hostapd: invalid MIC in msg 2/4 of 4-Way Handshake

Jouni Malinen j
Sat Mar 31 19:16:42 PDT 2007

On Tue, Mar 27, 2007 at 07:36:22PM +1000, Nazeer Khan wrote:

> I am using hostapd/madwifi. I have made changes in driver_madwifi and
> broken the hostapd code into two parts. The code_1 that interacts with
> driver runs separately and the code_2 doing all the state machine things
> run separately. Data is collected from driver using code_1 and send to
> code_2 for processing. Similarly when code_2 wants to send any data to
> STA, it sends it to code_1 and code_1 gives it to the driver. The data is
> passed between code_1 and code_2 using UDP sockets.

Are you also sending all events (things that are not just data frames)
from code_1 to code_2? Are the messages/events/commands delivered in the
same order that they would be when this kind of separation is not used?

> I am using EAP-TLS. The station is successfully authenticated by RADIUS
> server. But when code_2 enters "WPA_PTK entering state PTKSTART", it gives
> error on the 2nd message of the 4 way handshake. Actually the MIC is
> failing as clear from the debug message.
> I wanted to ask why is this happening. I have verified that the data
> code_2 is getting from code_1 is exactly the same which code_1 is getting
> from the driver. I have put a hostapd_hexdump statement both in code_1 and
> code_2 to verify that. I have not made any changes in the state machines
> etc etc. Changes are in just "driver_madwifi.c".

Can you please send the debug log from both code_1 and code_2 showing
this failure? Can you publish the changes you have made to

> One weired thing is that if i don't send data from code_1 to code_2, and
> do the processing and all stuff in the same process, i don't get any MIC
> error.

> Can someone help me that why is MIC failing although the contents of the
> MSG are not being changed.

It's difficult to guess what could be causing this since I have not seen
the changes you've done. You could add some more debug prints to both
the supplicant and the device running code_2 and verify that the
parameters to MIC calculation (including the key) are indeed same.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list