wpa_supplicant, atheros and .1x problem

Andy wireless
Wed Jun 23 09:36:54 PDT 2004 

I've just been trying to get wpa_supplicant working with an Atheros card
using 802.1x EAP TLS and had some problems. I'm connecting to a Cisco 1200.

The ioctl to set the broadcast wep key in the MadWifi driver from
driver_madwifi.c:wpa_driver_madwifi_set_key was failing.

The keys were being provided from the EAP layer to
wpa_driver_madwifi_set_key with the following info:

Broadcast key: index 0 set_tx 0 keylen 13
Unicast key: index 3 set_tx 128 keylen 13

The code in wpa_driver_madwifi_set_key interprets 0 as being a unicast key -
which is wrong, since most APs provide the broadcast key at index 0. When it
interpreted key 0 as being a unicast key it tried to bind the key to the
broadcast address, which the underlying driver rejected.

I'm using todays Madwifi code and wpa_supplicant 0.2.3, the driver_madwifi.c
appears to be unchanged from this release when compared to CVS.

The following fix seems to work for me, although I don't know if it breaks
the WPA mode of operation (or any other mode, for that matter). The code now
_never_ tries to use the IEEE80211_KEYIX_NONE key index and sets the
transmit and default transmit bits for the unicast key only, and always uses
the key index given by the EAP process.

Index: wpa_supplicant/driver_madwifi.c
===================================================================
RCS file: /cvs/hostap/wpa_supplicant/driver_madwifi.c,v
retrieving revision 1.1
diff -u -r1.1 driver_madwifi.c
--- wpa_supplicant/driver_madwifi.c 10 Jun 2004 04:32:26 -0000 1.1
+++ wpa_supplicant/driver_madwifi.c 23 Jun 2004 16:32:21 -0000
@@ -253,22 +253,16 @@
memset(&wk, 0, sizeof(wk));
wk.ik_type = cipher;
- if (key_idx == 0) {
+ wk.ik_flags = IEEE80211_KEY_RECV;
+ if (set_tx) {
/*
- * PTK; install as the unicast key.
+ * install as the unicast and default transmit key
*/
- wk.ik_keyix = IEEE80211_KEYIX_NONE;
- wk.ik_flags = IEEE80211_KEY_XMIT | IEEE80211_KEY_RECV;
- memcpy(wk.ik_macaddr, addr, IEEE80211_ADDR_LEN);
- } else {
- /*
- * GTK; install as the default key.
- */
- wk.ik_keyix = key_idx;
- wk.ik_flags = IEEE80211_KEY_RECV | IEEE80211_KEY_DEFAULT;
- memset(wk.ik_macaddr, 0, IEEE80211_ADDR_LEN);
+ wk.ik_flags |= IEEE80211_KEY_XMIT | IEEE80211_KEY_DEFAULT;
}
+ wk.ik_keyix = key_idx;
wk.ik_keylen = key_len;
+ memset(wk.ik_macaddr, 0, IEEE80211_ADDR_LEN);
memcpy(&wk.ik_keyrsc, seq, seq_len);
memcpy(wk.ik_keydata, key, key_len);

I've also noticed that using wpa_supplicant, 802.1x reauthentication
(initiated by the AP with an identity request) doesn't work with my Prism
(hostap) card (as reported earlier this week) but does work correctly with
the Atheros cards.  In my instance, there are no messages of any kind
printed when the AP sends the identity request, as though the Prism card has
dropped the frame or never passed it on.

Andy
wireless at windsorcarclub.co.uk
ENDOFMSG



This message contains information which may be confidential and privileged.  Unless you are the addressee (or authorised to receive for the addressee),  you should not use, copy or disclose to anyone the details or information contained in this message.  The content of the message and or attachments may not reflect the view and opinions of the originating company. If you have received this message in error, you should reply to the sender and copy email at madge.com and delete the message from your system.  Thank you for your co-operation.

More information about the Hostap mailing list