wpa_supplicant -> EAP-TTLS/PAP, madwifi-ng (Atheros) problem

Jouni Malinen jkmaline
Sun Oct 8 18:45:56 PDT 2006


On Sat, Oct 07, 2006 at 03:13:33PM +0200, sabx wrote:

> I've got:
>  - madwifi-ng r1747
>  - Wireless-Tools version 29
>  - wpa_supplicant-0.4.9
>  - OpenSSL 0.9.7e
>  - GnuTLS 11
>  - WiFi card: DWL-G650

Which AP are you using? Is it running the latest firmware version?

> ap_scan=2
> 
> network={
>         ssid="SSID"
>         scan_ssid=1
>         proto=RSN
>         key_mgmt=WPA-EAP
>         auth_alg=OPEN
>         pairwise=TKIP
>         group=WEP40

This is somewhat uncommon configuration.. Are you sure the AP is using
WPA2 with TKIP for pairwise keys and WEP40 for group?

> Debug informations:

> Trying to associate with SSID 'SSID'
> Associated with 01:23:45:67:89:00
> CTRL-EVENT-EAP-STARTED EAP authentication started
> CTRL-EVENT-EAP-METHOD EAP method 21 (TTLS) selected
> CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
> WPA: Unsupported EAPOL-Key descriptor version 0.
> WPA: Unsupported EAPOL-Key descriptor version 0.
> WPA: Unsupported EAPOL-Key descriptor version 0.
> WPA: Unsupported EAPOL-Key descriptor version 0.
> CTRL-EVENT-TERMINATING - signal 2 received
> - ----------------------------- snip -------------------------------------
> This is the strange part:
> WPA: Unsupported EAPOL-Key descriptor version 0.
> What it means? (precisely)

I've never seen any AP trigger this message before.. It means that the
EAPOL-Key message used an unspecified version number.

> More debug informations: wpa_supplicant's -dd switch:
> http://gandalf.ess.hr/~sabx/debug_wpasupp

This file shows more details:

RX EAPOL - hexdump(len=99): 01 03 00 5f 02 00 88 00 00 00 00 00 00 00 00
00 01 04 01 f7 16 9e 70 bc 84 6c 80 74 98 f8 61 ca 46 27 ab 09 a2 ce c2
c0 9c 09 de cb 84 3e 7a 09 7c 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00
EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines
IEEE 802.1X RX: version=1 type=3 length=95
  EAPOL-Key type=2
  key_info 0x88 (ver=0 keyidx=0 rsvd=0 Pairwise Ack)
  key_length=0 key_data_length=0
  replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 01
  key_nonce - hexdump(len=32): 04 01 f7 16 9e 70 bc 84 6c 80 74 98 f8 61
ca 46 27 ab 09 a2 ce c2 c0 9c 09 de cb 84 3e 7a 09 7c
  key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00
  key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_mic - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00
WPA: RX EAPOL-Key - hexdump(len=99): 01 03 00 5f 02 00 88 00 00 00 00 00
00 00 00 00 01 04 01 f7 16 9e 70 bc 84 6c 80 74 98 f8 61 ca 46 27 ab 09
a2 ce c2 c0 9c 09 de cb 84 3e 7a 09 7c 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
WPA: Unsupported EAPOL-Key descriptor version 0.


That is quite broken.. key_info version field is using unspecified value
and key_length in incorrect. Which AP is sending this? How is it
configured?

-- 
Jouni Malinen                                            PGP id EFC895FA




More information about the Hostap mailing list