PMKSA/PMKID issue(s)

Jouni Malinen jkmaline
Fri Jan 21 22:02:36 PST 2005 

On Sat, Jan 22, 2005 at 12:41:21AM -0500, Zimmermann, Christopher Brian (Chris) wrote:

> You can see the EAP-SUCCESS, but the PMKID does not get processed via
> rsn_preauth_eapol_cb().  Both of these APs come from the Terrawave
> WPA2/WMM testbed package.

Interesting.. wpa_supplicant is discarding the EAP-Success packet for
the pre-authentication case even though it was accepted for the normal
authentication. It looks like I have not tested pre-authentication with
RADIUS servers that do not conform to EAP RFC (i.e., ones that require
EAP workarounds in wpa_supplicant).. EAPOL state machine initialization
in rsn_preauth_init() was not initializing couple of configuration
fields and this disabled EAP workarounds for pre-authentication even if
they were enabled for the normal authentication.

Please let me know whether the attached patch fixes this issue. This
change is already committed to CVS, too.

> But I don't get a add_pmkid() call into the driver interface.  And the
> timeout gets called, too.

This is because the EAP-Success was never processed..

> EAP: EAP entering state RECEIVED
> EAP: Received EAP-Success
> EAP: Workaround for unexpected identifier field in EAP Success: reqId=6 lastId=5 (these are supposed to be same)
> EAP: EAP entering state SUCCESS
> EAPOL: SUPP_BE entering state RECEIVE
> EAPOL: SUPP_BE entering state SUCCESS

This is the EAP-Success for the normal authentication.

> EAPOL: Received EAP-Success
> EAPOL: Received EAP-Packet frame
> EAPOL: SUPP_BE entering state REQUEST
> EAPOL: getSuppRsp
> EAP: EAP entering state RECEIVED
> EAP: Received EAP-Success
> EAP: EAP entering state DISCARD

This is for pre-authentication and it is discarded because of the EAP
workaround not being enabled here.

-- 
Jouni Malinen                                            PGP id EFC895FA
-------------- next part --------------
Index: wpa.c
===================================================================
RCS file: /home/jm/cvsroot/hostap/wpa_supplicant/wpa.c,v
retrieving revision 1.69
diff -u -p -r1.69 wpa.c
--- wpa.c	18 Jan 2005 19:25:16 -0000	1.69
+++ wpa.c	22 Jan 2005 05:52:37 -0000
@@ -2247,6 +2247,9 @@ int rsn_preauth_init(struct wpa_supplica
 	memset(&eapol_conf, 0, sizeof(eapol_conf));
 	eapol_conf.accept_802_1x_keys = 0;
 	eapol_conf.required_keys = 0;
+	eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
+	if (wpa_s->current_ssid)
+		eapol_conf.workaround = wpa_s->current_ssid->eap_workaround;
 	eapol_sm_notify_config(wpa_s->preauth_eapol, wpa_s->current_ssid,
 			       &eapol_conf);
 	memcpy(wpa_s->preauth_bssid, dst, ETH_ALEN);

More information about the Hostap mailing list