kern/154237: [ath] AR9280 w/ AES-CCMP (WPA2) group key does not work

Adrian Chadd adrian at FreeBSD.org
Sun Jan 23 11:40:12 UTC 2011 

>Number:         154237
>Category:       kern
>Synopsis:       [ath] AR9280 w/ AES-CCMP (WPA2) group key does not work
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 23 11:40:11 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Adrian Chadd
>Release:        HEAD r217687
>Organization:
>Environment:
FreeBSD i386
>Description:
Associating to my local TP-Link WN-1043ND running OpenWRT works, but no traffic is passed.

Turning on the keycache debugging (athdebug +keycache) shows that the group keys are being installed in slots 1+2 (alternating for each group rekey), with the unicast key in slot 4.

Associating to the AP in WPA1 mode w/ TKIP as the group key shows no issue.

One important part - the MAC of the device is 94:0c:6d:fe:4f:20; notice the high bit of the MAC address is set. This is apparently a sign to the keycache that the key is a multicast key.

Just as a side-note; Working AES-CCMP WPA/WPA2 is required for 802.11n.
>How-To-Repeat:

>Fix:
If an AES group key is not installed in the shared key space (key 0->3), the problem goes away.

I'm not sure whether AR_KEYTABLE_VALID in the keycache entry is supposed to be involved here or not. I need to do some further digging.

This seems to fix it:

Index: if_ath.c
===================================================================
--- if_ath.c	(revision 217719)
+++ if_ath.c	(working copy)
@@ -2223,6 +2223,11 @@
 {
 	struct ath_softc *sc = vap->iv_ic->ic_ifp->if_softc;
 
+	/* Station mode? Don't use the group keys for AES/CCMP */
+	if (vap->iv_opmode == IEEE80211_M_STA && sc->sc_mcastkey && k->wk_cipher->ic_cipher == IEEE80211_CIPHER_AES_CCM) {
+		return key_alloc_single(sc, keyix, rxkeyix);
+	}
+
 	/*
 	 * Group key allocation must be handled specially for
 	 * parts that do not support multicast key cache search


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list