From patchwork Mon May 7 10:17:33 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Hartmann X-Patchwork-Id: 157284 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from maxx.maxx.shmoo.com (maxx.shmoo.com [205.134.188.171]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "maxx.shmoo.com", Issuer "CA Cert Signing Authority" (not verified)) by ozlabs.org (Postfix) with ESMTPS id EF242B6FAB for ; Mon, 7 May 2012 20:21:06 +1000 (EST) Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 3FEDD9C1AE; Mon, 7 May 2012 06:21:03 -0400 (EDT) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OAW7WYn1Yi9v; Mon, 7 May 2012 06:21:03 -0400 (EDT) Received: from maxx.shmoo.com (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 0F6F69C1A2; Mon, 7 May 2012 06:20:58 -0400 (EDT) X-Original-To: mailman-post+hostap@maxx.shmoo.com Delivered-To: mailman-post+hostap@maxx.shmoo.com Received: from localhost (localhost [127.0.0.1]) by maxx.maxx.shmoo.com (Postfix) with ESMTP id 53B519C189 for ; Mon, 7 May 2012 06:20:57 -0400 (EDT) X-Virus-Scanned: amavisd-new at maxx.shmoo.com Received: from maxx.maxx.shmoo.com ([127.0.0.1]) by localhost (maxx.shmoo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6n3mK31XHS5M for ; Mon, 7 May 2012 06:20:52 -0400 (EDT) Received: from mout4.freenet.de (mout4.freenet.de [195.4.92.94]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by maxx.maxx.shmoo.com (Postfix) with ESMTPS id 1A7FF9D0D1 for ; Mon, 7 May 2012 06:20:52 -0400 (EDT) Received: from [195.4.92.141] (helo=mjail1.freenet.de) by mout4.freenet.de with esmtpa (ID andihartmann@freenet.de) (port 25) (Exim 4.76 #1) id 1SRL3h-000868-FV; Mon, 07 May 2012 12:20:49 +0200 Received: from localhost ([::1]:42154 helo=mjail1.freenet.de) by mjail1.freenet.de with esmtpa (ID andihartmann@freenet.de) (Exim 4.76 #1) id 1SRL3f-0003ED-Bb; Mon, 07 May 2012 12:20:47 +0200 Received: from [195.4.92.15] (port=35802 helo=5.mx.freenet.de) by mjail1.freenet.de with esmtpa (ID andihartmann@freenet.de) (Exim 4.76 #1) id 1SRL0i-00024q-V3; Mon, 07 May 2012 12:17:44 +0200 Received: from [2002:4fde:1514:2:5054:ff:feb8:40bd] (port=55970 helo=mail.maya.org) by 5.mx.freenet.de with esmtpsa (ID andihartmann@freenet.de) (TLSv1:AES256-SHA:256) (port 25) (Exim 4.76 #1) id 1SRL0i-00010d-I2; Mon, 07 May 2012 12:17:44 +0200 Received: from [192.168.1.6] (dualc.maya.org [192.168.1.6]) by mail.maya.org (8.14.4/8.13.8) with ESMTP id q47AHVFg003895; Mon, 7 May 2012 12:17:31 +0200 Message-ID: <4FA7A13D.6020405@01019freenet.de> Date: Mon, 07 May 2012 12:17:33 +0200 From: Andreas Hartmann User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:12.0) Gecko/20120428 Firefox/12.0 SeaMonkey/2.9.1 MIME-Version: 1.0 To: "users@rt2x00.serialmonkey.com" Subject: Re: [rt2x00-users] [rt2800pci (AP) - ath9k] 802.11w: broken aggregation handling? References: <4FA75983.9040003@01019freenet.de> <201205070702.q4772uem002960@mail.maya.org> In-Reply-To: <201205070702.q4772uem002960@mail.maya.org> X-Enigmail-Version: 1.4.1 Cc: hostap@lists.shmoo.com, "linux-wireless@vger.kernel.org" X-BeenThere: hostap@lists.shmoo.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: HostAP Project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: hostap-bounces@lists.shmoo.com Errors-To: hostap-bounces@lists.shmoo.com Andreas Hartmann wrote: > On Mon, May 07 2012 at 07:11:31 +0200 > Andreas Hartmann wrote: > >> Hello! >> >> I switched on 802.11w on my AP (rt2860) in hostapd with ieee80211w=1 and >> in wpa_supplicant with ieee80211w=2 (ath9k). key_mgmt is WPA-EAP (TLS) / >> CCMP for both pairwise and group. >> >> On both machines, compat-wireless-2012-04-26 (or >> compat-wireless-3.4-rc3) is running. >> >> Directly after authorization, dhcp is started and therefore the opening >> of the BA session is started by the AP but times out because of no >> answer of the supplicant: > > [...] > >> >> The deauth request from wpa_supplicant -> AP isn't recognized on the AP, >> too. > > Meanwhile, I found the reason (I forgot to take care of hostapd's > logfile - I would have expected an error message from the driver in > messages, too :-)): > > AP (hostapd.log): > ... > 1336372202.462946: WPA: 48:5d:60:3e:a3:18 WPA_PTK entering state INITIALIZE > 1336372202.462965: wpa_driver_nl80211_set_key: ifindex=17 alg=0 addr=0x673d40 key_idx=0 set_tx=1 seq_len=0 key_len=0 > 1336372202.462977: addr=48:5d:60:3e:a3:18 > 1336372202.462999: WPA: 48:5d:60:3e:a3:18 WPA_PTK_GROUP entering state IDLE > 1336372202.463007: WPA: 48:5d:60:3e:a3:18 WPA_PTK entering state AUTHENTICATION > 1336372202.463018: WPA: 48:5d:60:3e:a3:18 WPA_PTK entering state AUTHENTICATION2 > 1336372202.463025: WPA: Re-initialize GMK/Counter on first station > 1336372202.463896: GMK - hexdump(len=32): [REMOVED] > 1336372202.464771: Key Counter - hexdump(len=32): [REMOVED] > 1336372202.465639: GTK - hexdump(len=16): [REMOVED] > 1336372202.466502: IGTK - hexdump(len=16): [REMOVED] > 1336372202.466524: wpa_driver_nl80211_set_key: ifindex=17 alg=3 addr=0x44fbbe key_idx=1 set_tx=1 seq_len=0 key_len=16 > 1336372202.466539: broadcast key > 1336372202.478318: wpa_driver_nl80211_set_key: ifindex=17 alg=4 addr=0x44fbbe key_idx=4 set_tx=1 seq_len=0 key_len=16 > 1336372202.478349: broadcast key > 1336372202.478389: nl80211: set_key failed; err=-22 Invalid argument) > .... > 1336372202.529973: wlan0: STA 48:5d:60:3e:a3:18 IEEE 802.1X: authenticated - EAP type: 13 (TLS) > > > But there are some questions open anyway: > > - Why is the authentication started here at all, regardless of an error? > - Why does TLS succeed? (802.11g is "working"). > - Why does set_key fail? > > > I'm getting the same error, regardless if nohwcrypt is enabled for > rt2800pci or not. The attached patch seems to enable 802.11w for rt2800pci (AP). It does not work for rt2800usb (rt3572 SUPP), even if the set_key error disappears (originally the flag IEEE80211_HW_MFP_CAPABLE was set unconditionally). I can't say, if it works with all rt2800pci devices and I can't say, if it works with rt2800pci device used as supplicant. Tested (incl. PTK rekeying) with ath9k supplicant. Deauthentication does work fine, too. I couldn't test, if using more then one supplicant at the same time, does work, too. Legacy driver (rt5572sta) seems to not support 802.11w at all (with ralink driver). Even if ieee80211w=2 in supplicant.conf is enabled, it uses plain text management frames. Regards, Andreas Hartmann diff -ur compat-wireless-2012-04-26.orig/drivers/net/wireless/rt2x00/rt2800lib.c compat-wireless-2012-04-26/drivers/net/wireless/rt2x00/rt2800lib.c --- compat-wireless-2012-04-26.orig/drivers/net/wireless/rt2x00/rt2800lib.c 2012-04-26 22:10:30.000000000 +0200 +++ compat-wireless-2012-04-26/drivers/net/wireless/rt2x00/rt2800lib.c 2012-05-07 11:04:17.894354807 +0200 @@ -4528,7 +4528,8 @@ */ if (!rt2x00_is_usb(rt2x00dev)) rt2x00dev->hw->flags |= - IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING; + IEEE80211_HW_HOST_BROADCAST_PS_BUFFERING | + IEEE80211_HW_MFP_CAPABLE; SET_IEEE80211_DEV(rt2x00dev->hw, rt2x00dev->dev); SET_IEEE80211_PERM_ADDR(rt2x00dev->hw,