hostapd: RSN 4-way handshake issue with Cisco WET200 client
Helmut Schaa
helmut.schaa
Tue Jan 17 04:08:36 PST 2012
On Mon, Jan 16, 2012 at 2:19 PM, Helmut Schaa
<helmut.schaa at googlemail.com> wrote:
> I've got a strange problem with a Cisco WET200 wireless bridge connecting
> to a hostapd AP. The AP is configured as WPA2-CCMP and the 4-way HS
> looks like this:
>
> 1of4: KeyDescriptor=2 (RSN)
> 2of4: KeyDescriptor=2 (RSN)
> 3of4: KeyDescriptor=2 (RSN)
> 4of4: KeyDescriptor=254 (WPA) ???
>
> Afterwards hostapd retries 3of4 but 4of4 always looks the same (I can also
> provide a capture if anyone is interested).
>
> So, in short, this specific client switches the eapol key descriptor field to
> 254 after 3of4 was successfully received and hence 4of4 is ignored by
> hostapd due to this code in ap/wpa_auth.c:
>
> ? ? ? ?if (sm->wpa == WPA_VERSION_WPA2) {
> ? ? ? ? ? ? ? ?if (key->type != EAPOL_KEY_TYPE_RSN) {
> ? ? ? ? ? ? ? ? ? ? ? ?wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? "unexpected type %d in RSN mode",
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? key->type);
> ? ? ? ? ? ? ? ? ? ? ? ?return;
> ? ? ? ? ? ? ? ?}
> ? ? ? ?} else {
> ? ? ? ? ? ? ? ?if (key->type != EAPOL_KEY_TYPE_WPA) {
> ? ? ? ? ? ? ? ? ? ? ? ?wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with "
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? "unexpected type %d in WPA mode",
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? key->type);
> ? ? ? ? ? ? ? ? ? ? ? ?return;
> ? ? ? ? ? ? ? ?}
> ? ? ? ?}
>
> Of course this appears to be a pure client issue but other APs accept that
> strange 4of4 message.
>
> Jouni, would it be ok to relax the constraints a bit and allow a WPA
> descriptor type to be used also for WPA2?
Btw. a similar workaround was part of OpenWrt for some time.
Felix, do you remeber by any chance why you removed
570-eapol_key_type.patch in [1] again?
Thanks,
Helmut
[1] https://dev.openwrt.org/changeset/28142
More information about the Hostap
mailing list