WPA-TLS problem in wpa_supplicant_0.4.4 with Linux wireless extensions driver

Wed Sep 7 01:43:55 PDT 2005

> I have constructed my WPA-TLS test environment with a Freeradius server (version 1.0.4) on server side and a madwifi driver and WPA_supplicant (version 0.4.4) on client side and An Access point which support  WPA-Enterprise and WPA-PSK. 
> In this environment, I can ping the AP (191.169.1.2) when I used madwifi driver and Athroess wireless adapter. it is my command"./wpa_supplicant -iath0 -Dmadwifi -d -c/etc/wpa_supplicant.conf"
> but after I changed wireless adapter and wireless driver which support Linux wireless extension interface, It can't connects to the AP, then I change my AP authentication mode from WPA to WPA-PSK, my wireless extensions driver connect AP, this time my command is:"./wpa_supplicant -iwlan0 -Dwext -d -c/etc/wpa_supplicant.conf"
> 
> following is my wpa_supplicant.conf:
> 
> eapol_version=2
> ap_scan=1
> fast_reauth=1
> 
> network={
> 	ssid="Instant-WPA"
> 	proto=WPA
> 	key_mgmt=WPA-PSK
> 	pairwise=CCMP
> 	group=CCMP
> 	psk="0123456789"
> }
> 
> OR
> 
> network={
> 	ssid="Instant-WPA"
> 	proto=WPA
> 	key_mgmt=WPA-EAP
> 	pairwise=CCMP
> 	group=CCMP
> 	eap=TLS
> 	identity="figo at pd50.com"
> 	ca_cert="/etc/wpa_supplicant/cacert.pem"
> 	client_cert="/etc/wpa_supplicant/cert-clt.pem"
> 	private_key="/etc/wpa_supplicant/cert-clt.pem"
> 	private_key_passwd="whatever"
> 	priority=1
> }
> ............................................................................
> following is my debug log file:
> 
> Initializing interface 'wlan0' conf '/etc/wpa_supplicant.conf' driver 'wext'
> Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
> Reading configuration file '/etc/wpa_supplicant.conf'
> eapol_version=2
> ap_scan=1
> fast_reauth=1
> Priority group 1
>    id=0 ssid='Instant-WPA'
> Initializing interface (2) 'wlan0'
> EAPOL: SUPP_PAE entering state DISCONNECTED
> EAPOL: KEY_RX entering state NO_KEY_RECEIVE
> EAPOL: SUPP_BE entering state INITIALIZE
> EAP: EAP entering state DISABLED
> EAPOL: External notification - portEnabled=0
> EAPOL: External notification - portValid=0
> SIOCGIWRANGE: too old (short) data - assuming WPA is not supported
> Own MAC address: 00:10:1d:33:0c:56
> wpa_driver_wext_set_wpa
> wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
> wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
> wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
> wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
> wpa_driver_wext_set_countermeasures
> wpa_driver_wext_set_drop_unencrypted
> Setting scan request: 0 sec 100000 usec
> RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
> RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
> State: DISCONNECTED -> SCANNING
> Starting AP scan (broadcast SSID)
> Scan timeout - try to get results
> Received 296 bytes of scan results (2 BSSes)
> Scan results: 2
> Selecting BSS from priority group 1
> 0: 00:e0:b8:76:24:7c ssid='Instant-WPA' wpa_ie_len=26 rsn_ie_len=0 caps=0x0
>    selected
> Trying to associate with 00:e0:b8:76:24:7c (SSID='Instant-WPA' freq=2457 MHz)
> Cancelling scan request
> WPA: clearing own WPA/RSN IE
> Automatic auth_alg selection: 0x1
> WPA: using IEEE 802.11i/D3.0
> WPA: Selected cipher suites: group 16 pairwise 16 key_mgmt 1
> WPA: set AP WPA IE - hexdump(len=26): dd 18 00 50 f2 01 01 00 00 50 f2 04 01 00 00 50 f2 04 01 00 00 50 f2 01 00 00
> WPA: clearing AP RSN IE
> WPA: using GTK CCMP
> WPA: using PTK CCMP
> WPA: using KEY_MGMT 802.1X
> WPA: Set own WPA IE default - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 04 01 00 00 50 f2 04 01 00 00 50 f2 01
> No keys have been configured - skip key clearing
> wpa_driver_wext_set_drop_unencrypted
> State: SCANNING -> ASSOCIATING
> wpa_driver_wext_associate
> Setting authentication timeout: 5 sec 0 usec
> EAPOL: External notification - portControl=Auto
> RX EAPOL from 00:e0:b8:76:24:7c
> Setting authentication timeout: 70 sec 0 usec
> EAPOL: Received EAP-Packet frame> 
> 
> ................enter idle state..........wait...................
> 
> .... when driver run to this place, wpa_supplicant enter idle state and wait next scan, I check the wireless packet from wireless packet capture, AP have sent an EAP request to our wireless adapter,
>      and my driver have indicated this packet to system through netif_rx().
> 
>      I thought since madwifi driver have verified the process about EAP request, certificated read, TLS connection and WPA-PSK have verified 4-way handshake of WPA, why my driver can't work???
> 
>      Please help me!!!
> 
>      Thanks!!!
> 
> 

===========================================================================================The privileged confidential information contained in this email is intended for use only by the addressees as indicated by the original sender of this email. If you are not the addressee indicated in this email or are not responsible for delivery of the email to such  a person, please kindly reply to the sender indicating this fact and delete all copies of it from your computer and network server immediately. Your cooperation is highly appreciated. It is advised that any unauthorized use of confidential information of Winbond is strictly prohibited; and any information in this email irrelevant to the official business of Winbond shall be deemed as neither given nor endorsed by Winbond.
===========================================================================================If your computer is unable to decode Chinese font, please ignore the following message.It essentially repeats the statement in English given above.???H???????t?????q?l???]???????K?????T, ?????v???o?H?H???w?????H?H???\\????. ?????z???D?Q???w?????H?H???]???????]?b???g???v?????????U???????H??, ???z?i?????o?H?H?????Y?N?H???q?q???P???????A???????H????. ?????z???X?@, ?????????P??. ?S??????, ???????g???v?????????????q?l?????K???T???????O?Q?Y???T????. ?H???P?????q?l???~?L???????e,???o?????????q?l?????????N??.