wpa_supplicant 0.5.11, wifi WPA2 certification 5.5.2 PMK cache case fails, when validate_ie during roaming

Jouni Malinen j at w1.fi
Fri Aug 28 14:16:31 EDT 2009


On Tue, Aug 11, 2009 at 05:38:20PM +0800, Zheng BaoZhong-E13358 wrote:

> we are using TI 1271 chipset, and wpa_supplicant 0.5.11 version, and
> when we run WPA2 certification 5.5.2 case, it fails about log
> "W/wpa_supplicant( 1637): WPA: IE in 3/4 msg does not match with IE in
> Beacon/ProbeResp (src=00:03:7f:00:d7:da)"

Are you using ap_scan=2 mode (i.e., driving deciding when and where to
roam)?

> Because TI driver does not include beacon_ies in assoc info event, and
> sm->wpa_ie and sm->rsn_ie is not cleared, and it causes the match fails,
> because sm->wpa_ie or sm->rsn_ie saves last AP (Broadcom AP) ie
> information, which is compared with current (roam to) AP (Atheros) IE.

This is an interesting use case since the APs seem to have different
WPA/RSN IEs in the same ESS. As far as ap_scan=1 mode operations are
concerned, I would assume that wpa_supplicant is able to handle the IE
update properly. However, in ap_scan=2 mode, the driver may be required
to provide the update in association info event.

It does not look like a good idea to keep the old IEs. Furthermore,
wpa_supplicant should be able to fetch the new beacon IEs from scan
results during 4-way handshake. This could be enough to handle IE
validation correctly. However, I'm not sure the new scan results were to
be available here when ap_scan=2 is used..

> we change the related code liking
>  if (!wpa_found)// && data->assoc_info.beacon_ies)
>   wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
>  if (!rsn_found)// && data->assoc_info.beacon_ies)
>   wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
> It means clear sm wpa_ie and rsn_ie if assoc info does not include
> beacon ies or not found wpa/rsn ie.
>  
> It works for our case.

If by "working" you mean this passes the test case, then yes, this
probably make it "work". However, this may in practice just disable the
IE validation completely for the roaming case with ap_scan=2. In other
words, it may be necessary to add some code to make wpa_supplicant to
request updated scan results from the driver if it does not yet have
existing information about the new AP.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list