aboutsummaryrefslogtreecommitdiffstats
path: root/src/drivers/driver_common.c
diff options
context:
space:
mode:
authorBeniamino Galvani <bgalvani@redhat.com>2018-02-15 10:50:01 (GMT)
committerJouni Malinen <j@w1.fi>2018-03-30 09:16:42 (GMT)
commit77a020a118168e05e7cc0d28a7bf661772e531af (patch)
tree271f689ac0e3c8cacfd031c05734757110ee71f5 /src/drivers/driver_common.c
parent2ff9696d3bb6ed744318f8d5d135a99dcac4de2b (diff)
downloadhostap-77a020a118168e05e7cc0d28a7bf661772e531af.zip
hostap-77a020a118168e05e7cc0d28a7bf661772e531af.tar.gz
hostap-77a020a118168e05e7cc0d28a7bf661772e531af.tar.bz2
wpa_supplicant: Fix auth failure when the MAC is updated externally
When connecting to a WPA-EAP network and the MAC address is changed just before the association (for example by NetworkManager, which sets a random MAC during scans), the authentication sometimes fails in the following way ('####' logs added by me): wpa_supplicant logs: wlan0: WPA: RX message 1 of 4-Way Handshake from 02:00:00:00:01:00 (ver=1) RSN: msg 1/4 key data - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23 WPA: PMKID in EAPOL-Key - hexdump(len=22): dd 14 00 0f ac 04 d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23 RSN: PMKID from Authenticator - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23 wlan0: RSN: no matching PMKID found EAPOL: Successfully fetched key (len=32) WPA: PMK from EAPOL state machines - hexdump(len=32): [REMOVED] #### WPA: rsn_pmkid(): #### WPA: aa - hexdump(len=6): 02 00 00 00 01 00 #### WPA: spa - hexdump(len=6): 66 20 cf ab 8c dc #### WPA: PMK - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7 #### WPA: computed PMKID - hexdump(len=16): ea 73 67 b1 8e 5f 18 43 58 24 e8 1c 47 23 87 71 RSN: Replace PMKSA entry for the current AP and any PMKSA cache entry that was based on the old PMK nl80211: Delete PMKID for 02:00:00:00:01:00 wlan0: RSN: PMKSA cache entry free_cb: 02:00:00:00:01:00 reason=1 RSN: Added PMKSA cache entry for 02:00:00:00:01:00 network_ctx=0x5630bf85a270 nl80211: Add PMKID for 02:00:00:00:01:00 wlan0: RSN: PMKID mismatch - authentication server may have derived different MSK?! hostapd logs: WPA: PMK from EAPOL state machine (MSK len=64 PMK len=32) WPA: 02:00:00:00:00:00 WPA_PTK entering state PTKSTART wlan1: STA 02:00:00:00:00:00 WPA: sending 1/4 msg of 4-Way Handshake #### WPA: rsn_pmkid(): #### WPA: aa - hexdump(len=6): 02 00 00 00 01 00 #### WPA: spa - hexdump(len=6): 02 00 00 00 00 00 #### WPA: PMK - hexdump(len=32): b5 24 76 4f 6f 50 8c f6 a1 2e 24 b8 07 4e 9a 13 1b 94 c4 a8 1f 7e 22 d6 ed fc 7d 43 c7 77 b6 f7 #### WPA: computed PMKID - hexdump(len=16): d8 21 9d a5 73 98 88 26 ef 03 d2 ce f7 04 7d 23 WPA: Send EAPOL(version=1 secure=0 mic=0 ack=1 install=0 pairwise=1 kde_len=22 keyidx=0 encr=0) That's because wpa_supplicant computed the PMKID using the wrong (old) MAC address used during the scan. wpa_supplicant updates own_addr when the interface goes up, as the MAC can only change while the interface is down. However, drivers don't report all interface state changes: for example the nl80211 driver may ignore a down-up cycle if the down message is processed later, when the interface is already up. In such cases, wpa_supplicant (and in particular, the EAP state machine) would continue to use the old MAC. Add a new driver event that notifies of MAC address changes while the interface is active. Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
Diffstat (limited to 'src/drivers/driver_common.c')
-rw-r--r--src/drivers/driver_common.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/drivers/driver_common.c b/src/drivers/driver_common.c
index 9de9693..ca4668a 100644
--- a/src/drivers/driver_common.c
+++ b/src/drivers/driver_common.c
@@ -85,6 +85,7 @@ const char * event_to_string(enum wpa_event_type event)
E2S(EXTERNAL_AUTH);
E2S(PORT_AUTHORIZED);
E2S(STATION_OPMODE_CHANGED);
+ E2S(INTERFACE_MAC_CHANGED);
}
return "UNKNOWN";