RSN-IE mismatch and WPA2 preauth
Zimmermann, Christopher Brian Chris
cbzimmermann
Mon Jan 24 09:20:45 PST 2005
More pre-authentication fun.
I'm using two APs; both from the WPA2/WMM testbed. One is from Gateway
(Instant802 Self-Managed AP) and the other is a Broadcom reference
design.
The problem I am seeing is that the capabilities field in the RSN-IE for
each is different. The Gateway AP (00:e0:b8:76:27:16 ) sets the
capabilities field to 0x003D, and the Broadcom AP (00:10:18:90:20:78 )
sets it to 0x0001.
This causes a pre-authenticated AP to fail at message 3/4.
Log snippets:
I associate to the Broadcom AP
WPA: Key negotiation completed with 00:10:18:90:20:78 [PTK=CCMP
GTK=CCMP]
I pre-authenticate to the Gateway AP
RSN: pre-authentication with 00:e0:b8:76:27:16 completed successfully
I turn off the radio on the Broadcom AP to force pre-auth to the
gateway...
WPA: IE in 3/4 msg does not match with IE in Beacon/ProbeResp
(src=00:e0:b8:76:27:16)
WPA: RSN IE in Beacon/ProbeResp - hexdump(len=22): 30 14 01 00 00 0f ac
04 01 00 00 0f ac 04 01 00 00 0f ac 01 01 00
WPA: RSN IE in 3/4 msg - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00
00 0f ac 04 01 00 00 0f ac 01 3d 00
It appears that wpa_supplicant does not keep the probe-rsp RSN-IE around
for multiple APs, just the one it originally associates to. At a quick
inspection:
wpa_supplicant_set_suites() is called with a valid bss (scan result
information) From the scope of wpa_supplicant_associate(). When this
happens, the bss->rsn_ie is stored into the wpa_s->ap_rsn_ie element.
It seems to me this bug would exhibit itself even under normal roaming,
not just under pre-authentication.
Should the ap_rsn_ie's be kept around, at least in the struct
rsn_pmksa_candidate, and then copied into the wpa_s element under the
scope of EVENT_ASSOCINFO reporting to wpa_supplicant_event()?
This seems like a logical way of fixing it, but may not be the best way
for the wpa_supplicant architecture on a whole.
Thanks,
Chris
Chris Zimmermann
Senior Software Engineer, Agere Systems
cbzimmermann at agere.com
More information about the Hostap
mailing list