Failed to receive WPA Group Message after 4-way handshake
Posted on 2006-04-19
I am trying to write a user-mode WPA supplicant apps. The configuration
for both STA and AP is WPA-PSK.
Here is what I did for 4-way handshake:
1) Initiate 4-way handshake by sending EAPOL-Start message.
2) Receive message A from AP and got ANonnce.
3) Generating SNonce and calc PTK and MIC based on the algorithms by
IEEE 802.11i and send Message B to AP.
4) Receive message C and verify that AP knows the PMK.
5) Send message D to AP and Install the PTK with OID_802_11_ADD_KEY.
Everything seems successful.
Now I try to receive group key, but it failed to receive it, instead I
always receive packet similar to message A.
So one of 2 things could be wrong:
A) Install PTK with OID_802_11_ADD_KEY, which I have following code:
DWORD SetPairwiseKey(const u8 *bssid, const UCHAR *pKey, int nKeyLen,
int nSize = sizeof(NDIS_OID) + FIELD_OFFSET(NDIS_802_11_KEY,
KeyMaterial) + KeyLen;
UCHAR *SetBuffer = new UCHAR[nSize];
pSetOid = (PNDISPROT_SET_OID)SetBuffer;
pSetOid->Oid = OID_802_11_ADD_KEY;
NDIS_802_11_KEY *p80211Key = (NDIS_802_11_KEY*)&(pSetOid->Data);
p80211Key->Length = FIELD_OFFSET(NDIS_802_11_KEY, KeyMaterial) +
p80211Key->KeyIndex = 0xe0000000;
memcpy(&p80211Key->KeyRSC, pKeyRsc, LEN_KEY_DESC_RSC);
memcpy(p80211Key->BSSID, bssid, MAC_ADDR_LEN);
p80211Key->KeyLength = nKeyLen;
memcpy(p80211Key->KeyMaterial, pKey, nKeyLen);
DWORD dwErr = SetOidValue(SetBuffer, nSize, "ADD_KEY");
the return value is 0, so it seems OK
B) Message D I sent out is wrong, here is the packet frame from
Type: Key (3)
Descriptor Type: EAPOL WPA key (254)
Key Information: 0x0109
.... .... .... .001 = Key Descriptor Version: HMAC-MD5 for MIC
and RC4 for encryption (1)
.... .... .... 1... = Key Type: Pairwise key
.... .... ..00 .... = Key Index: 0
.... .... .0.. .... = Install flag: Not set
.... .... 0... .... = Key Ack flag: Not set
.... ...1 .... .... = Key MIC flag: Set
.... ..0. .... .... = Secure flag: Not set
.... .0.. .... .... = Error flag: Not set
.... 0... .... .... = Request flag: Not set
...0 .... .... .... = Encrypted Key Data flag: Not set
Key Length: 0
Replay Counter: 3
Key IV: 00000000000000000000000000000000
WPA Key RSC: 0000000000000000
WPA Key ID: 0000000000000000
WPA Key MIC: 2781D5942427AF9C44B30C98AE6374CE
WPA Key Length: 0
So it looks OK to me too.
Any idea why group message is not being received.
Thx so much in advance.
BTW, I am using NDISUIO and ReadFile/WriteFile to send/receive EAPOL packet.
I can provide the proto type project too.