WPA2 Connection Problems between Android and DLink DIR-825 running OpenWRT
j at w1.fi
Wed Jul 28 01:25:39 EDT 2010
On Tue, Jul 27, 2010 at 06:01:10PM -0700, David Levitan wrote:
> I recently upgraded to a DIR-825 router (atk9k based), on which I've
> installed the trunk build of OpenWRT (with an early-July version of
> hostapd). I've been able to setup everything as needed, except for one
> major problem. WPA2 connections work with no problems between the router
> and a MacBook and a Linux laptop, with both radios. I cannot get a WPA2
> negotiation to complete between my Motorola Droid and the router.
> The configuration file for hostapd on the 2.4Ghz interface is below,
> along with a log from hostapd. Looking through the log, the problem
> appears to occur in comparing the second step of the handshake, with one
> octet being different. However, I know little about WPA2, and I'm
> wondering if anyone has any thoughts on where something is going wrong.
> Is it hostapd on the router, or wpa_supplicant on the Droid? Is it
> possible to fix with just hostapd on the router (even if it means a
> custom build)?
This looks like a client side issue. The RSN IE must match between
(Re)Association Request and message 2 in 4-way handshake. It looks
likely that the driver ignores the RSN IE that wpa_supplicant generates
and instead, builds a different RSN IE for Association Request. The
difference is in number of PTKSA/GTKSA replay counters that the device
claims to support. There is no way to fix this at the AP. A workaround
would be to ignore the differences in RSN IE, but that could potentially
open some security downgrade attacks. Anyway, this should be filed as a
bug against the phone so that this issue can be resolved properly.
Jouni Malinen PGP id EFC895FA
More information about the HostAP