Hi, I’ve built the latest version of hostapd/wpa_supplicant from the master (8e5931f0c777a8abbfce9a299720f5b489b359b7) with 802.11r support. The wpa_supplicant w/EAP-TLS is unable to perform over-the-air FT between APs. It seems to ignore the FT authentication response from the target AP. AP1: 00:c0:69:d0:0d:11, AP2: 00:06:3d:07:0b:b5, CLIENT: 00:30:1a:4e:0c:39 AP1 ON, AP2 OFF: The client successfully connects to AP1 w/ FT-EAP: bssid=00:c0:69:d0:0d:11 freq=2462 ssid=ORBIT-AUTOMATED-TEST id=0 mode=station pairwise_cipher=CCMP group_cipher=CCMP key_mgmt=FT-EAP wpa_state=COMPLETED address=00:30:1a:4e:0c:39 Supplicant PAE state=AUTHENTICATED suppPortStatus=Authorized EAP state=SUCCESS selectedMethod=13 (EAP-TLS) eap_tls_version=TLSv1.2 EAP TLS cipher=ECDHE-RSA-AES256-GCM-SHA384 tls_session_reused=0 eap_session_id=0d1a2298b5286564d2427144de254c118dd33b80ec6c8d4f65a88051fe08c3a4bbb5eb3debad03f09ed016069fb1df9369e8ebef23947869577dc8f5f8d237cce1 AP1 ON, AP2 ON: Scan and roam to AP2: scan OK <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS scan_results bssid / frequency / signal level / flags / ssid 00:c0:69:d0:0d:11 2462 -63 [WPA2-EAP+FT/EAP-CCMP-preauth][ESS] ORBIT-AUTOMATED-TEST 00:06:3d:07:0b:b5 2462 -64 [WPA2-EAP+FT/EAP-CCMP-preauth][ESS] ORBIT-AUTOMATED-TEST roam 00:06:3d:07:0b:b5 OK <3>SME: Trying to authenticate with 00:06:3d:07:0b:b5 (SSID='ORBIT-AUTOMATED-TEST' freq=2462 MHz) <3>CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD <3>CTRL-EVENT-REGDOM-CHANGE init=USER type=COUNTRY alpha2=US <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS <3>SME: Trying to authenticate with 00:c0:69:d0:0d:11 (SSID='ORBIT-AUTOMATED-TEST' freq=2462 MHz) <3>Trying to associate with 00:c0:69:d0:0d:11 (SSID='ORBIT-AUTOMATED-TEST' freq=2462 MHz) <3>Associated with 00:c0:69:d0:0d:11 <3>CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 <3>CTRL-EVENT-EAP-STARTED EAP authentication started …. Client fails FT with AP2 and falls back to AP1 (does a full EAP handshake with AP1). Noticed a set_key error in the ap2.log: …. FT: Received authentication frame IEs - hexdump(len=148): 30 26 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 03 00 00 01 00 8b 00 5f 74 ad c7 ca f1 1c 79 02 79 ab 0a 5c 73 36 03 01 01 01 37 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 87 87 d8 74 60 5d d0 25 15 b2 38 48 c1 c0 2a 32 81 bd 14 3a c0 a4 5d ff ac 28 ee 0f 5f ff 2f 17 03 11 30 30 3a 63 30 3a 36 39 3a 64 30 3a 30 64 3a 31 31 FT: STA R0KH-ID - hexdump(len=17): 30 30 3a 63 30 3a 36 39 3a 64 30 3a 30 64 3a 31 31 FT: Requested PMKR0Name - hexdump(len=16): 8b 00 5f 74 ad c7 ca f1 1c 79 02 79 ab 0a 5c 73 FT: Derived requested PMKR1Name - hexdump(len=16): bb db d5 68 b9 0d 50 6c 42 da ab 77 a3 d2 39 f3 FT: Selected PMK-R1 - hexdump(len=32): [REMOVED] Get randomness: len=32 entropy=379 FT: Received SNonce - hexdump(len=32): 87 87 d8 74 60 5d d0 25 15 b2 38 48 c1 c0 2a 32 81 bd 14 3a c0 a4 5d ff ac 28 ee 0f 5f ff 2f 17 FT: Generated ANonce - hexdump(len=32): 6e e8 20 99 76 14 91 d6 b4 84 8c 86 35 ec 6f bb 20 4d 48 3b 37 30 c2 87 09 05 bd 10 77 79 0a b3 FT: KCK - hexdump(len=16): [REMOVED] FT: KEK - hexdump(len=16): [REMOVED] FT: TK - hexdump(len=16): [REMOVED] FT: PTKName - hexdump(len=16): 84 ad 14 7b b4 bc c2 9c e5 6e 7c 81 fd bc b6 95 wpa_driver_nl80211_set_key: ifindex=12 (wlan0) alg=3 addr=0x1bcc428 key_idx=0 set_tx=1 seq_len=0 key_len=16 nl80211: KEY_DATA - hexdump(len=16): [REMOVED] addr=00:30:1a:4e:0c:39 nl80211: set_key failed; err=-2 No such file or directory) FT: Postponed auth callback result for 00:30:1a:4e:0c:39 - status 0 authentication reply: STA=00:30:1a:4e:0c:39 auth_alg=2 auth_transaction=2 resp=0 (IE len=160) … Configs, logs and packet traces are attached. I’d appreciate any help in identifying the root cause. Thanks Ajay
Attachment:
WPA2-EAPTLS-80211r-issue-20171018.zip
Description: WPA2-EAPTLS-80211r-issue-20171018.zip
_______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
