failure after 4 way handshake

Jouni Malinen jkmaline
Sat Oct 15 08:54:39 PDT 2005

On Sat, Oct 15, 2005 at 01:46:16PM +0200, matthieu castet wrote:

> I am trying to add native support for WPA for Aironet WPA cards.

Do you mean that you are modifying the airo_cs driver to allow WPA

> With ndiswrapper everything works correctly, but with my implementation
> the master don't send anything after the "4 way handshake" (I have check
> that with a card in monitor mode) and the Managed client fails with
> timeout failure. See the ethereal dump (ether file) and wpa_supplicant 
> log (case1)

Can you send a wireless sniffer log showing this behavior? I'm assuming
you have two cards, one acting as a client and the other one in monitor

> Sometimes the Master send a packet and is received by the client. But
> this packet seems incorrect : the size is too long (wpa_supplicant
> ignore the end) and the key seems wrong : after an exchange of 2-4 
> packets the client is disassociated. [2]
> Why the master don't send an encrypted packet after the '4 way handshake' ?
> Is it because of some failure in '4 way handshake' ?

This sounds like the PTK configuration could have failed. I would need
to see the sniffer log to verify whether there is a Group Key packet
(the first encrypted frames that is sent just after 4-Way Handshake).
Have you tried swapping Michael MIC TX/RX keys? That is one of the most
common problems with TKIP key configuration. This can be done be
swapping bytes 16..23 and 24..31 in the TKIP key.

> When it sends an encrypted packet why it is the decrypted version is too 
> long ?

The AP is likely sending a correct frame but the client card/driver
could do something odd while trying to decrypt this frame.

> What happen if the key is wrong ?

The received frames would normally be dropped, but if you are working on
modifying a driver without hardware documentation, I wouldn't be too
surprised if the driver is now just passing the incorrectly decrypted
packet through.

> status : 810e <- Deauthentication mic failure

This would sound like something that could indeed be triggered by
incorrect Michael MIC TX/RX keys..

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list