 dc 76 ff b3 e5 7b c1 72 ab 87 ce a4 54
93 9d 52 13 82 0f 25 1b ac 49 53 42 9c c8 f1 92 91 76 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
33968.413180: State: 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE
33968.413322: WPA: RX message 1 of 4-Way Handshake from
00:1f:33:b4:36:f4 (ver=2)
33968.413520: RSN: msg 1/4 key data - hexdump(len=0):
33968.414216: WPA: PMK - hexdump(len=32): 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
33968.415000: WPA: PTK - hexdump(len=64): 8b 71 99 87 75 a4 41 80 d8 bf
bf d2 4a fa ed 35 7a b3 69 64 1f 4a 4d 93 4a c4 51 f9 ac 3d 38 86 56 a3
5a 55 aa f2 d2 dd 31 f5 eb 30 b2 75 1b 7d 71 ec 7e 63 76 e9 a0 15 4a b8
c1 20 0a f4 04 01
33968.416400: WPA: WPA IE for msg 2/4 - hexdump(len=22): 30 14 01 00 00
0f ac 02 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
33968.416977: WPA: Sending EAPOL-Key 2/4

More information about the HostAP mailing list