wpa supplicant v0.3.3 and WPA2-PSK issue
Jouni Malinen
jkmaline
Thu Jan 13 20:16:43 PST 2005
On Wed, Jan 12, 2005 at 11:24:26AM -0500, Zimmermann, Christopher Brian (Chris) wrote:
> I am associating to a Cisco AP1231 with WPA2 Wi-Fi Alliance special test
> firmware (for WPA2/WMM certification).
>
> I tried using WPA2-PSK and it always fails. I believe the problem to be
> caused by PMKSA. To the best of my understanding, PMKSA and Pre-Shared
> Key are mutually exclusive; the point of PMKIDs being to avoid the
> potentially lengthy EAP negotiation (certificate exchange, etc.).
PMKSA/PMKID is not limited to WPA2 with EAP authentication even though
that is indeed the most common use case for them.
> Earlier in the function, eapol_sm_get_key() is called, and no key is
> obtained, PMKSA caching being aborted. wpa_eapol_send() is called and
> the 1_of_4 function returns. For the PSK condition, this seems to be
> invalid. I patched the problem on my system by changing
>
> Line 1106: if (abort_cached) {
>
> to be as follows:
>
> if ((abort_cached) && (wpa_s->key_mgmt ==
> WPA_KEY_MGMT_IEEE8021X)) {
>
> This change prevents sending out the EAPOL-Start message, which the AP
> will not answer, and allows sends message 2/4. WPA2-PSK completes
> successfully this way
I added couple of workarounds for similar issue with WPA2 with EAP
authentication in v0.3.3, but did not test WPA2-PSK at that point. This
change looks valid since there is no point in sending out EAPOL-Start
messages with WPA2-PSK, nor in aborting the authentication at that
point. I added this to the current development branch.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list