802.11r and FT-EAP

Yury Shvedov yshvedov at arccn.ru
Tue Sep 1 09:22:32 EDT 2015


Hi,

I'm working with 802.11r and trying to test my scheme using 
mac80211_hwsim. I configured hostapd and wpa supplicant to use FT-PSK 
first. It works fine. But when I try to use radius with FT (FT-EAP), the 
4-way handshake failed. Surfing the code and debug logs I found out that 
the reason is in xxkey field of wpa_state_machine (it is empty and ft 
can't derive ptk). The xxkey sets by wpa_auth when eapKeyData is 64 
bytes long (2 * PMK_LEN). But eapKeyData fills up only by radius 
MS-MPPE-Send-Key and MS-MPPE-Recv-Key both 16 bytes long.

The most interesting log of hostapd is:

WPA: 02:00:00:00:02:00 WPA_PTK entering state PTKSTART
wlan3: STA 02:00:00:00:02:00 WPA: sending 1/4 msg of 4-Way Handshake
WPA: Send EAPOL(version=3 secure=0 mic=0 ack=1 install=0 pairwise=1 
kde_len=22 keyidx=0 encr=0)
WPA: Replay Counter - hexdump(len=8): 00 00 00 00 00 00 00 02
WPA: Use EAPOL-Key timeout of 1000 ms (retry counter 2)
wlan3: Event EAPOL_TX_STATUS (38) received
IEEE 802.1X: 02:00:00:00:02:00 TX status - version=2 type=3 length=117 - 
ack=1
WPA: EAPOL-Key TX status for STA 02:00:00:00:02:00 ack=1
wlan3: Event EAPOL_RX (24) received
IEEE 802.1X: 252 bytes from 02:00:00:00:02:00
    IEEE 802.1X: version=1 type=3 length=248
WPA: Received EAPOL-Key from 02:00:00:00:02:00 key_info=0x10b type=2 
key_data_length=153
WPA: Received Key Nonce - hexdump(len=32): 9f 9b 4a 15 31 ab 3e 91 be 1d 
cd 81 10 7b 5e b0 09 8b bb f1 77 6e 03 17 30 7c ff 73 fc 1f 46 6c
WPA: Received Replay Counter - hexdump(len=8): 00 00 00 00 00 00 00 02
FT: PMKR1Name from Supplicant - hexdump(len=16): 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00
wlan3: STA 02:00:00:00:02:00 WPA: received EAPOL-Key frame (2/4 Pairwise)
WPA: 02:00:00:00:02:00 WPA_PTK entering state PTKCALCNEGOTIATING
FT: XXKey not available for key derivation
wlan3: STA 02:00:00:00:02:00 WPA: invalid MIC in msg 2/4 of 4-Way Handshake
wlan3: STA 02:00:00:00:02:00 WPA: EAPOL-Key timeout

I can't attach full logs because of its size. =(
How I have to configure hostapd, wpa_supplicant and radius to get 
another 32 bytes of key in xxkey field?

Configuration files in attachment. Thank you!

-- 
Kind regards,
Yury Shvedov
WiMark Systems

-------------- next part --------------
ctrl_interface=/var/run/wpa_supplicant
ap_scan=1

network={
	ssid="Net-WPA"
	scan_ssid=1
	psk="12345678"
	priority=5
    key_mgmt=FT-PSK
}
network={
	ssid="Net-8021X"
	scan_ssid=1
	priority=5
    eap=MSCHAPV2
    key_mgmt=FT-EAP
    identity="bob"
    password="bob123"
	phase1="fast_provisioning=1"
}
network={
	ssid="BSS1"
	scan_ssid=1
	priority=5
    eap=MSCHAPV2
    key_mgmt=FT-EAP
    identity="bob"
    password="bob123"
}
-------------- next part --------------
interface=wlan3
bridge=br0
driver=nl80211
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=BSS1
hw_mode=g
channel=1
beacon_int=100
dtim_period=2
max_num_sta=255
rts_threshold=2347
fragm_threshold=2346
preamble=1
auth_algs=1
ignore_broadcast_ssid=0
wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
ap_isolate=1
ieee80211n=1
ieee8021x=1
eapol_key_index_workaround=1
nas_identifier=ap.example.com
radius_client_addr=127.0.0.1
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret=testing123
wpa=2
wpa_key_mgmt=FT-EAP
ft_over_ds=0
wpa_pairwise=CCMP
disable_pmksa_caching=1
okc=0
mobility_domain=a1b2


More information about the HostAP mailing list