802.11r/FT issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
 
I’ve built the latest version of hostapd/wpa_supplicant from the master (8e5931f0c777a8abbfce9a299720f5b489b359b7) with 802.11r support. The wpa_supplicant w/EAP-TLS is unable to perform over-the-air FT between APs. It seems to ignore the FT authentication response from the target AP.
 
AP1: 00:c0:69:d0:0d:11, AP2: 00:06:3d:07:0b:b5, CLIENT: 00:30:1a:4e:0c:39
 
AP1 ON, AP2 OFF:
 
The client successfully connects to AP1 w/ FT-EAP:
 
bssid=00:c0:69:d0:0d:11
freq=2462
ssid=ORBIT-AUTOMATED-TEST
id=0
mode=station
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=FT-EAP
wpa_state=COMPLETED
address=00:30:1a:4e:0c:39
Supplicant PAE state=AUTHENTICATED
suppPortStatus=Authorized
EAP state=SUCCESS
selectedMethod=13 (EAP-TLS)
eap_tls_version=TLSv1.2
EAP TLS cipher=ECDHE-RSA-AES256-GCM-SHA384
tls_session_reused=0
eap_session_id=0d1a2298b5286564d2427144de254c118dd33b80ec6c8d4f65a88051fe08c3a4bbb5eb3debad03f09ed016069fb1df9369e8ebef23947869577dc8f5f8d237cce1
 
AP1 ON, AP2 ON:
 
Scan and roam to AP2:
 
scan 
OK
<3>CTRL-EVENT-SCAN-STARTED 
<3>CTRL-EVENT-SCAN-RESULTS 
scan_results
bssid / frequency / signal level / flags / ssid
00:c0:69:d0:0d:11              2462       -63          [WPA2-EAP+FT/EAP-CCMP-preauth][ESS]    ORBIT-AUTOMATED-TEST
00:06:3d:07:0b:b5             2462       -64          [WPA2-EAP+FT/EAP-CCMP-preauth][ESS]    ORBIT-AUTOMATED-TEST
 
roam 00:06:3d:07:0b:b5
OK
<3>SME: Trying to authenticate with 00:06:3d:07:0b:b5 (SSID='ORBIT-AUTOMATED-TEST' freq=2462 MHz)
<3>CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
<3>CTRL-EVENT-REGDOM-CHANGE init=USER type=COUNTRY alpha2=US
<3>CTRL-EVENT-SCAN-STARTED 
<3>CTRL-EVENT-SCAN-RESULTS 
<3>SME: Trying to authenticate with 00:c0:69:d0:0d:11 (SSID='ORBIT-AUTOMATED-TEST' freq=2462 MHz)
<3>Trying to associate with 00:c0:69:d0:0d:11 (SSID='ORBIT-AUTOMATED-TEST' freq=2462 MHz)
<3>Associated with 00:c0:69:d0:0d:11
<3>CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
<3>CTRL-EVENT-EAP-STARTED EAP authentication started
….
 
Client fails FT with AP2 and falls back to AP1 (does a full EAP handshake with AP1). 
 
Noticed a set_key error in the ap2.log:
 
….
FT: Received authentication frame IEs - hexdump(len=148): 30 26 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 03 00 00 01 00 8b 00 5f 74 ad c7 ca f1 1c 79 02 79 ab 0a 5c 73 36 03 01 01 01 37 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 87 87 d8 74 60 5d d0 25 15 b2 38 48 c1 c0 2a 32 81 bd 14 3a c0 a4 5d ff ac 28 ee 0f 5f ff 2f 17 03 11 30 30 3a 63 30 3a 36 39 3a 64 30 3a 30 64 3a 31 31
FT: STA R0KH-ID - hexdump(len=17): 30 30 3a 63 30 3a 36 39 3a 64 30 3a 30 64 3a 31 31
FT: Requested PMKR0Name - hexdump(len=16): 8b 00 5f 74 ad c7 ca f1 1c 79 02 79 ab 0a 5c 73
FT: Derived requested PMKR1Name - hexdump(len=16): bb db d5 68 b9 0d 50 6c 42 da ab 77 a3 d2 39 f3
FT: Selected PMK-R1 - hexdump(len=32): [REMOVED]
Get randomness: len=32 entropy=379
FT: Received SNonce - hexdump(len=32): 87 87 d8 74 60 5d d0 25 15 b2 38 48 c1 c0 2a 32 81 bd 14 3a c0 a4 5d ff ac 28 ee 0f 5f ff 2f 17
FT: Generated ANonce - hexdump(len=32): 6e e8 20 99 76 14 91 d6 b4 84 8c 86 35 ec 6f bb 20 4d 48 3b 37 30 c2 87 09 05 bd 10 77 79 0a b3
FT: KCK - hexdump(len=16): [REMOVED]
FT: KEK - hexdump(len=16): [REMOVED]
FT: TK - hexdump(len=16): [REMOVED]
FT: PTKName - hexdump(len=16): 84 ad 14 7b b4 bc c2 9c e5 6e 7c 81 fd bc b6 95
wpa_driver_nl80211_set_key: ifindex=12 (wlan0) alg=3 addr=0x1bcc428 key_idx=0 set_tx=1 seq_len=0 key_len=16
nl80211: KEY_DATA - hexdump(len=16): [REMOVED]
   addr=00:30:1a:4e:0c:39
nl80211: set_key failed; err=-2 No such file or directory)
FT: Postponed auth callback result for 00:30:1a:4e:0c:39 - status 0
authentication reply: STA=00:30:1a:4e:0c:39 auth_alg=2 auth_transaction=2 resp=0 (IE len=160)
…
 
Configs, logs and packet traces are attached. I’d appreciate any help in identifying the root cause.
 
Thanks
Ajay



Attachment: WPA2-EAPTLS-80211r-issue-20171018.zip
Description: WPA2-EAPTLS-80211r-issue-20171018.zip

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap

[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux