CVS: WPA/WPA2 WPA-PSK/TLS TKIP/CCMP: EAPOL-Key timeout s in 1/4 msg of 4-Way Handshake: win+linux clients, madwifi with WG311T, DWL-G650

thomas schorpp t.schorpp
Wed May 18 19:09:33 PDT 2005 

hello,

softwares: hostapd 0.3.6...CVS, client: dlink supplicant on win98 or
wpasupplicant 0.3.8-1 debian on linux, madwifi cvs on both.

cant get authenticated.

seems hostap forgets something to broadcast.

clients wait, dont answer, hostap retries 4x... timeout.
handshake wont run through.

1. tried setup with wpa or rsn -eap-tls, certificates only -> failure
2. now as simple as possible WPA-PSK -> failure

no wep. underlying layers should be ok, hw, iwconfig, maybe madwifi
issue with the netgear WG311T?

win clients connect succesful to an embedded device ap, so should be a
issue with hostap suite.

any ideas?

build and test wpasupp cvs meanwhile...

if you rather like bugzilla, pls ask for.

y
tom

Configuration file: /etc/hostapd/hostapd.conf
madwifi_set_iface_flags: dev_up=0
Using interface ath0 with hwaddr 00:0f:b5:63:e0:f2 and ssid 'madwifi'
madwifi_set_ieee8021x: enabled=1
madwifi_configure_wpa: group key cipher=1
madwifi_configure_wpa: pairwise key ciphers=0xa
madwifi_configure_wpa: key management algorithms=0x2
madwifi_configure_wpa: rsn capabilities=0x0
madwifi_configure_wpa: enable WPA= 0x1
madwifi_set_iface_flags: dev_up=1
madwifi_set_privacy: enabled=1
WPA: group state machine entering state GTK_INIT
GMK - hexdump(len=32): b5 b2 84 ab fd 55 86 f6 a6 2d 8e 25 73 b0 93 48
63 01 42 30 20 0c fa a3 8a 13 74 b6 3a ef 69 06
GTK - hexdump(len=32): 3f e3 30 55 a5 7e 8d 93 71 e2 d0 dc 91 2b 78 f4
86 18 cf 83 ee fb a4 ea f2 c9 bb 9c 0d ba 22 2e
WPA: group state machine entering state SETKEYSDONE
madwifi_set_key: alg=TKIP addr=00:00:00:00:00:00 key_idx=1
Flushing old station entries
Deauthenticate all stations
l2_packet_receive - recv: Network is down
Wireless event: cmd=0x8c03 len=20
ath0: STA 00:0f:3d:86:fd:ab IEEE 802.11: associated
  New STA
ath0: STA 00:0f:3d:86:fd:ab WPA: event 1 notification
ath0: STA 00:0f:3d:86:fd:ab WPA: start authentication
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state INITIALIZE
madwifi_del_key: addr=00:0f:3d:86:fd:ab key_idx=0
ath0: STA 00:0f:3d:86:fd:ab IEEE 802.1X: unauthorizing port
madwifi_set_sta_authorized: addr=00:0f:3d:86:fd:ab authorized=0
WPA: 00:0f:3d:86:fd:ab WPA_PTK_GROUP entering state IDLE
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state AUTHENTICATION
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state AUTHENTICATION2
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state INITPSK
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state PTKSTART
ath0: STA 00:0f:3d:86:fd:ab WPA: sending 1/4 msg of 4-Way Handshake
TX EAPOL - hexdump(len=113): 00 0f 3d 86 fd ab 00 0f b5 63 e0 f2 88 8e
02 03 00 5f fe 00 8a 00 10 00 00 00 00 00 00 00 01 b5 a6 27 35 af f3 71
93 3b 69 cc 30 73 48 21 90 aa 76 63 5d 1a 7d 5a 61 43 e8 4a 94 ce f4 ea
4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00
ath0: STA 00:0f:3d:86:fd:ab WPA: EAPOL-Key timeout
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state PTKSTART
ath0: STA 00:0f:3d:86:fd:ab WPA: sending 1/4 msg of 4-Way Handshake
TX EAPOL - hexdump(len=113): 00 0f 3d 86 fd ab 00 0f b5 63 e0 f2 88 8e
02 03 00 5f fe 00 8a 00 10 00 00 00 00 00 00 00 02 b5 a6 27 35 af f3 71
93 3b 69 cc 30 73 48 21 90 aa 76 63 5d 1a 7d 5a 61 43 e8 4a 94 ce f4 ea
4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00
ath0: STA 00:0f:3d:86:fd:ab WPA: EAPOL-Key timeout
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state PTKSTART
ath0: STA 00:0f:3d:86:fd:ab WPA: sending 1/4 msg of 4-Way Handshake
TX EAPOL - hexdump(len=113): 00 0f 3d 86 fd ab 00 0f b5 63 e0 f2 88 8e
02 03 00 5f fe 00 8a 00 10 00 00 00 00 00 00 00 03 b5 a6 27 35 af f3 71
93 3b 69 cc 30 73 48 21 90 aa 76 63 5d 1a 7d 5a 61 43 e8 4a 94 ce f4 ea
4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00
ath0: STA 00:0f:3d:86:fd:ab WPA: EAPOL-Key timeout
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state PTKSTART
ath0: STA 00:0f:3d:86:fd:ab WPA: sending 1/4 msg of 4-Way Handshake
TX EAPOL - hexdump(len=113): 00 0f 3d 86 fd ab 00 0f b5 63 e0 f2 88 8e
02 03 00 5f fe 00 8a 00 10 00 00 00 00 00 00 00 04 b5 a6 27 35 af f3 71
93 3b 69 cc 30 73 48 21 90 aa 76 63 5d 1a 7d 5a 61 43 e8 4a 94 ce f4 ea
4c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state DISCONNECT
madwifi_sta_deauth: addr=00:0f:3d:86:fd:ab reason_code=2
ioctl[IEEE80211_IOCTL_SETMLME]: Invalid argument
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state DISCONNECTED
WPA: 00:0f:3d:86:fd:ab WPA_PTK entering state INITIALIZE
madwifi_del_key: addr=00:0f:3d:86:fd:ab key_idx=0
ioctl[IEEE80211_IOCTL_DELKEY]: Invalid argument
ath0: STA 00:0f:3d:86:fd:ab IEEE 802.1X: unauthorizing port
madwifi_set_sta_authorized: addr=00:0f:3d:86:fd:ab authorized=0
ioctl[IEEE80211_IOCTL_SETMLME]: Invalid argument
ath0: STA 00:0f:3d:86:fd:ab IEEE 802.11: deauthenticated due to local
deauth request
Signal 2 received - terminating
Flushing old station entries
Deauthenticate all stations
madwifi_set_privacy: enabled=0
madwifi_set_ieee8021x: enabled=0
madwifi_set_iface_flags: dev_up=0

- ca. same with eap-tls -

no logs from win dlink supplicant
reports: "connecting and key wait"

linux wpasupplicant log:

Initializing interface 'ath0' conf '(null)' driver 'madwifi'
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=0
eapol_version=2
ap_scan=1
fast_reauth=0
Line: 279 - start of a new network block
ssid - hexdump_ascii(len=7):
     6d 61 64 77 69 66 69                              madwifi
proto: 0x1
auth_alg: 0x1
key_mgmt: 0x2
pairwise: 0x18
group: 0x18
PSK (ASCII passphrase) - hexdump_ascii(len=8): [REMOVED]
PSK (from passphrase) - hexdump(len=32): [REMOVED]
Priority group 0
   id=0 ssid='madwifi'
Initializing interface (2) 'ath0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Own MAC address: 00:0f:3d:86:fd:ab
wpa_driver_madwifi_set_wpa: enabled=1
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_set_countermeasures: enabled=0
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
Setting scan request: 0 sec 100000 usec
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b1a len=12
EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0
EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=0 idleWhile=0
Wireless event: cmd=0x8b19 len=12
Received 850 bytes of scan results (4 BSSes)
Scan results: 4
Selecting BSS from priority group 0
0: 00:0f:b5:63:e0:f2 ssid='madwifi' wpa_ie_len=32 rsn_ie_len=0
   selected
Trying to associate with 00:0f:b5:63:e0:f2 (SSID='madwifi' freq=2422 MHz)
Cancelling scan request
Automatic auth_alg selection: 0x1
Overriding auth_alg selection: 0x1
WPA: using IEEE 802.11i/D3.0
WPA: Selected cipher suites: group 8 pairwise 24 key_mgmt 3
WPA: using GTK TKIP
WPA: using PTK CCMP
WPA: using KEY_MGMT WPA-PSK
WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02
01 00 00 50 f2 04 01 00 00 50 f2 02
No keys have been configured - skip key clearing
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
wpa_driver_madwifi_associate
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - EAP success=0
EAPOL: External notification - EAP fail=0
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b1a len=20
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:0f:b5:63:e0:f2
Association event - clear replay counter
Associated to a new BSS: BSSID=00:0f:b5:63:e0:f2
No keys have been configured - skip key clearing
Associated with 00:0f:b5:63:e0:f2
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - EAP success=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
WPA: drop TX EAPOL in non-IEEE 802.1X mode (type=1 len=0)
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=29 idleWhile=59
EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=28 idleWhile=58
EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=27 idleWhile=57
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
Setting scan request: 0 sec 100000 usec
Added BSSID 00:0f:b5:63:e0:f2 into blacklist
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - EAP success=0
Disconnect event - remove keys
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_del_key: keyidx=0
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:0f:b5:63:e0:f2
Association event - clear replay counter
Associated to a new BSS: BSSID=00:0f:b5:63:e0:f2
No keys have been configured - skip key clearing
Associated with 00:0f:b5:63:e0:f2
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - EAP success=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
WPA: drop TX EAPOL in non-IEEE 802.1X mode (type=1 len=0)
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b1a len=12
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
Setting scan request: 0 sec 100000 usec
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
EAPOL: External notification - EAP success=0
Disconnect event - remove keys
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_del_key: keyidx=0
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b1a len=12
EAPOL: Port Timers tick - authWhile=0 heldWhile=0 startWhen=29 idleWhile=59
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
Signal 2 received - terminating
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_madwifi_set_wpa: enabled=0
wpa_driver_madwifi_set_drop_unencrypted: enabled=0
wpa_driver_madwifi_set_countermeasures: enabled=0
Removed BSSID 00:0f:b5:63:e0:f2 from blacklist (clear)


config files:

wpasupp:

eapol_version=2
ap_scan=1
fast_reauth=0
# Only WPA-PSK is used. Any valid cipher combination is accepted.
network={
	ssid="madwifi"
	proto=WPA
	auth_alg=OPEN
	key_mgmt=WPA-PSK
	pairwise=TKIP CCMP
	group=TKIP CCMP
	psk="01234567"
}

# Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used
WEP104
# or WEP40 as the group cipher will not be accepted.
#network={
#	ssid="madwifi"
#	proto=RSN
#	key_mgmt=WPA-EAP
#	auth_alg=OPEN
#	pairwise=CCMP
#	group=CCMP
#	eap=TLS
#	identity="tom2"
#	ca_cert="/etc/wpa/CAcert.pem"
#	client_cert="/etc/wpa/tom2-cert.pem"
#	private_key="/etc/wpa/tom2-key.pem"
#	private_key_passwd=""
#	priority=1
#}

hostap:

interface=ath0

driver=madwifi

logger_syslog=-1
logger_syslog_level=4
logger_stdout=-1
logger_stdout_level=0

debug=4

dump_file=/tmp/hostapd.dump

ctrl_interface=/var/run/hostapd

ctrl_interface_group=0

ssid=madwifi

macaddr_acl=0

auth_algs=1


# Require IEEE 802.1X authorization
#ieee8021x=1

eap_authenticator=1

# Path for EAP authenticator user database
#eap_user_file=/etc/hostapd/hostapd.eap_user

# CA certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
ca_cert=/etc/hostapd/wpaca/ca/CAcert.pem

# Server certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS
server_cert=/etc/hostapd/wpaca/certs/tom3-cert.pem

private_key=/etc/hostapd/wpaca/certs/tom3-key.pem

# Passphrase for private key
private_key_passwd=

# Optional displayable message sent with EAP Request-Identity
eap_message=Willkommen im madwifi

eapol_key_index_workaround=0

eap_reauth_period=3600

wpa=1

# wpa_passphrase (dot11RSNAConfigPSKPassPhrase)
#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
wpa_passphrase=01234567

wpa_key_mgmt=WPA-PSK WPA-EAP

wpa_pairwise=TKIP CCMP

wpa_group_rekey=600

wpa_gmk_rekey=86400


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3220 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050519/df625ade/attachment.bin

More information about the Hostap mailing list