WPA2-PEAP problems

Harshal Chhaya harshal at gmail.com
Wed May 25 10:44:09 EDT 2011


Here is something interesting in the EAPOL v1 and PEAP v0 config. I
have truncated the data dumps for readability.

See the "EAP-PEAP: Unexpected Cryptobinding TLV SubType 0" message.
Any idea why this happens after all the keys have been generated?

EAP-PEAP: PHASE2_METHOD -> PHASE2_TLV
EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 41
EAP-PEAP: TK - hexdump(len=60): 75 c2 ...
EAP-PEAP: ISK - hexdump(len=32): 3a 08 f5 b2 ...
EAP-PEAP: TempKey - hexdump(len=40): 75 c2 ed fd f3 ...
EAP-PEAP: IMCK (IPMKj) - hexdump(len=60): 40 bf 2c 36 67 ff 1e 30 ...
EAP-PEAP: IPMK (S-IPMKj) - hexdump(len=40): 40 bf 2c 36 ...
EAP-PEAP: CMK (CMKj) - hexdump(len=20): b4 58 ...
EAP-PEAP: Compound_MAC CMK - hexdump(len=20): b4 58 ...
EAP-PEAP: Compound_MAC data 1 - hexdump(len=60): 00 0c 00 38 ...
EAP-PEAP: Compound_MAC data 2 - hexdump(len=1): 19
EAP-PEAP: Compound_MAC - hexdump(len=20): ec af a6 ...
EAP-PEAP: Encrypting Phase 2 TLV data - hexdump(len=71): 01 29 00 47 21 ...
TLSv1: Plaintext AppData - hexdump(len=71): 01 29 00 47 21 80 ...
TLSv1: Record Layer - Write HMAC - hexdump(len=20): 2c 7e b8 32 35 06 ..
SSL: Generating Request
SSL: Sending out 101 bytes (message sent completely)
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: 00:09:37:0b:30:84 BE_AUTH entering state REQUEST
wlan0: STA 00:09:37:0b:30:84 IEEE 802.1X: Sending EAP Packet (identifier 41)
IEEE 802.1X: 00:09:37:0b:30:84 TX status - version=2 type=0 length=107 - ack=1
IEEE 802.1X: 111 bytes from 00:09:37:0b:30:84
   IEEE 802.1X: version=1 type=0 length=107
EAP: code=2 identifier=41 length=107
 (response)
wlan0: STA 00:09:37:0b:30:84 IEEE 802.1X: received EAP packet (code=2
id=41 len=107) from STA: EAP Response-PEAP (25)
IEEE 802.1X: 00:09:37:0b:30:84 BE_AUTH entering state RESPONSE
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 respId=41 respMethod=25 respVendor=0
respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
SSL: Received packet(len=107) - Flags 0x00
SSL: Received packet: Flags 0x0 Message Length 0
EAP-PEAP: received 101 bytes encrypted data for Phase 2
TLSv1: Record Layer - Received - hexdump(len=101): 17 03 01 00 60 ...
TLSv1: Received content type 23 version 3.1 length 96
TLSv1: Record Layer - Decrypted data - hexdump(len=96): 02 29 00 47 ...
EAP-PEAP: Decrypted Phase 2 EAP - hexdump(len=71): 02 29 00 47 21 ...
EAP-PEAP: received Phase 2: code=2 identifier=41 length=71
EAP-PEAP: Received TLVs - hexdump(len=66): 80 03 00 02 00 01 00 0c ...
EAP-PEAP: Cryptobinding TLV - hexdump(len=56): 00 00 00 00 ee 39 a1 bf
a3 ad ca ...
EAP-PEAP: Unexpected Cryptobinding TLV SubType 0
EAP-PEAP: PHASE2_TLV -> FAILURE
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: method failed -> FAILURE
EAP: EAP entering state FAILURE


Thanks,
- Harshal



On Wed, May 25, 2011 at 6:16 AM, Harshal Chhaya <harshal at gmail.com> wrote:
> Ed,
>
> I can connect to hostapd in WPA2-PEAP using my Win7 laptop.
>
> I also found that my target client (an embedded system) uses EAPOL
> version1 and PEAP v0 when it successfully authenticates with another
> AP (using freeRADIUS as the backend). I used the 'hostapd.conf' file
> to set eap_version=1 and used the 'eap_users' file to specify PEAPv0.
> Still no success. )-8
>
> I understand that these are older protocol versions but are they fully
> supported in hostapd? Jouni?
>
> I don't want to edit the hostapd source to work around these problems
> (i.e. ignore the length mismatch etc.) but I am running out of ideas
> to try.
>
> Any suggestions welcome.
>
> Regards,
> - Harshal
>
>
> On Wed, May 25, 2011 at 2:00 AM, Ed W <lists at wildgooses.com> wrote:
>> On 24/05/2011 19:44, Harshal Chhaya wrote:
>>> Try setting 'eap_version' to 1 (instead of 2) and 'wmm_enabled' to 0
>>> (the default is 1) since that seems to help in some cases (not in my
>>> case though).
>>
>>
>> I already tried eap_version=1, but not sure on the other param.  So far
>> I haven't seen any successful auth (trying only OSX and iPad clients
>> though).  Do you see some successful auth? Which type of client?
>>
>> Cheers
>>
>> Ed W
>>
>


More information about the HostAP mailing list