kern/154237: [ath] AR9280 w/ AES-CCMP (WPA2) group key does not work
Adrian Chadd
adrian at FreeBSD.org
Sun Jan 23 11:40:12 UTC 2011
>Number: 154237
>Category: kern
>Synopsis: [ath] AR9280 w/ AES-CCMP (WPA2) group key does not work
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Jan 23 11:40:11 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Adrian Chadd
>Release: HEAD r217687
>Organization:
>Environment:
FreeBSD i386
>Description:
Associating to my local TP-Link WN-1043ND running OpenWRT works, but no traffic is passed.
Turning on the keycache debugging (athdebug +keycache) shows that the group keys are being installed in slots 1+2 (alternating for each group rekey), with the unicast key in slot 4.
Associating to the AP in WPA1 mode w/ TKIP as the group key shows no issue.
One important part - the MAC of the device is 94:0c:6d:fe:4f:20; notice the high bit of the MAC address is set. This is apparently a sign to the keycache that the key is a multicast key.
Just as a side-note; Working AES-CCMP WPA/WPA2 is required for 802.11n.
>How-To-Repeat:
>Fix:
If an AES group key is not installed in the shared key space (key 0->3), the problem goes away.
I'm not sure whether AR_KEYTABLE_VALID in the keycache entry is supposed to be involved here or not. I need to do some further digging.
This seems to fix it:
Index: if_ath.c
===================================================================
--- if_ath.c (revision 217719)
+++ if_ath.c (working copy)
@@ -2223,6 +2223,11 @@
{
struct ath_softc *sc = vap->iv_ic->ic_ifp->if_softc;
+ /* Station mode? Don't use the group keys for AES/CCMP */
+ if (vap->iv_opmode == IEEE80211_M_STA && sc->sc_mcastkey && k->wk_cipher->ic_cipher == IEEE80211_CIPHER_AES_CCM) {
+ return key_alloc_single(sc, keyix, rxkeyix);
+ }
+
/*
* Group key allocation must be handled specially for
* parts that do not support multicast key cache search
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list