Search Linux Wireless

dynamic wep with mulitple keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



We have a wireless network with dynamically set wep keys on some sort of
cisco APs. With compat-wireless-2008-04-22 I can reliably associate
(dynamic wep, EAP-TTLS with phase 2 PAP auth) using
wpa_supplicant-0.6.3. But I do not obtain a DHCP lease, and I'm
suspecting that my outgoing packets are dropped by the AP.

There was a similar thread on this list about one month ago (same
topic), and Tomas Winkler wrote "Please validate that you are receiving
two keys from a supplicant.  The order should be first unicast then
broadcast key." For the record, the AP sets the keys in the reverse
order: 

wpa_supplicant -Dwext -iwlan0 -c /root/wpa_supplicant.conf -ddd

[...]
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
RX EAPOL from 00:15:c6:5e:e5:70
RX EAPOL - hexdump(len=61): 01 03 00 39 01 00 0d 00 00 48 0f 65 c8 37 56
a8 32 17 1a 5f 38 4d 50 5b b9 11 13 4c 61 af 30 02 e0 29 39 c8 e4 ee e4
00 c8 e3 75 99 cf 2f 5c 72 31 b8 c8 e1 07 83 ff d9 01 82 08 6c 08
EAPOL: Received EAPOL-Key frame
EAPOL: KEY_RX entering state KEY_RECEIVE
EAPOL: processKey
EAPOL: RX IEEE 802.1X ver=1 type=3 len=57 EAPOL-Key: type=1
key_length=13 key_index=0x2
EAPOL: Successfully fetched key (len=64)
EAPOL: EAPOL-Key key signature verified
EAPOL: Decrypted(RC4) key - hexdump(len=13): [REMOVED]
EAPOL: Setting dynamic WEP key: broadcast keyidx 2 len 13
wpa_driver_wext_set_key: alg=1 key_idx=2 set_tx=0 seq_len=0 key_len=13
RX EAPOL from 00:15:c6:5e:e5:70
RX EAPOL - hexdump(len=48): 01 03 00 2c 01 00 0d 00 00 48 0f 65 c8 37 57
71 cf 6b a3 b1 08 ce 88 d0 ca 0a 0c 00 84 7b c4 83 5e 20 c0 0d a2 f9 ce
f0 94 5f 38 ee e7 7c 68 3a
EAPOL: Received EAPOL-Key frame
EAPOL: KEY_RX entering state KEY_RECEIVE
EAPOL: processKey
EAPOL: RX IEEE 802.1X ver=1 type=3 len=44 EAPOL-Key: type=1
key_length=13 key_index=0x83
EAPOL: Successfully fetched key (len=64)
EAPOL: EAPOL-Key key signature verified
EAPOL: using part of EAP keying material data encryption key -
hexdump(len=13): [REMOVED]
EAPOL: Setting dynamic WEP key: unicast keyidx 3 len 13
wpa_driver_wext_set_key: alg=1 key_idx=3 set_tx=128 seq_len=0 key_len=13
EAPOL: all required EAPOL-Key frames received
WPA: EAPOL processing complete
Cancelling scan request
Cancelling authentication timeout
State: ASSOCIATED -> COMPLETED
[...]

Finally, I'm enabling some TX debugging:

echo 0x20800002 >> /sys/bus/pci/drivers/iwl4965/debug_level

This is what I get in the log:

Apr 22 19:02:56 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
Apr 22 19:02:56 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
Apr 22 19:02:56 localhost dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 14
Apr 22 19:02:56 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x8003 retries 5
Apr 22 19:02:57 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(90 bytes) at rate 0x21c
Apr 22 19:02:57 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
Apr 22 19:02:57 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x8003 retries 4
Apr 22 19:03:01 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(90 bytes) at rate 0x21c
Apr 22 19:03:01 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
Apr 22 19:03:01 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 2
Apr 22 19:03:12 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
Apr 22 19:03:12 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
Apr 22 19:03:12 localhost dhclient: DHCPREQUEST on wlan0 to 255.255.255.255 port 67
Apr 22 19:03:12 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 0
Apr 22 19:03:17 localhost dhclient: DHCPREQUEST on wlan0 to 255.255.255.255 port 67
Apr 22 19:03:17 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
Apr 22 19:03:17 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
Apr 22 19:03:17 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 2
Apr 22 19:03:22 localhost dhclient: DHCPREQUEST on wlan0 to 255.255.255.255 port 67
Apr 22 19:03:22 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
Apr 22 19:03:22 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
Apr 22 19:03:22 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 2
Apr 22 19:03:28 localhost dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 6
Apr 22 19:03:28 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
Apr 22 19:03:28 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
Apr 22 19:03:28 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 2
Apr 22 19:03:34 localhost dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 9
Apr 22 19:03:34 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
Apr 22 19:03:34 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3


I thought the DHCP broadcast ought to be encrypted with the broadcast
key (=keyidx 2)?? But its encrypted with the unicast key (keyidx 3). Or
am I really confused here? Please let me know if you have any ideas to
fix this!

Cheers,
Volker






--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux