Failure due to bad EAPOL-Key descriptor version(3)

Ben Greear greearb
Wed Nov 5 20:43:24 PST 2014 

Any idea what might be the cause of this failure to connect?  I don't know much
about the setup of the AP at this point.


sta101: SME: Trying to authenticate with 10:51:72:54:5a:90 (SSID='pmftest' freq=5180 MHz)
1415248099.342285: sta101: Trying to associate with 10:51:72:54:5a:90 (SSID='pmftest' freq=5180 MHz)
1415248099.354882: sta101: Associated with 10:51:72:54:5a:90
1415248099.360457: sta101: WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2
1415248099.360497: sta101: CTRL-EVENT-REGDOM-CHANGE init=COUNTRY_IE type=COUNTRY alpha2=GB
1415248100.853397: sta101: WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2
1415248102.355151: sta101: WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2
1415248103.850210: sta101: WPA: CCMP is used, but EAPOL-Key descriptor version (3) is not 2

It appears the code that is complaining is this:

(from wpa.c)

         if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
             ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
                 wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
                         "WPA: CCMP is used, but EAPOL-Key "
                         "descriptor version (%d) is not 2", ver);
                 if (sm->group_cipher != WPA_CIPHER_CCMP &&
                     !(key_info & WPA_KEY_INFO_KEY_TYPE)) {
                         /* Earlier versions of IEEE 802.11i did not explicitly
                          * require version 2 descriptor for all EAPOL-Key
                          * packets, so allow group keys to use version 1 if
                          * CCMP is not used for them. */
                         wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
                                 "WPA: Backwards compatibility: allow invalid "
                                 "version for non-CCMP group keys");
                 } else
                         goto out;


version 3 appears to be:  WPA_KEY_INFO_TYPE_AES_128_CMAC


Config file is below.

ctrl_interface=/var/run/wpa_supplicant
fast_reauth=1
concurrent_assoc_ok=1
scan_cur_freq=1
min_scan_gap=5

bss_max_count=2000
network={
     ssid="pmftest"
     disable_ht=0
     disable_vht=0
     ieee80211w=2
     disable_ht40=0
     disable_sgi=0
     ht_mcs=""
     disable_max_amsdu=-1
     ampdu_factor=-1
     ampdu_density=-1

     proto=RSN
     key_mgmt=WPA-PSK
     #psk="12345678"
     psk=eb7513a16fab5b2584d774652ff25c1bd915eb3f65e7d8e52f23c96fa1fc9e10
     pairwise=CCMP TKIP
     group=CCMP TKIP WEP104 WEP40
     proactive_key_caching=0

}

Thanks,
Ben

-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com

More information about the Hostap mailing list