Hostapd and WEP - Syslog

SR Dasgupta srdasgupta
Sat Sep 20 03:04:52 PDT 2003 

Hi All !!

I am not yet out of WEP problems and propably can't leave it till solved :)

My test and Syslog are as given below.

In the code, the error "WEP decryption failed (SA=00:ba:69:15:09:55)" can 
occur in hostap_hw.c - hostap_rx_frame_decrypt().
Therefore I suspect that after the 802.11 associated and authentication is 
thru, the WEP encryption fails for data.
The log is no different if I enable ieee802.1x from the hostapd.conf.

Does anyone have a solution to this problem?

-Shubharanjan


Here is my syslog.
************************************************************************  
****************************************************
Syslog
************************************************************************  
****************************************************
Jan  7 23:28:11 (none) daemon.debug hostapd: wlan0: STA 00:ba:69:15:09:55 
IEEE 802.11: authentication OK (open system)
Jan  7 23:28:11 (none) daemon.info hostapd: wlan0: STA 00:ba:69:15:09:55 
IEEE 802.11: authenticated
Jan  7 23:28:11 (none) daemon.debug hostapd: wlan0: STA 00:ba:69:15:09:55 
IEEE 802.11: association OK (aid 1)
Jan  7 23:28:11 (none) daemon.info hostapd: wlan0: STA 00:ba:69:15:09:55 
IEEE 802.11: associated (aid 1)
Jan  7 23:28:11 (none) daemon.debug klogd: wlan0: WEP decryption failed 
(SA=00:ba:69:15:09:55)
Jan  7 23:28:14 (none) daemon.debug klogd: wlan0: WEP decryption failed 
(SA=00:ba:69:15:09:55)
Jan  7 23:28:20 (none) daemon.debug klogd: wlan0: WEP decryption failed 
(SA=00:ba:69:15:09:55)
Jan  7 23:28:26 (none) daemon.debug klogd: wlan0: WEP decryption failed 
(SA=00:ba:69:15:09:55)
Jan  7 23:28:31 (none) daemon.debug klogd: wlan0: WEP decryption failed 
(SA=00:ba:69:15:09:55)
Jan  7 23:29:08 (none) daemon.debug klogd: wlan0: WEP decryption failed 
(SA=00:ba:69:15:09:55)**************************************************  
**************************************************************************
Note:Forget the date & time as they are not correctly set.

And here is what I did:
************************************************************************  
****************************************************
1. Enable following WEP in hostapd.conf
	#ieee8021x=0
	wep_key_len_broadcast=13
	# wep_key_len_unicast=13
	# Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
	wep_rekey_period=0	
2. Start hostapd (" # hostapd -d /etc/hostapd.conf & ").
3. View WEP keys using iwlist (" # iwlist wlan0 key ").
	# iwlist wlan0 key
	wlan0  2 key sizes : 40, 104bits
	          4 keys available :
            	    [1]: off
	                [2]: fa29b37a2bc0b974125ee1de2e
            	    [3]: off
	                [4]: off
           Current Transmit Key: [2]
           Security mode:open
4. Configure the XP with correct WEP keys and index.
5. Select the correct ssid from the WinXP.
************************************************************************  
****************************************************



-----Original Message-----
From:	Jose Araujo [SMTP:jlaraujo at dti.pga.pt]
Sent:	Wednesday, September 17, 2003 8:08 PM
To:	hostap at shmoo.com
Cc:	srdasgupta at contechsoftware.com
Subject:	Re: Hostapd and WEP - Does it work?

Hi,

Have you tried setting eapol_key_index_workaround=0 i use WinXP latest
service pack and it doesn't require that setting ?

EAPOL-Key index workaround (set bit7) for WinXP Supplicant (needed only
if only broadcast keys are used);

But then again i am using both keys with encription. I don't understand
why would you want to protect only broadcast traffic ?

Jose Araujo



SR Dasgupta wrote:

>I didnot get any reply to my prev. mail. It seems that not many
>here are interested in using Hostapd and WEP. Or is it
>that my description below was not clear enough?
>
>-----Old Message-----
>
>Setup
>=====
>Supplicant 	- WinXP without SP1
>AP 		- MIPS platform with Hostapd running
>RADIUS 	- FreeRADIUS and Oddessy Server (for testing TLS only).
>You can download the evaluation version of oddessy at www.funk.com.
>
>Successful Testings
>===============
>1. EAP-MD5 	- This works fine.
>2. EAP-TLS 	- This works fine as well.
>
>
>Problems Areas
>===============
>WEP -
>This is a pain in the neck for me. WEP works simply great with hostap
>driver
>and "hostapd NOT RUNNING" i.e. configuring WEP using iwconfig.
>The following are the testing that I have carried out and my observations:
>
>------------------------------------------------------------------------
>------------------------------------------------------------------------
>------------------------------------
>Case 1:
>1. Disable WEP key options in hostapd.conf. IEEE 802.1x and RADIUS should
>also be disabled.
>2. Start hostapd (" # hostapd -d /etc/hostapd.conf & "). The daemon would
>run but not do nay stuff.
>3. Set WEP keys using iwconfig (" # iwconfig eth2 key 1 904f00109c ").
>	We have configured eth2 instead if wlan0.
>4. Configure the XP with same WEP keys and index.
>
>Observation 1: WEP encryption works. This case should not be a problem
>anyways. It was just to test the driver.
>------------------------------------------------------------------------
>------------------------------------------------------------------------
>------------------------------------
>
>Case 2:
>1. Ensure that there is no WEP key pre-configured (" # iwlist eth2 key " 
to
>see the values)
>2. Enable following WEP key options in hostapd.conf
>
>	wep_key_len_broadcast=5
>	# wep_key_len_unicast=5
>	# Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
>	wep_rekey_period=0	
>
>     Keep the 802.1x and RADIUS options disabled. The rotation is disabled 
>as evident
>
>3. Start hostapd (" # hostapd -d /etc/hostapd.conf & ").
>4. View WEP keys using iwlist (" # iwlist eth2 key ").
>
>	# iwlist eth2 key
>	eth2      2 key sizes : 40, 104bits
>	          4 keys available :
>            	    [1]: 904F-0010-9C (40 bits)
>	                [2]: off
>            	    [3]: off
>	                [4]: off
>          Current Transmit Key: [1]
>          Security mode:open
>
>5. Configure the XP with same WEP keys and index.
>
>Observation 2: There is no packet transfer between XP supplicant and AP.
>This was observed with ethereal.
>To me this is real strange. Why should things not work when Hostapd is
>running and key rotation is disabled? How
>does this differ from Case I.
>------------------------------------------------------------------------
>------------------------------------------------------------------------
>------------------------------------
>
>Case 3:
>Repeat Case 2 but now enable key rotation ("wep_rekey_period=300"). In XP, 
>enable WEP and "The key is provided for me automatically" options.
>
>Observation 3: The result is the same as observation 2. In this case,
>hopefully I did the right thing in XP.
>------------------------------------------------------------------------
>------------------------------------------------------------------------
>------------------------------------
>
>Case 4: (WEP & MD5)
>1. Ensure that there is no WEP key pre-configured (" # iwlist eth2 key " 
to
>see the values)
>2. Enable following WEP key options in hostapd.conf
>
>	wep_key_len_broadcast=5
>	# wep_key_len_unicast=5
>	# Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
>	wep_rekey_period=0	
>
>	Rekeying is 0 since as far as I know, MD5 doesnot support it.
>
>3. Enable IEEE 802.1x in hostapd.conf (ieee8021x=1). Configure RADIUS
>setting correctly.
>4. Start hostapd (" # hostapd -d /etc/hostapd.conf & ").
>5. View WEP keys using iwlist (" # iwlist eth2 key ").
>
>	# iwlist eth2 key
>	eth2      2 key sizes : 40, 104bits
>	          4 keys available :
>            	    [1]: 904F-0010-9C (40 bits)
>	                [2]: off
>            	    [3]: off
>	                [4]: off
>          Current Transmit Key: [1]
>          Security mode:open
>5. Configure the XP with same WEP keys and index. Configure Authentication 
>as MD5.
>
>Observation 4: The result is the same as observation 2.
>------------------------------------------------------------------------
>------------------------------------------------------------------------
>------------------------------------
>Case 5: (WEP & TLS)
>Repeat Case 4 but for the following:
>1. Configure RADIUS setting correctly, this time for Oddessy server.
>2. Configure Oddessy Server correctly.
>3. Use Oddessy Client on WinXP and configure correctly. Use WEP option and 
>specify the same key as on AP. Disable key rotation in the client.
>
>Note: The above steps were carried out for successful EAP-TLS testing.
>
>Observation 5: The result is the same as observation 2.
>------------------------------------------------------------------------
>------------------------------------------------------------------------
>------------------------------------
>
>Case 6: (WEP & TLS - key rotation)
>Repeat Case 4 but for the following:
>1. Enable key rotation ("wep_rekey_period=300") in hostapd.conf. Keep
>802.1x option enabled (ieee8021x=1). Configure RADIUS setting correctly,
>this time for Oddessy server.
>2. Configure Oddessy Server correctly.
>3. Use Oddessy Client on WinXP and configure correctly for automatic key
>rotation.
>
>Note: The above steps were carried out for successful EAP-TLS testing.
>
>Observation 5: The result is the same as observation 2.
>------------------------------------------------------------------------
>------------------------------------------------------------------------
>------------------------------------
>
>Note: I have used unicast key setting as well but it has not helped.
>
>_______________________________________________
>HostAP mailing list
>HostAP at shmoo.com
>http://lists.shmoo.com/mailman/listinfo/hostap
>
>
>

More information about the Hostap mailing list