WPA2 Connection Problems between Android and DLink DIR-825 running OpenWRT

[David Levitan]

On 7/27/10 10:25 PM, Jouni Malinen wrote:
> On Tue, Jul 27, 2010 at 06:01:10PM -0700, David Levitan wrote:
>
>> I recently upgraded to a DIR-825 router (atk9k based), on which I've
>> installed the trunk build of OpenWRT (with an early-July version of
>> hostapd). I've been able to setup everything as needed, except for one
>> major problem. WPA2 connections work with no problems between the router
>> and a MacBook and a Linux laptop, with both radios. I cannot get a WPA2
>> negotiation to complete between my Motorola Droid and the router.
>
>> The configuration file for hostapd on the 2.4Ghz interface is below,
>> along with a log from hostapd. Looking through the log, the problem
>> appears to occur in comparing the second step of the handshake, with one
>> octet being different. However, I know little about WPA2, and I'm
>> wondering if anyone has any thoughts on where something is going wrong.
>> Is it hostapd on the router, or wpa_supplicant on the Droid? Is it
>> possible to fix with just hostapd on the router (even if it means a
>> custom build)?
>
> This looks like a client side issue. The RSN IE must match between
> (Re)Association Request and message 2 in 4-way handshake. It looks
> likely that the driver ignores the RSN IE that wpa_supplicant generates
> and instead, builds a different RSN IE for Association Request. The
> difference is in number of PTKSA/GTKSA replay counters that the device
> claims to support. There is no way to fix this at the AP. A workaround
> would be to ignore the differences in RSN IE, but that could potentially
> open some security downgrade attacks. Anyway, this should be filed as a
> bug against the phone so that this issue can be resolved properly.
>

Thank you very much for the information. Two more questions...

1. I rooted the phone a few weeks ago (before upgrading the router) and 
installed one of the third-party 2.2 ROMs, so I should be able to go as 
far as recompiling all of Android if need be. I think that the driver 
itself is also available, but I'm not 100% sure (I haven't done any 
Android development). I know that Android 2.2 is running wpa_supplicant 
0.6.10, and from my reading there appear to have been a few bugs that 
seemed related to something like this. Would any of those affect this, 
or is this something that would be definitely be in the driver itself?

2. Why is the phone able to connect to other networks and could connect 
to the previous router, but not now? Are other implementations simply 
more lenient (as you mentioned I could modify hostpad and ignore the RSN 
IE differences)?

Thanks,
David