FT-EAP

Marcelo Sobral msobral at gmail.com
Tue Jul 20 10:56:33 EDT 2010


   Hi, I am using hostapd 0.7.2 to run experiments with FT-EAP and
FT-PSK. FT-PSK works fine, but FT-EAP always performs the full EAP
handshake, instead of only FT. It seems it succeeds to  authenticate
with FT-EAP, but afterwards the STA disconnects and then the EAP
handshake is executed. Here it follows the log of a reassociate try:

FT: Received authentication frame: STA=00:13:02:90:5b:76
BSSID=00:18:e7:28:46:81 transaction=1
FT: Received authentication frame IEs - hexdump(len=136): 30 26 01 00
00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 03 00 00 01 00 97 97 39
20 4d 09 41 4f 01 88 ae 5b b7 59 03 cc 36 03 a1 b2 01 37 59 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 fd 98 e6 0e 72 b2 ff fa bb 1c 3a 8d b8 8b 3b 06 41 82 ec 9b d4 dd
4c 00 40 10 a4 0c 68 b4 7c d1 03 05 70 72 61 69 61
FT: STA R0KH-ID - hexdump(len=5): 70 72 61 69 61
FT: Requested PMKR0Name - hexdump(len=16): 97 97 39 20 4d 09 41 4f 01
88 ae 5b b7 59 03 cc
FT: Derived requested PMKR1Name - hexdump(len=16): d1 0e 69 99 fd b7
b9 5b 4c dc 40 e1 21 25 4f c3
FT: Selected PMK-R1 - hexdump(len=32): [REMOVED]
FT: Received SNonce - hexdump(len=32): fd 98 e6 0e 72 b2 ff fa bb 1c
3a 8d b8 8b 3b 06 41 82 ec 9b d4 dd 4c 00 40 10 a4 0c 68 b4 7c d1
FT: Generated ANonce - hexdump(len=32): 7b 6a 37 8e cc 08 18 30 d5 7d
b6 1e 19 e2 32 31 11 a9 ad 77 73 96 99 ff ee c9 dd 49 28 64 b2 06
FT: PTK - hexdump(len=48): [REMOVED]
FT: PTKName - hexdump(len=16): ec da ce d4 52 c4 3e f7 56 b1 ac c9 f5 8c a8 86
wpa_driver_nl80211_set_key: ifindex=3 alg=3 addr=0x1f69770 key_idx=0
set_tx=1 seq_len=0 key_len=16
   addr=00:13:02:90:5b:76
nl80211: set_key failed; err=-2 No such file or directory)
FT: FT authentication response: dst=00:13:02:90:5b:76
auth_transaction=2 status=0
FT: Response IEs - hexdump(len=156): 30 32 01 00 00 0f ac 04 01 00 00
0f ac 04 04 00 00 0f ac 01 00 0f ac 02 00 0f ac 03 00 0f ac 04 00 00
01 00 97 97 39 20 4d 09 41 4f 01 88 ae 5b b7 59 03 cc 36 03 a1 b2 01
37 61 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7b 6a 37
8e cc 08 18 30 d5 7d b6 1e 19 e2 32 31 11 a9 ad 77 73 96 99 ff ee c9
dd 49 28 64 b2 06 fd 98 e6 0e 72 b2 ff fa bb 1c 3a 8d b8 8b 3b 06 41
82 ec 9b d4 dd 4c 00 40 10 a4 0c 68 b4 7c d1 01 06 00 01 02 03 04 05
03 05 70 72 61 69 61
authentication reply: STA=00:13:02:90:5b:76 auth_alg=2
auth_transaction=2 resp=0 (IE len=156)
wlan0: STA 00:13:02:90:5b:76 MLME:
MLME-AUTHENTICATE.indication(00:13:02:90:5b:76, FT)
mgmt::auth cb
mgmt::reassoc_req
reassociation request: STA=00:13:02:90:5b:76 capab_info=0x431
listen_interval=5 current_ap=00:18:e7:28:46:81
RSN IE: STA PMKID - hexdump(len=16): d1 0e 69 99 fd b7 b9 5b 4c dc 40
e1 21 25 4f c3
FT: Reassoc Req IEs - hexdump(len=167): 00 05 74 65 73 74 65 01 08 02
04 0b 16 0c 12 18 24 32 04 30 48 60 6c 30 26 01 00 00 0f ac 04 01 00
00 0f ac 04 01 00 00 0f ac 03 00 00 01 00 d1 0e 69 99 fd b7 b9 5b 4c
dc 40 e1 21 25 4f c3 36 03 a1 b2 01 37 61 00 03 ca b6 ad cb 04 38 99
77 a2 4b 16 a1 89 22 68 bd 7b 6a 37 8e cc 08 18 30 d5 7d b6 1e 19 e2
32 31 11 a9 ad 77 73 96 99 ff ee c9 dd 49 28 64 b2 06 fd 98 e6 0e 72
b2 ff fa bb 1c 3a 8d b8 8b 3b 06 41 82 ec 9b d4 dd 4c 00 40 10 a4 0c
68 b4 7c d1 01 06 00 01 02 03 04 05 03 05 70 72 61 69 61
FT: MIC data - hexdump(len=157): 00 13 02 90 5b 76 00 18 e7 28 46 81
05 30 26 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 03 00 00
01 00 d1 0e 69 99 fd b7 b9 5b 4c dc 40 e1 21 25 4f c3 36 03 a1 b2 01
37 61 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 7b 6a 37
8e cc 08 18 30 d5 7d b6 1e 19 e2 32 31 11 a9 ad 77 73 96 99 ff ee c9
dd 49 28 64 b2 06 fd 98 e6 0e 72 b2 ff fa bb 1c 3a 8d b8 8b 3b 06 41
82 ec 9b d4 dd 4c 00 40 10 a4 0c 68 b4 7c d1 01 06 00 01 02 03 04 05
03 05 70 72 61 69 61
  new AID 1
FT: MIC data - hexdump(len=206): 00 13 02 90 5b 76 00 18 e7 28 46 81
06 30 32 01 00 00 0f ac 04 01 00 00 0f ac 04 04 00 00 0f ac 01 00 0f
ac 02 00 0f ac 03 00 0f ac 04 00 00 01 00 d1 0e 69 99 fd b7 b9 5b 4c
dc 40 e1 21 25 4f c3 36 03 a1 b2 01 37 86 00 03 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 7b 6a 37 8e cc 08 18 30 d5 7d b6 1e 19 e2
32 31 11 a9 ad 77 73 96 99 ff ee c9 dd 49 28 64 b2 06 fd 98 e6 0e 72
b2 ff fa bb 1c 3a 8d b8 8b 3b 06 41 82 ec 9b d4 dd 4c 00 40 10 a4 0c
68 b4 7c d1 01 06 00 01 02 03 04 05 03 05 70 72 61 69 61 02 23 01 00
10 04 00 00 00 00 00 00 00 9b d1 50 83 fa b3 19 6c ee 46 10 c7 35 5f
f8 28 f4 77 b8 a2 99 35 0b ad
mgmt::reassoc_resp cb
AP-STA-CONNECTED 00:13:02:90:5b:76
wlan0: STA 00:13:02:90:5b:76 MLME:
MLME-REASSOCIATE.indication(00:13:02:90:5b:76)
wlan0: STA 00:13:02:90:5b:76 WPA: event 6 notification
FT: Retry PTK configuration after association
wpa_driver_nl80211_set_key: ifindex=3 alg=3 addr=0x1f69770 key_idx=0
set_tx=1 seq_len=0 key_len=16
   addr=00:13:02:90:5b:76
wlan0: STA 00:13:02:90:5b:76 IEEE 802.1X: start authentication
EAP: Server state machine created
IEEE 802.1X: 00:13:02:90:5b:76 BE_AUTH entering state IDLE
IEEE 802.1X: 00:13:02:90:5b:76 CTRL_DIR entering state FORCE_BOTH

wlan0: STA 00:13:02:90:5b:76 WPA: FT authentication already completed
- do not start 4-way handshake

IEEE 802.1X: 00:13:02:90:5b:76 AUTH_PAE entering state DISCONNECTED
AP-STA-DISCONNECTED 00:13:02:90:5b:76
wlan0: STA 00:13:02:90:5b:76 IEEE 802.1X: unauthorizing port
IEEE 802.1X: 00:13:02:90:5b:76 AUTH_PAE entering state RESTART
EAP: EAP entering state INITIALIZE

... and then EAP handshake is fully executed.

In my tests I tried both to reassociate at the same AP, and to
explicitly roam also to the same AP.
I use a STA with a IntelPro card (driver iwl3945 + mac80211), and a AP
with Atheros card (ath5k). Both drivers are the latest ones (kernel
2.6.34.1).

   Can anybody help ?

   Thanks in advance !

-- 
  -----------------------------
  Marcelo Maia Sobral
  Federal University of Santa Catarina
  Florianópolis - SC - Brasil
  MSN ID: msobral at gmail.com
  -----------------------------


More information about the HostAP mailing list