Unable to connect to WPA2-Enterprise since 2.4-r1: WPA_ALG_PMK bug?
Ralf Ramsauer
ralf+hostap
Mon Apr 27 05:54:00 PDT 2015
Hey folks,
since my gentoo box updated to wpa_supplicant 2.4-r1 I'm encountering
problems with WPA2-Enterprise networks.
Well, first i ignored it because I thought it's my own incompetence. But
then after some days my friends using Arch also updated to 2.4-r1 and
they encountered the exact same problems.
So I did some investigations.
tl;dr: Downgrading to wpa_supplicant 2.2/2.3 fixes the problem, the
problem exists since wpa_supplicant 2.4-r1
---
Reconstruction:
After connecting to a WPA2-Enterprise network (wpa_supplicant 2.4-r1,
PEAP/MSCHAPv2) I got the following messages in my journal (suspicious
line highlighted):
[snip]
Apr 27 13:45:49 lefay wpa_supplicant[638]: wlp3s0:
CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:freeradius2.othr.de
Apr 27 13:45:49 lefay wpa_supplicant[638]: EAP-MSCHAPV2:
Authentication succeeded
Apr 27 13:45:49 lefay kernel: wlp3s0: Limiting TX power to 17 dBm as
advertised by 54:78:1a:20:ff:4f
Apr 27 13:45:49 lefay wpa_supplicant[638]: EAP-TLV: TLV Result -
Success - EAP-TLV/Phase2 Completed
Apr 27 13:45:49 lefay wpa_supplicant[638]: wlp3s0:
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
*Apr 27 13:45:49 lefay wpa_supplicant[638]: nl80211: Unexpected
encryption algorithm 5*
Apr 27 13:45:49 lefay NetworkManager[545]: <info> (wlp3s0):
supplicant interface state: associated -> 4-way handshake
Apr 27 13:46:11 lefay NetworkManager[545]: <warn> (wlp3s0):
Activation: (wifi) association took too long
Apr 27 13:46:11 lefay NetworkManager[545]: <info> (wlp3s0): device
state change: config -> need-auth (reason 'none') [50 60 0]
Apr 27 13:46:11 lefay NetworkManager[545]: <warn> (wlp3s0):
Activation: (wifi) asking for new secrets
[snip]
After downgrading to wpa_supplicant 2.2 and connecting to the same
network, the log of looked slightly different:
[snip]
Apr 27 14:34:34 lefay kernel: wlp3s0: authenticate with
54:78:1a:20:ff:40
Apr 27 14:34:34 lefay kernel: wlp3s0: send auth to 54:78:1a:20:ff:40
(try 1/3)
Apr 27 14:34:34 lefay NetworkManager[564]: <info> (wlp3s0):
supplicant interface state: disconnected -> authenticating
Apr 27 14:34:34 lefay kernel: wlp3s0: send auth to 54:78:1a:20:ff:40
(try 2/3)
*Apr 27 14:34:34 lefay kernel: wlp3s0: authenticated*
Apr 27 14:34:34 lefay kernel: wlp3s0: associate with
54:78:1a:20:ff:40 (try 1/3)
Apr 27 14:34:34 lefay kernel: wlp3s0: RX AssocResp from
54:78:1a:20:ff:40 (capab=0x431 status=0 aid=69)
Apr 27 14:34:34 lefay NetworkManager[564]: <info> (wlp3s0):
supplicant interface state: authenticating -> associating
Apr 27 14:34:34 lefay kernel: wlp3s0: associated
[snip]
So 2.4-r1 seems to use a 4 way handshake, 2.2 uses a three way
handshake? Why did it change?
So I recompiled wpa_supplicant 2.4-r1 with debugging symbols and started
analyzing.
The suspicious line "*nl80211: Unexpected encryption algorithm 5*" is
thrown in driver_nl80211.c line 2399. It is a switch-case on the
algorithm for WPA_ALG_PMK, which is ... not supported?
Hum?
This is the problematic case:
switch (alg) {
[snip]
case WPA_ALG_NONE:
case WPA_ALG_PMK:
*wpa_printf(MSG_ERROR, "nl80211: Unexpected encryption algorithm
%d", alg);*
return 0;
}
[snip]
And here's a backtrace of the problematic point (2.4-r1)
#1 0x00000000004ba377 in wpa_driver_nl80211_set_key
(ifname=0x19df57c "wlp3s0", bss=0x19e0690, alg=WPA_ALG_PMK,
addr=0x0, key_idx=0, set_tx=0, seq=0x0, seq_len=0, key=0x19e0a00
"[snip] ", key_len=32)
at ../src/drivers/driver_nl80211.c:2532
#2 0x00000000004c5652 in driver_nl80211_set_key (ifname=0x19df57c
"wlp3s0", priv=0x19e0690, alg=WPA_ALG_PMK, addr=0x0, key_idx=0,
set_tx=0, seq=0x0, seq_len=0, key=0x19e0a00 "[snip]", key_len=32)
at ../src/drivers/driver_nl80211.c:7233
#3 0x00000000004a62cc in wpa_drv_set_key (wpa_s=0x19df530,
alg=WPA_ALG_PMK, addr=0x0, key_idx=0, set_tx=0, seq=0x0, seq_len=0,
key=0x19e0a00 "[snip] ", key_len=32) at driver_i.h:156
#4 0x00000000004a7f9c in wpa_supplicant_key_mgmt_set_pmk
(ctx=0x19df530, pmk=0x19e0a00 "[snip] ", pmk_len=32) at wpas_glue.c:1011
#5 0x0000000000423114 in wpa_sm_key_mgmt_set_pmk (sm=0x19e0a00,
pmk=0x19e0a00 "[snip]", pmk_len=32) at ../src/rsn_supp/wpa_i.h:349
#6 0x000000000042370d in wpa_supplicant_key_mgmt_set_pmk
(sm=0x19e0a00) at ../src/rsn_supp/wpa.c:165
#7 0x0000000000423a73 in wpa_supplicant_get_pmk (sm=0x19e0a00,
src_addr=0x7ffd28bc1aec "Tx\032 \377@", pmkid=0x1a06b09 "[snip]") at
../src/rsn_supp/wpa.c:234
#8 0x000000000042449b in wpa_supplicant_process_1_of_4
(sm=0x19e0a00, src_addr=0x7ffd28bc1aec "Tx\032 \377@",
key=0x1a06aa4, ver=2, key_data=0x1a06b03 "\335\024",
key_data_len=22) at ../src/rsn_supp/wpa.c:459
#9 0x0000000000428aca in wpa_sm_rx_eapol (sm=0x19e0a00,
src_addr=0x7ffd28bc1aec "Tx\032 \377@", buf=0x7ffd28bc1b20
"\002\003", len=121) at ../src/rsn_supp/wpa.c:1965
#10 0x0000000000499ecd in wpa_supplicant_rx_eapol (ctx=0x19df530,
src_addr=0x7ffd28bc1aec "Tx\032 \377@", buf=0x7ffd28bc1b20
"\002\003", len=121) at wpa_supplicant.c:3091
#11 0x00000000004d69ab in l2_packet_receive (sock=12,
eloop_ctx=0x19e1010, sock_ctx=0x0) at
../src/l2_packet/l2_packet_linux.c:176
#12 0x000000000041bc6a in eloop_sock_table_dispatch (table=0x72a988
<eloop+8>, fds=0x19df320) at ../src/utils/eloop.c:502
#13 0x000000000041ca68 in eloop_run () at ../src/utils/eloop.c:1007
#14 0x000000000049caca in wpa_supplicant_run (global=0x19db690) at
wpa_supplicant.c:4646
#15 0x00000000004adba0 in main (argc=2, argv=0x7ffd28bc26c8) at
main.c:333
Anyone any suggestions?
Thanks for any help.
Cheers
Ralf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20150427/c8394934/attachment.htm>
More information about the Hostap
mailing list