madwifi and wpa-psk problem

Jouni Malinen jkmaline
Sun May 8 12:21:28 PDT 2005 

On Fri, May 06, 2005 at 03:05:45PM -0600, Benj Carson wrote:

> I have a D-Link DWL-G520 which uses the Atheros AR5212 chip and a Linksys 
> WAP54G.  The AP is configured to use WPA-PSK, and works fine with the Intel 
> PRO/Wireless 2100 in my laptop.  I'm running the latest developer CVS snap of 
> wpa_supplicant and I updated madwifi from CVS last week.

Which CVS branch of madwifi are you using (trunk/mainline or BSD
branch)?

> I'm having trouble getting the card to associate completely with the AP.  In 
> looking at the wpa_supplicant logs, it appears that authentication proceeds 
> correctly, but once the group handshake is completed, the connection gets 
> disconnected:

As far as wpa_supplicant is concerned, the WPA-PSK key handshakes are
indeed completed successfully. However, the AP does not seem to be
receiving the final message (group key msg 2/2) and it will retry the
group key handshake by sending msg 1/2 number of times. Eventually, it
will time out and send a deauthentication frame (with reason "Group key
update timeout" in the kismet log you sent).

Unfortunately, the sniffer log does not include EAPOL-Key frames for
some reason. It would be very helpful to get a capture that includes
both the management frames and these data frames in order to verify that
the Group Key packets are indeed sent correctly. One reason for AP not
receiving the frame would be in it not being encrypted correctly. It may
also be possible to use madwifi debugging to find out whether the Group
Key packets are encrypted or not (they should be). I'm not sure how to
enable debugging for this, though.

Following packets should be exchanged in a successful WPA-PSK
authentication:

STA -> AP: mgmt::authentication
STA <- AP: mgmt::authentication
STA -> AP: mgmt::association request
STA <- AP: mgmt::association response
STA <- AP: data::data (unencrypted EAPOL-Key packet, msg 1/4)
STA -> AP: data::data (unencrypted EAPOL-Key packet, msg 2/4)
STA <- AP: data::data (unencrypted EAPOL-Key packet, msg 3/4)
STA -> AP: data::data (unencrypted EAPOL-Key packet, msg 4/4)
STA <- AP: data::data (encrypted EAPOL-Key packet, msg 1/2)
STA -> AP: data::data (encrypted EAPOL-Key packet, msg 2/2)

-- 
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list