hostapd: RSN 4-way handshake issue with Cisco WET200 client
Helmut Schaa
helmut.schaa
Mon Jan 16 05:19:00 PST 2012
Hi,
I've got a strange problem with a Cisco WET200 wireless bridge connecting
to a hostapd AP. The AP is configured as WPA2-CCMP and the 4-way HS
looks like this:
1of4: KeyDescriptor=2 (RSN)
2of4: KeyDescriptor=2 (RSN)
3of4: KeyDescriptor=2 (RSN)
4of4: KeyDescriptor=254 (WPA) ???
Afterwards hostapd retries 3of4 but 4of4 always looks the same (I can also
provide a capture if anyone is interested).
So, in short, this specific client switches the eapol key descriptor field to
254 after 3of4 was successfully received and hence 4of4 is ignored by
hostapd due to this code in ap/wpa_auth.c:
if (sm->wpa == WPA_VERSION_WPA2) {
if (key->type != EAPOL_KEY_TYPE_RSN) {
wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
"unexpected type %d in RSN mode",
key->type);
return;
}
} else {
if (key->type != EAPOL_KEY_TYPE_WPA) {
wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
"unexpected type %d in WPA mode",
key->type);
return;
}
}
Of course this appears to be a pure client issue but other APs accept that
strange 4of4 message.
Jouni, would it be ok to relax the constraints a bit and allow a WPA
descriptor type to be used also for WPA2?
Helmut
More information about the Hostap
mailing list