Bug 154598 - [ath] Atheros 5424/2424 can't connect to WPA network
Summary: [ath] Atheros 5424/2424 can't connect to WPA network
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: wireless (show other bugs)
Version: Unspecified
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-wireless (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-02-08 21:30 UTC by Lars Engels
Modified: 2018-10-04 00:47 UTC (History)
1 user (show)

See Also:
bugmeister: mfc-stable10?
bugmeister: mfc-stable9?
bugmeister: mfc-stable8?


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Lars Engels freebsd_committer 2011-02-08 21:30:07 UTC
As already discussed with adrian on IRC.

Background:
I just changed my home AP from a Linksys WRT54GL (802.11g) running dd-wrt to a TP-Link TL-WR1043ND (IEEE 802.11n) also with dd-wrt.

When I configured the new AP with WPA or WPA2 using TKIP or AES encryption ifconfig shows that I am connected, but I can't get an IP address from DHCP or can ping the AP when I configure an IP address manually:

ifconfig wlan1
wlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:24:2b:0e:a8:5f
        inet6 fe80::224:2bff:fe0e:a85f%wlan1 prefixlen 64 scopeid 0x6
        inet 0.0.0.0 netmask 0xffffffff broadcast 192.168.10.255
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: IEEE 802.11 Wireless Ethernet OFDM/54Mbps mode 11g
        status: associated
        ssid hafenkneipe channel 6 (2437 MHz 11g) bssid d8:5d:4c:9c:35:50
        regdomain 101 indoor ecm authmode WPA privacy ON deftxkey UNDEF
        AES-CCM 2:128-bit txpower 20 bmiss 7 scanvalid 450 bgscan
        bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5 protmode CTS
        wme burst roaming MANUAL


wpa_supplicant.conf:

network={
        ssid="hafenkneipe"
        psk="foobar"
}

With wlandebug turned on I see this in /var/log/messages:

Feb  8 21:54:25 maggie kernel: wlan1: Ethernet address: 00:24:2b:0e:a8:5f
Feb  8 21:54:28 maggie kernel: wlan1: link state changed to UP
Feb  8 21:58:05 maggie kernel: ath0: ath_key_update_begin:
Feb  8 21:58:05 maggie kernel: ath0: ath_key_delete: delete key 4
Feb  8 21:58:05 maggie kernel: ath0: ath_key_update_end:
Feb  8 21:58:05 maggie kernel: wlan1: link state changed to DOWN
Feb  8 21:58:05 maggie kernel: ath0: ath_stop_locked: invalid 0 if_flags 0x8802
Feb  8 21:58:05 maggie kernel: ar5212GetChipPowerLimits: no min/max power for 2312/0xa0
Feb  8 21:58:05 maggie kernel: ath0: ath_key_update_begin:
Feb  8 21:58:05 maggie kernel: ath0: ath_key_update_end:
Feb  8 21:58:05 maggie kernel: ath0: ath_key_update_begin:
Feb  8 21:58:05 maggie kernel: ath0: ath_key_update_end:
Feb  8 21:58:05 maggie kernel: ath0: ath_key_update_begin:
Feb  8 21:58:05 maggie kernel: ath0: ath_key_update_end:
Feb  8 21:58:05 maggie kernel: ath0: ath_key_update_begin:
Feb  8 21:58:05 maggie kernel: ath0: ath_key_update_end:
Feb  8 21:58:05 maggie kernel: ath0: ath_init: if_flags 0x8803
Feb  8 21:58:05 maggie kernel: ath0: ath_stop_locked: invalid 0 if_flags 0x8803
Feb  8 21:58:07 maggie wpa_supplicant[2855]: Trying to associate with d8:5d:4c:9c:35:50 (SSID='hafenkneipe' freq=2437 MHz)
Feb  8 21:58:07 maggie wpa_supplicant[2855]: Associated with d8:5d:4c:9c:35:50
Feb  8 21:58:07 maggie kernel: wlan1: link state changed to UP
Feb  8 21:58:07 maggie kernel: ar5212GetNf: NF did not complete in calibration window
Feb  8 21:58:07 maggie kernel: ath0: ath_key_update_begin:
Feb  8 21:58:07 maggie kernel: ath0: key_alloc_single: key 4
Feb  8 21:58:07 maggie kernel: ath_keyset: [04] AES-CCM 937e65e30ebd9cce6a66e55ebe205e6c mac d8:5d:4c:9c:35:50
Feb  8 21:58:07 maggie kernel: ath0: ath_key_update_end:
Feb  8 21:58:07 maggie kernel: ath0: ath_key_update_begin:
Feb  8 21:58:07 maggie kernel: ath_keyset: [01] AES-CCM 0351763e51f414f841430904f7eb7126 mac d8:5d:4c:9c:35:50
Feb  8 21:58:07 maggie kernel: ath0: ath_key_update_end:
Feb  8 21:58:07 maggie wpa_supplicant[2855]: WPA: Key negotiation completed with d8:5d:4c:9c:35:50 [PTK=CCMP GTK=CCMP]
Feb  8 21:58:07 maggie wpa_supplicant[2855]: CTRL-EVENT-CONNECTED - Connection to d8:5d:4c:9c:35:50 completed (auth) [id=1 id_str=]

If I disable WPA and use an unencrypted network the connection works.


With the same configuration a USB stick (if_rum) works.
Comment 1 Lars Engels freebsd_committer 2011-02-08 21:32:42 UTC
Responsible Changed
From-To: freebsd-bugs->adrian

over to adrian
Comment 2 dfilter service freebsd_committer 2011-02-09 15:23:23 UTC
Author: adrian
Date: Wed Feb  9 15:23:16 2011
New Revision: 218483
URL: http://svn.freebsd.org/changeset/base/218483

Log:
  Fix the keycache behaviour for multicast keycache search.
  
  The correct bit to set is 0x1 in the high MAC address byte, not 0x80.
  The hardware isn't programmed with that bit (which is the multicast
  adress bit.)
  
  The linux ath9k keycache code uses that bit in the MAC as a "this is
  a multicast key!" and doesn't set the AR_KEYTABLE_VALID bit.
  This tells the hardware the MAC isn't to be used for unicast destination
  matching but it can be used for multicast bssid traffic.
  
  This fixes some encryption problems in station mode.
  
  PR: kern/154598

Modified:
  head/sys/dev/ath/ath_hal/ar5212/ar5212_keycache.c
  head/sys/dev/ath/if_ath.c

Modified: head/sys/dev/ath/ath_hal/ar5212/ar5212_keycache.c
==============================================================================
--- head/sys/dev/ath/ath_hal/ar5212/ar5212_keycache.c	Wed Feb  9 14:37:33 2011	(r218482)
+++ head/sys/dev/ath/ath_hal/ar5212/ar5212_keycache.c	Wed Feb  9 15:23:16 2011	(r218483)
@@ -99,11 +99,18 @@ ar5212ResetKeyCacheEntry(struct ath_hal 
 /*
  * Sets the mac part of the specified key cache entry (and any
  * associated MIC entry) and mark them valid.
+ *
+ * Since mac[0] is shifted off and not presented to the hardware,
+ * it does double duty as a "don't use for unicast, use for multicast
+ * matching" flag. This interface should later be extended to
+ * explicitly do that rather than overloading a bit in the MAC
+ * address.
  */
 HAL_BOOL
 ar5212SetKeyCacheEntryMac(struct ath_hal *ah, uint16_t entry, const uint8_t *mac)
 {
 	uint32_t macHi, macLo;
+	uint32_t unicast_flag = AR_KEYTABLE_VALID;
 
 	if (entry >= AH_PRIVATE(ah)->ah_caps.halKeyCacheSize) {
 		HALDEBUG(ah, HAL_DEBUG_ANY, "%s: entry %u out of range\n",
@@ -115,6 +122,16 @@ ar5212SetKeyCacheEntryMac(struct ath_hal
 	 * the 4 MSBs, and MacHi is the 2 LSBs.
 	 */
 	if (mac != AH_NULL) {
+		/*
+		 * AR_KEYTABLE_VALID indicates that the address is a unicast
+		 * address, which must match the transmitter address for
+		 * decrypting frames.
+		 * Not setting this bit allows the hardware to use the key
+		 * for multicast frame decryption.
+		 */
+		if (mac[0] & 0x01)
+			unicast_flag = 0;
+
 		macHi = (mac[5] << 8) | mac[4];
 		macLo = (mac[3] << 24)| (mac[2] << 16)
 		      | (mac[1] << 8) | mac[0];
@@ -125,7 +142,7 @@ ar5212SetKeyCacheEntryMac(struct ath_hal
 		macLo = macHi = 0;
 	}
 	OS_REG_WRITE(ah, AR_KEYTABLE_MAC0(entry), macLo);
-	OS_REG_WRITE(ah, AR_KEYTABLE_MAC1(entry), macHi | AR_KEYTABLE_VALID);
+	OS_REG_WRITE(ah, AR_KEYTABLE_MAC1(entry), macHi | unicast_flag);
 	return AH_TRUE;
 }
 

Modified: head/sys/dev/ath/if_ath.c
==============================================================================
--- head/sys/dev/ath/if_ath.c	Wed Feb  9 14:37:33 2011	(r218482)
+++ head/sys/dev/ath/if_ath.c	Wed Feb  9 15:23:16 2011	(r218483)
@@ -1938,10 +1938,10 @@ ath_keyset(struct ath_softc *sc, const s
 		/*
 		 * Group keys on hardware that supports multicast frame
 		 * key search use a MAC that is the sender's address with
-		 * the high bit set instead of the app-specified address.
+		 * the multicast bit set instead of the app-specified address.
 		 */
 		IEEE80211_ADDR_COPY(gmac, bss->ni_macaddr);
-		gmac[0] |= 0x80;
+		gmac[0] |= 0x01;
 		mac = gmac;
 	} else
 		mac = k->wk_macaddr;
_______________________________________________
svn-src-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"
Comment 3 Eitan Adler freebsd_committer freebsd_triage 2011-03-01 15:10:52 UTC
State Changed
From-To: open->patched

committed in head (r218483)
Comment 4 Adrian Chadd freebsd_committer 2011-04-09 04:02:32 UTC
Responsible Changed
From-To: adrian->freebsd-wireless

bump to mailing-list
Comment 5 Ed Maste freebsd_committer 2018-10-04 00:47:11 UTC
Adrian is this complete?