We have a wireless network with dynamically set wep keys on some sort of
cisco APs. With compat-wireless-2008-04-22 I can reliably associate
(dynamic wep, EAP-TTLS with phase 2 PAP auth) using
wpa_supplicant-0.6.3. But I do not obtain a DHCP lease, and I'm
suspecting that my outgoing packets are dropped by the AP.
There was a similar thread on this list about one month ago (same
topic), and Tomas Winkler wrote "Please validate that you are receiving
two keys from a supplicant. The order should be first unicast then
broadcast key." For the record, the AP sets the keys in the reverse
order:
wpa_supplicant -Dwext -iwlan0 -c /root/wpa_supplicant.conf -ddd
[...]
CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
RX EAPOL from 00:15:c6:5e:e5:70
RX EAPOL - hexdump(len=61): 01 03 00 39 01 00 0d 00 00 48 0f 65 c8 37 56
a8 32 17 1a 5f 38 4d 50 5b b9 11 13 4c 61 af 30 02 e0 29 39 c8 e4 ee e4
00 c8 e3 75 99 cf 2f 5c 72 31 b8 c8 e1 07 83 ff d9 01 82 08 6c 08
EAPOL: Received EAPOL-Key frame
EAPOL: KEY_RX entering state KEY_RECEIVE
EAPOL: processKey
EAPOL: RX IEEE 802.1X ver=1 type=3 len=57 EAPOL-Key: type=1
key_length=13 key_index=0x2
EAPOL: Successfully fetched key (len=64)
EAPOL: EAPOL-Key key signature verified
EAPOL: Decrypted(RC4) key - hexdump(len=13): [REMOVED]
EAPOL: Setting dynamic WEP key: broadcast keyidx 2 len 13
wpa_driver_wext_set_key: alg=1 key_idx=2 set_tx=0 seq_len=0 key_len=13
RX EAPOL from 00:15:c6:5e:e5:70
RX EAPOL - hexdump(len=48): 01 03 00 2c 01 00 0d 00 00 48 0f 65 c8 37 57
71 cf 6b a3 b1 08 ce 88 d0 ca 0a 0c 00 84 7b c4 83 5e 20 c0 0d a2 f9 ce
f0 94 5f 38 ee e7 7c 68 3a
EAPOL: Received EAPOL-Key frame
EAPOL: KEY_RX entering state KEY_RECEIVE
EAPOL: processKey
EAPOL: RX IEEE 802.1X ver=1 type=3 len=44 EAPOL-Key: type=1
key_length=13 key_index=0x83
EAPOL: Successfully fetched key (len=64)
EAPOL: EAPOL-Key key signature verified
EAPOL: using part of EAP keying material data encryption key -
hexdump(len=13): [REMOVED]
EAPOL: Setting dynamic WEP key: unicast keyidx 3 len 13
wpa_driver_wext_set_key: alg=1 key_idx=3 set_tx=128 seq_len=0 key_len=13
EAPOL: all required EAPOL-Key frames received
WPA: EAPOL processing complete
Cancelling scan request
Cancelling authentication timeout
State: ASSOCIATED -> COMPLETED
[...]
Finally, I'm enabling some TX debugging:
echo 0x20800002 >> /sys/bus/pci/drivers/iwl4965/debug_level
This is what I get in the log:
Apr 22 19:02:56 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
Apr 22 19:02:56 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
Apr 22 19:02:56 localhost dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 14
Apr 22 19:02:56 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x8003 retries 5
Apr 22 19:02:57 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(90 bytes) at rate 0x21c
Apr 22 19:02:57 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
Apr 22 19:02:57 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x8003 retries 4
Apr 22 19:03:01 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(90 bytes) at rate 0x21c
Apr 22 19:03:01 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
Apr 22 19:03:01 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 2
Apr 22 19:03:12 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
Apr 22 19:03:12 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
Apr 22 19:03:12 localhost dhclient: DHCPREQUEST on wlan0 to 255.255.255.255 port 67
Apr 22 19:03:12 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 0
Apr 22 19:03:17 localhost dhclient: DHCPREQUEST on wlan0 to 255.255.255.255 port 67
Apr 22 19:03:17 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
Apr 22 19:03:17 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
Apr 22 19:03:17 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 2
Apr 22 19:03:22 localhost dhclient: DHCPREQUEST on wlan0 to 255.255.255.255 port 67
Apr 22 19:03:22 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
Apr 22 19:03:22 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
Apr 22 19:03:22 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 2
Apr 22 19:03:28 localhost dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 6
Apr 22 19:03:28 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
Apr 22 19:03:28 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
Apr 22 19:03:28 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 2
Apr 22 19:03:34 localhost dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 9
Apr 22 19:03:34 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
Apr 22 19:03:34 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
I thought the DHCP broadcast ought to be encrypted with the broadcast
key (=keyidx 2)?? But its encrypted with the unicast key (keyidx 3). Or
am I really confused here? Please let me know if you have any ideas to
fix this!
Cheers,
Volker
On Wed, Apr 23, 2008 at 7:52 PM, Volker Braun <[email protected]> wrote:
> We have a wireless network with dynamically set wep keys on some sort of
> cisco APs. With compat-wireless-2008-04-22 I can reliably associate
> (dynamic wep, EAP-TTLS with phase 2 PAP auth) using
> wpa_supplicant-0.6.3. But I do not obtain a DHCP lease, and I'm
> suspecting that my outgoing packets are dropped by the AP.
>
> There was a similar thread on this list about one month ago (same
> topic), and Tomas Winkler wrote "Please validate that you are receiving
> two keys from a supplicant. The order should be first unicast then
> broadcast key." For the record, the AP sets the keys in the reverse
> order:
>
> wpa_supplicant -Dwext -iwlan0 -c /root/wpa_supplicant.conf -ddd
>
> [...]
> CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully
> EAPOL: SUPP_BE entering state RECEIVE
> EAPOL: SUPP_BE entering state SUCCESS
> EAPOL: SUPP_BE entering state IDLE
> RX EAPOL from 00:15:c6:5e:e5:70
> RX EAPOL - hexdump(len=61): 01 03 00 39 01 00 0d 00 00 48 0f 65 c8 37 56
> a8 32 17 1a 5f 38 4d 50 5b b9 11 13 4c 61 af 30 02 e0 29 39 c8 e4 ee e4
> 00 c8 e3 75 99 cf 2f 5c 72 31 b8 c8 e1 07 83 ff d9 01 82 08 6c 08
> EAPOL: Received EAPOL-Key frame
> EAPOL: KEY_RX entering state KEY_RECEIVE
> EAPOL: processKey
> EAPOL: RX IEEE 802.1X ver=1 type=3 len=57 EAPOL-Key: type=1
> key_length=13 key_index=0x2
> EAPOL: Successfully fetched key (len=64)
> EAPOL: EAPOL-Key key signature verified
> EAPOL: Decrypted(RC4) key - hexdump(len=13): [REMOVED]
> EAPOL: Setting dynamic WEP key: broadcast keyidx 2 len 13
> wpa_driver_wext_set_key: alg=1 key_idx=2 set_tx=0 seq_len=0 key_len=13
> RX EAPOL from 00:15:c6:5e:e5:70
> RX EAPOL - hexdump(len=48): 01 03 00 2c 01 00 0d 00 00 48 0f 65 c8 37 57
> 71 cf 6b a3 b1 08 ce 88 d0 ca 0a 0c 00 84 7b c4 83 5e 20 c0 0d a2 f9 ce
> f0 94 5f 38 ee e7 7c 68 3a
> EAPOL: Received EAPOL-Key frame
> EAPOL: KEY_RX entering state KEY_RECEIVE
> EAPOL: processKey
> EAPOL: RX IEEE 802.1X ver=1 type=3 len=44 EAPOL-Key: type=1
> key_length=13 key_index=0x83
> EAPOL: Successfully fetched key (len=64)
> EAPOL: EAPOL-Key key signature verified
> EAPOL: using part of EAP keying material data encryption key -
> hexdump(len=13): [REMOVED]
> EAPOL: Setting dynamic WEP key: unicast keyidx 3 len 13
> wpa_driver_wext_set_key: alg=1 key_idx=3 set_tx=128 seq_len=0 key_len=13
> EAPOL: all required EAPOL-Key frames received
> WPA: EAPOL processing complete
> Cancelling scan request
> Cancelling authentication timeout
> State: ASSOCIATED -> COMPLETED
> [...]
>
> Finally, I'm enabling some TX debugging:
>
> echo 0x20800002 >> /sys/bus/pci/drivers/iwl4965/debug_level
>
> This is what I get in the log:
>
> Apr 22 19:02:56 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
> Apr 22 19:02:56 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
> Apr 22 19:02:56 localhost dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 14
> Apr 22 19:02:56 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x8003 retries 5
> Apr 22 19:02:57 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(90 bytes) at rate 0x21c
> Apr 22 19:02:57 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
> Apr 22 19:02:57 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x8003 retries 4
> Apr 22 19:03:01 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(90 bytes) at rate 0x21c
> Apr 22 19:03:01 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
> Apr 22 19:03:01 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 2
> Apr 22 19:03:12 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
> Apr 22 19:03:12 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
> Apr 22 19:03:12 localhost dhclient: DHCPREQUEST on wlan0 to 255.255.255.255 port 67
> Apr 22 19:03:12 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 0
> Apr 22 19:03:17 localhost dhclient: DHCPREQUEST on wlan0 to 255.255.255.255 port 67
> Apr 22 19:03:17 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
> Apr 22 19:03:17 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
> Apr 22 19:03:17 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 2
> Apr 22 19:03:22 localhost dhclient: DHCPREQUEST on wlan0 to 255.255.255.255 port 67
> Apr 22 19:03:22 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
> Apr 22 19:03:22 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
> Apr 22 19:03:22 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 2
> Apr 22 19:03:28 localhost dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 6
> Apr 22 19:03:28 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
> Apr 22 19:03:28 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
> Apr 22 19:03:28 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 2
> Apr 22 19:03:34 localhost dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 9
> Apr 22 19:03:34 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
> Apr 22 19:03:34 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
>
>
> I thought the DHCP broadcast ought to be encrypted with the broadcast
> key (=keyidx 2)?? But its encrypted with the unicast key (keyidx 3). Or
> am I really confused here? Please let me know if you have any ideas to
> fix this!
>
Driver assumes that unicast key is assigned first as usually broadcast
key handshake encrypted with unicast key.
This probably is not always the case.
We'll try to reproduce and fix this.
Thanks
Tomas
On Tue, May 6, 2008 at 10:22 AM, drago01 <[email protected]> wrote:
> On Tue, May 6, 2008 at 8:46 AM, Emmanuel Grumbach <[email protected]> wrote:
> > > I just tried compat-wireless-2008-05-05, which does contain
> > > 03dcb07e74a62eec2badb9f6a091790c484f4a6c. No difference:
> > >
> >
> > Thanks for trying this.
> > Can you try to load the module with swcrypto=1 and try again ?
> > This disables the HW encryption acceleration. Trying this will allow
> > to make 100% sure that the bug is in iwlwifi. The bug is likely to be
> > there, but I think it is worth to make this 100% sure.
>
> Well it happens for me with iwl3945 which uses swcrypto by default see:
>
> http://marc.info/?l=linux-wireless&m=120699235803881&w=2
>
Actually, I made quite a lot of changes in security in iwl4965 that
are not in iwl3945 so I think it is worth trying with iwl4965 in SW.
The security code is not the same between 3945 and 4965
--
Emmanuel Grumbach
[email protected]
> I thought the DHCP broadcast ought to be encrypted with the broadcast
> key (=keyidx 2)?? But its encrypted with the unicast key (keyidx 3). Or
> am I really confused here? Please let me know if you have any ideas to
> fix this!
>
Nope, a station never encrypts with broadcast key, it always encrypts
to the AP: RA = MAC of the AP, and TA = broadcast MAC.
So the key used for encryption of broadcast packet should be the
unicast key. The broadcast key is useful for RX only.
--
Emmanuel Grumbach
[email protected]
On Thu, May 8, 2008 at 9:31 PM, Volker Braun <[email protected]> wrote:
> Here is more data on my problem with dynamic wep.
>
Thanks for that !
> compat-wireless-2008-05-07 + iwl4965 + swcrypto=1: Associates and
> obtains dhcp lease, works fine.
>
> So it really is about the HW accelleration. I tried your patch (without
> swcrypto=1). First, output of wpa_supplicant:
>
Yep...
> Your patch yields:
>
> May 8 14:03:54 localhost kernel: iwl4965: enable hwcrypto key sta=31 alg=0,keyid=1 static_key=1
> May 8 14:03:54 localhost kernel: iwl4965: enable hwcrypto key sta=0 alg=0,keyid=3 static_key=0
>
sta_id 31 is the broadcast station => key_idx = 1 for bcast station
This really proves what Tomas said: you get the unicast key after the
groupkey. Quite strange, we thought it couldn't happen, and actually,
we hadn't any use case that led to this scenario. I am not sure I will
be able to reproduce the bug here, in any case, I understand what the
issue is and will try to send a patch shortly (next week)
> Should static_key not be the other way round (key_idx 3 is unicast)? In
> any case, after a while the broadcast key gets updated: wpa_supplicant
> says
>
{...}
This is likely because your AP is configured to rekey the groupkey
every ... minutes. So the groupkey is updated.
> May 8 14:05:10 localhost kernel: iwl4965: enable hwcrypto key sta=31 alg=0,keyid=2 static_key=0
Yep, the idx of the group key is now 2 (it was 1 before)
> May 8 14:10:30 localhost kernel: iwl4965: disable hwcrypto key sta=31 alg=0,keyid=1 static_key=1
> May 8 14:10:30 localhost kernel: iwl4965: enable hwcrypto key sta=31 alg=0,keyid=1 static_key=0
See ? now the group key idx and 1 again. This is normal, this the way
the AP switches between the keys:
1, 2, 1, 2, ....
wpa_supp first install 1, then 2, then removes one (the disable
hwcrypto line) and updates the "new" 1 etc....
thanks
--
Emmanuel Grumbach
[email protected]
> I just tried compat-wireless-2008-05-05, which does contain
> 03dcb07e74a62eec2badb9f6a091790c484f4a6c. No difference:
>
Thanks for trying this.
Can you try to load the module with swcrypto=1 and try again ?
This disables the HW encryption acceleration. Trying this will allow
to make 100% sure that the bug is in iwlwifi. The bug is likely to be
there, but I think it is worth to make this 100% sure.
Do you have a sniffer ? a capture might help.
Please, try with HW acceleration (without swcrypto=1) and with the
attached patch. This will give us some more info.
0001-iwlwifi-DEBUG-print-data-about-keys-installation.patch
---------------------------------
>From 66b6ea7e885e2f6d76c3f6af822100185d9c56f6 Mon Sep 17 00:00:00 2001
From: Emmanuel Grumbach <[email protected]>
Date: Tue, 6 May 2008 09:37:14 +0300
Subject: [PATCH 1/1] iwlwifi-DEBUG: print data about keys installation
Signed-off-by: Emmanuel Grumbach <[email protected]>
---
drivers/net/wireless/iwlwifi/iwl4965-base.c | 8 ++++++--
1 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/net/wireless/iwlwifi/iwl4965-base.c
b/drivers/net/wireless/iwlwifi/iwl4965-base.c
index f93503e..04d195b 100644
--- a/drivers/net/wireless/iwlwifi/iwl4965-base.c
+++ b/drivers/net/wireless/iwlwifi/iwl4965-base.c
@@ -5702,7 +5702,9 @@ static int iwl4965_mac_set_key(struct
ieee80211_hw *hw, enum set_key_cmd cmd,
else
ret = iwl_set_dynamic_key(priv, key, sta_id);
- IWL_DEBUG_MAC80211("enable hwcrypto key\n");
+ IWL_ERROR("enable hwcrypto key sta=%d alg=%d,
+ keyid=%d static_key=%d\n",
+ sta_id, key->alg, key->keyidx, is_default_wep_key);
break;
case DISABLE_KEY:
if (is_default_wep_key)
@@ -5710,7 +5712,9 @@ static int iwl4965_mac_set_key(struct
ieee80211_hw *hw, enum set_key_cmd cmd,
else
ret = iwl_remove_dynamic_key(priv, key, sta_id);
- IWL_DEBUG_MAC80211("disable hwcrypto key\n");
+ IWL_ERROR("disable hwcrypto key sta=%d alg=%d,
+ keyid=%d static_key=%d\n",
+ sta_id, key->alg, key->keyidx, is_default_wep_key);
break;
default:
ret = -EINVAL;
--
1.5.4.1
Thanks
--
Emmanuel Grumbach
[email protected]
I tried the patch and now my wireless works perfectly. Thank you! Let me
know when your "official" patch is ready then I'll test it as well.
Volker
On Mon, 2008-05-12 at 12:13 +0300, Emmanuel Grumbach wrote:
> here is the patch I promised last week, can you please try it ?
On Mon, May 12, 2008 at 2:22 PM, Tomas Winkler <[email protected]> wrote:
>
> On Mon, May 12, 2008 at 3:10 PM, drago01 <[email protected]> wrote:
> > On Mon, May 12, 2008 at 2:07 PM, Tomas Winkler <[email protected]> wrote:
> >>
> >> On Mon, May 12, 2008 at 2:47 PM, drago01 <[email protected]> wrote:
> >> > On Tue, May 6, 2008 at 2:14 PM, Emmanuel Grumbach
> <[email protected]> wrote:
> >> >>
> >> >> On Tue, May 6, 2008 at 3:10 PM, drago01 <[email protected]> wrote:
> >> >> >
> >> >> > On Tue, May 6, 2008 at 9:32 AM, Emmanuel Grumbach
> >> <[email protected]> wrote:
> >> >> > >
> >> >> > > On Tue, May 6, 2008 at 10:22 AM, drago01 <[email protected]> wrote:
> >> >> > > > On Tue, May 6, 2008 at 8:46 AM, Emmanuel Grumbach
> >> <[email protected]> wrote:
> >> >> > > > > > I just tried compat-wireless-2008-05-05, which
> does contain
> >> >> > > > > > 03dcb07e74a62eec2badb9f6a091790c484f4a6c. No difference:
> >> >> > > > > >
> >> >> > > > >
> >> >> > > > > Thanks for trying this.
> >> >> > > > > Can you try to load the module with swcrypto=1 and
> try again ?
> >> >> > > > > This disables the HW encryption acceleration. Trying
> >> this will allow
> >> >> > > > > to make 100% sure that the bug is in iwlwifi. The bug
> >> is likely to be
> >> >> > > > > there, but I think it is worth to make this 100% sure.
> >> >> > > >
> >> >> > > > Well it happens for me with iwl3945 which uses swcrypto
> >> by default see:
> >> >> > > >
> >> >> > > > http://marc.info/?l=linux-wireless&m=120699235803881&w=2
> >> >> > > >
> >> >> > >
> >> >> > > Actually, I made quite a lot of changes in security in
> iwl4965 that
> >> >> > > are not in iwl3945 so I think it is worth trying with
> iwl4965 in SW.
> >> >> > > The security code is not the same between 3945 and 4965
> >> >> >
> >> >> > OK, are you planning to port this changes/fixes to 3945 ?
> >> >> >
> >> >>
> >> >> Well... Low priority...
> >> >
> >> > This changes fix an important bug that otherwise make the driver
> >> > useless in some configurations.
> >> > So I think it should be backported to 3945 (even when development is
> >> > focused on newer hardware)
> >>
> >> But 3945 uses SW encryption this fix is for HW crypto.
> >
> > I was talking about this:
> > "Actually, I made quite a lot of changes in security in iwl4965 that
> > are not in iwl3945 so I think it is worth trying with iwl4965 in SW.
> > The security code is not the same between 3945 and 4965"
> > which seemed to work for Volker using swcrypto
>
> SW crypto is handled by mac80211 so I ponder why it works above 4965
> and not over 3945 but it has nothing to do with this particular change
OK, Johannes any idea why this happens?
On Mon, May 12, 2008 at 3:10 PM, drago01 <[email protected]> wrote:
> On Mon, May 12, 2008 at 2:07 PM, Tomas Winkler <[email protected]> wrote:
>>
>> On Mon, May 12, 2008 at 2:47 PM, drago01 <[email protected]> wrote:
>> > On Tue, May 6, 2008 at 2:14 PM, Emmanuel Grumbach
<[email protected]> wrote:
>> >>
>> >> On Tue, May 6, 2008 at 3:10 PM, drago01 <[email protected]> wrote:
>> >> >
>> >> > On Tue, May 6, 2008 at 9:32 AM, Emmanuel Grumbach
>> <[email protected]> wrote:
>> >> > >
>> >> > > On Tue, May 6, 2008 at 10:22 AM, drago01 <[email protected]> wrote:
>> >> > > > On Tue, May 6, 2008 at 8:46 AM, Emmanuel Grumbach
>> <[email protected]> wrote:
>> >> > > > > > I just tried compat-wireless-2008-05-05, which
does contain
>> >> > > > > > 03dcb07e74a62eec2badb9f6a091790c484f4a6c. No difference:
>> >> > > > > >
>> >> > > > >
>> >> > > > > Thanks for trying this.
>> >> > > > > Can you try to load the module with swcrypto=1 and
try again ?
>> >> > > > > This disables the HW encryption acceleration. Trying
>> this will allow
>> >> > > > > to make 100% sure that the bug is in iwlwifi. The bug
>> is likely to be
>> >> > > > > there, but I think it is worth to make this 100% sure.
>> >> > > >
>> >> > > > Well it happens for me with iwl3945 which uses swcrypto
>> by default see:
>> >> > > >
>> >> > > > http://marc.info/?l=linux-wireless&m=120699235803881&w=2
>> >> > > >
>> >> > >
>> >> > > Actually, I made quite a lot of changes in security in
iwl4965 that
>> >> > > are not in iwl3945 so I think it is worth trying with
iwl4965 in SW.
>> >> > > The security code is not the same between 3945 and 4965
>> >> >
>> >> > OK, are you planning to port this changes/fixes to 3945 ?
>> >> >
>> >>
>> >> Well... Low priority...
>> >
>> > This changes fix an important bug that otherwise make the driver
>> > useless in some configurations.
>> > So I think it should be backported to 3945 (even when development is
>> > focused on newer hardware)
>>
>> But 3945 uses SW encryption this fix is for HW crypto.
>
> I was talking about this:
> "Actually, I made quite a lot of changes in security in iwl4965 that
> are not in iwl3945 so I think it is worth trying with iwl4965 in SW.
> The security code is not the same between 3945 and 4965"
> which seemed to work for Volker using swcrypto
SW crypto is handled by mac80211 so I ponder why it works above 4965
and not over 3945 but it has nothing to do with this particular change
Thanks
Tomas
On Tue, May 6, 2008 at 8:46 AM, Emmanuel Grumbach <[email protected]> wrote:
> > I just tried compat-wireless-2008-05-05, which does contain
> > 03dcb07e74a62eec2badb9f6a091790c484f4a6c. No difference:
> >
>
> Thanks for trying this.
> Can you try to load the module with swcrypto=1 and try again ?
> This disables the HW encryption acceleration. Trying this will allow
> to make 100% sure that the bug is in iwlwifi. The bug is likely to be
> there, but I think it is worth to make this 100% sure.
Well it happens for me with iwl3945 which uses swcrypto by default see:
http://marc.info/?l=linux-wireless&m=120699235803881&w=2
On Tue, May 13, 2008 at 5:06 PM, Emmanuel Grumbach <[email protected]> wrote:
> The official patch will be sent by Yi Zhu in the next bunch of
> patches, please look for iwlwifi: clean up and bug fix in security
>
> thanks for reporting and help with debug
>
To be precise we will issues two versions of this patch. One against
upstream and second that fits to our current development tree.
Thanks
Tomas
>
here is the patch I promised last week, can you please try it ?
You might have some trouble to apply since my code base slightly
differs from yours.
--------------------------------
>From 860fe4a63b1e9be8047f1b2f37c9072e92df5a5b Mon Sep 17 00:00:00 2001
From: Emmanuel Grumbach <[email protected]>
Date: Mon, 12 May 2008 10:21:01 +0300
Subject: [PATCH] iwlwifi: code clean up in security
This patch cleans up code in security. This clean up uses the
new pointer to ieee80211_key_conf passed with the tx_control.
Signed-off-by: Emmanuel Grumbach <[email protected]>
---
drivers/net/wireless/iwlwifi/iwl-sta.c | 24 +++++++--------
drivers/net/wireless/iwlwifi/iwl4965-base.c | 43 +++++++++------------------
2 files changed, 25 insertions(+), 42 deletions(-)
diff --git a/drivers/net/wireless/iwlwifi/iwl-sta.c
b/drivers/net/wireless/iwlwifi/iwl-sta.c
index c8e468f..ab3e223 100644
--- a/drivers/net/wireless/iwlwifi/iwl-sta.c
+++ b/drivers/net/wireless/iwlwifi/iwl-sta.c
@@ -324,7 +324,7 @@ int iwl_set_default_wep_key(struct iwl_priv *priv,
unsigned long flags;
keyconf->flags &= ~IEEE80211_KEY_FLAG_GENERATE_IV;
- keyconf->hw_key_idx = keyconf->keyidx;
+ keyconf->hw_key_idx = 1;
priv->stations[IWL_AP_ID].keyinfo.alg = ALG_WEP;
spin_lock_irqsave(&priv->sta_lock, flags);
@@ -354,7 +354,6 @@ static int iwl_set_wep_dynamic_key_info(struct
iwl_priv *priv,
int ret;
keyconf->flags &= ~IEEE80211_KEY_FLAG_GENERATE_IV;
- keyconf->hw_key_idx = keyconf->keyidx;
key_flags |= (STA_KEY_FLG_WEP | STA_KEY_FLG_MAP_KEY_MSK);
key_flags |= cpu_to_le16(keyconf->keyidx << STA_KEY_FLG_KEYID_POS);
@@ -411,7 +410,6 @@ static int iwl_set_ccmp_dynamic_key_info(struct
iwl_priv *priv,
key_flags |= STA_KEY_MULTICAST_MSK;
keyconf->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
- keyconf->hw_key_idx = keyconf->keyidx;
spin_lock_irqsave(&priv->sta_lock, flags);
priv->stations[sta_id].keyinfo.alg = keyconf->alg;
@@ -449,12 +447,10 @@ static int iwl_set_tkip_dynamic_key_info(struct
iwl_priv *priv,
keyconf->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
keyconf->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
- keyconf->hw_key_idx = keyconf->keyidx;
spin_lock_irqsave(&priv->sta_lock, flags);
priv->stations[sta_id].keyinfo.alg = keyconf->alg;
- priv->stations[sta_id].keyinfo.conf = keyconf;
priv->stations[sta_id].keyinfo.keylen = 16;
if ((priv->stations[sta_id].sta.key.key_flags & STA_KEY_FLG_ENCRYPT_MSK)
@@ -483,7 +479,7 @@ int iwl_remove_dynamic_key(struct iwl_priv *priv,
u16 key_flags;
u8 keyidx;
- priv->key_mapping_key = 0;
+ priv->key_mapping_key--;
spin_lock_irqsave(&priv->sta_lock, flags);
key_flags = le16_to_cpu(priv->stations[sta_id].sta.key.key_flags);
@@ -521,24 +517,26 @@ int iwl_remove_dynamic_key(struct iwl_priv *priv,
EXPORT_SYMBOL(iwl_remove_dynamic_key);
int iwl_set_dynamic_key(struct iwl_priv *priv,
- struct ieee80211_key_conf *key, u8 sta_id)
+ struct ieee80211_key_conf *keyconf, u8 sta_id)
{
int ret;
- priv->key_mapping_key = 1;
+ priv->key_mapping_key++;
+ priv->stations[sta_id].keyinfo.conf = keyconf;
+ keyconf->hw_key_idx = 0;
- switch (key->alg) {
+ switch (keyconf->alg) {
case ALG_CCMP:
- ret = iwl_set_ccmp_dynamic_key_info(priv, key, sta_id);
+ ret = iwl_set_ccmp_dynamic_key_info(priv, keyconf, sta_id);
break;
case ALG_TKIP:
- ret = iwl_set_tkip_dynamic_key_info(priv, key, sta_id);
+ ret = iwl_set_tkip_dynamic_key_info(priv, keyconf, sta_id);
break;
case ALG_WEP:
- ret = iwl_set_wep_dynamic_key_info(priv, key, sta_id);
+ ret = iwl_set_wep_dynamic_key_info(priv, keyconf, sta_id);
break;
default:
- IWL_ERROR("Unknown alg: %s alg = %d\n", __func__, key->alg);
+ IWL_ERROR("Unknown alg: %s alg = %d\n", __func__, keyconf->alg);
ret = -EINVAL;
}
diff --git a/drivers/net/wireless/iwlwifi/iwl4965-base.c
b/drivers/net/wireless/iwlwifi/iwl4965-base.c
index 481e943..492fc63 100644
--- a/drivers/net/wireless/iwlwifi/iwl4965-base.c
+++ b/drivers/net/wireless/iwlwifi/iwl4965-base.c
@@ -1466,16 +1466,13 @@ static void
iwl4965_build_tx_cmd_hwcrypto(struct iwl_priv *priv,
struct sk_buff *skb_frag,
int sta_id)
{
- struct iwl_hw_key *keyinfo = &priv->stations[sta_id].keyinfo;
- struct iwl_wep_key *wepkey;
int keyidx = 0;
+ struct ieee80211_key_conf *keyconf = ctl->hw_key;
- BUG_ON(ctl->hw_key->hw_key_idx > 3);
-
- switch (keyinfo->alg) {
+ switch (keyconf->alg) {
case ALG_CCMP:
cmd->cmd.tx.sec_ctl = TX_CMD_SEC_CCM;
- memcpy(cmd->cmd.tx.key, keyinfo->key, keyinfo->keylen);
+ memcpy(cmd->cmd.tx.key, keyconf->key, keyconf->keylen);
if (ctl->flags & IEEE80211_TXCTL_AMPDU)
cmd->cmd.tx.tx_flags |= TX_CMD_FLG_AGG_CCMP_MSK;
IWL_DEBUG_TX("tx_cmd with aes hwcrypto\n");
@@ -1483,39 +1480,26 @@ static void
iwl4965_build_tx_cmd_hwcrypto(struct iwl_priv *priv,
case ALG_TKIP:
cmd->cmd.tx.sec_ctl = TX_CMD_SEC_TKIP;
- ieee80211_get_tkip_key(keyinfo->conf, skb_frag,
+ ieee80211_get_tkip_key(keyconf, skb_frag,
IEEE80211_TKIP_P2_KEY, cmd->cmd.tx.key);
IWL_DEBUG_TX("tx_cmd with tkip hwcrypto\n");
break;
case ALG_WEP:
- wepkey = &priv->wep_keys[ctl->hw_key->hw_key_idx];
- cmd->cmd.tx.sec_ctl = 0;
- if (priv->default_wep_key) {
- /* the WEP key was sent as static */
- keyidx = ctl->hw_key->hw_key_idx;
- memcpy(&cmd->cmd.tx.key[3], wepkey->key,
- wepkey->key_size);
- if (wepkey->key_size == WEP_KEY_LEN_128)
- cmd->cmd.tx.sec_ctl |= TX_CMD_SEC_KEY128;
- } else {
- /* the WEP key was sent as dynamic */
- keyidx = keyinfo->keyidx;
- memcpy(&cmd->cmd.tx.key[3], keyinfo->key,
- keyinfo->keylen);
- if (keyinfo->keylen == WEP_KEY_LEN_128)
- cmd->cmd.tx.sec_ctl |= TX_CMD_SEC_KEY128;
- }
+ cmd->cmd.tx.sec_ctl = (TX_CMD_SEC_WEP |
+ (keyconf->keyidx & TX_CMD_SEC_MSK) << TX_CMD_SEC_SHIFT);
- cmd->cmd.tx.sec_ctl |= (TX_CMD_SEC_WEP |
- (keyidx & TX_CMD_SEC_MSK) << TX_CMD_SEC_SHIFT);
+ if (keyconf->keylen == WEP_KEY_LEN_128)
+ cmd->cmd.tx.sec_ctl |= TX_CMD_SEC_KEY128;
+
+ memcpy(&cmd->cmd.tx.key[3], keyconf->key, keyconf->keylen);
IWL_DEBUG_TX("Configuring packet for WEP encryption "
"with key %d\n", keyidx);
break;
default:
- printk(KERN_ERR "Unknown encode alg %d\n", keyinfo->alg);
+ printk(KERN_ERR "Unknown encode alg %d\n", keyconf->alg);
break;
}
}
@@ -5579,11 +5563,11 @@ static int iwl4965_mac_set_key(struct
ieee80211_hw *hw, enum set_key_cmd cmd,
if (cmd == SET_KEY)
is_default_wep_key = !priv->key_mapping_key;
else
- is_default_wep_key = priv->default_wep_key;
+ is_default_wep_key = key->hw_key_idx;
}
-
switch (cmd) {
case SET_KEY:
+ printk(KERN_ERR "Set key: static = %d, keyidx = %d sta = %d default
= %d\n", is_default_wep_key, key->keyidx, sta_id,
priv->key_mapping_key);
if (is_default_wep_key)
ret = iwl_set_default_wep_key(priv, key);
else
@@ -5592,6 +5576,7 @@ static int iwl4965_mac_set_key(struct
ieee80211_hw *hw, enum set_key_cmd cmd,
IWL_DEBUG_MAC80211("enable hwcrypto key\n");
break;
case DISABLE_KEY:
+ printk(KERN_ERR "Remove key: static = %d, keyidx = %d sta = %d
default = %d\n", is_default_wep_key, key->keyidx, sta_id,
priv->key_mapping_key);
if (is_default_wep_key)
ret = iwl_remove_default_wep_key(priv, key);
else
--
1.5.4.1
--
Emmanuel Grumbach
[email protected]
On Tue, May 6, 2008 at 3:10 PM, drago01 <[email protected]> wrote:
>
> On Tue, May 6, 2008 at 9:32 AM, Emmanuel Grumbach <[email protected]> wrote:
> >
> > On Tue, May 6, 2008 at 10:22 AM, drago01 <[email protected]> wrote:
> > > On Tue, May 6, 2008 at 8:46 AM, Emmanuel Grumbach <[email protected]> wrote:
> > > > > I just tried compat-wireless-2008-05-05, which does contain
> > > > > 03dcb07e74a62eec2badb9f6a091790c484f4a6c. No difference:
> > > > >
> > > >
> > > > Thanks for trying this.
> > > > Can you try to load the module with swcrypto=1 and try again ?
> > > > This disables the HW encryption acceleration. Trying this will allow
> > > > to make 100% sure that the bug is in iwlwifi. The bug is likely to be
> > > > there, but I think it is worth to make this 100% sure.
> > >
> > > Well it happens for me with iwl3945 which uses swcrypto by default see:
> > >
> > > http://marc.info/?l=linux-wireless&m=120699235803881&w=2
> > >
> >
> > Actually, I made quite a lot of changes in security in iwl4965 that
> > are not in iwl3945 so I think it is worth trying with iwl4965 in SW.
> > The security code is not the same between 3945 and 4965
>
> OK, are you planning to port this changes/fixes to 3945 ?
>
Well... Low priority...
In any case, if it didn't work with SW encryption, this would indicate
that the bug is not in iwlwifi
--
Emmanuel Grumbach
[email protected]
On Mon, May 12, 2008 at 2:47 PM, drago01 <[email protected]> wrote:
> On Tue, May 6, 2008 at 2:14 PM, Emmanuel Grumbach <[email protected]> wrote:
>>
>> On Tue, May 6, 2008 at 3:10 PM, drago01 <[email protected]> wrote:
>> >
>> > On Tue, May 6, 2008 at 9:32 AM, Emmanuel Grumbach
<[email protected]> wrote:
>> > >
>> > > On Tue, May 6, 2008 at 10:22 AM, drago01 <[email protected]> wrote:
>> > > > On Tue, May 6, 2008 at 8:46 AM, Emmanuel Grumbach
<[email protected]> wrote:
>> > > > > > I just tried compat-wireless-2008-05-05, which does contain
>> > > > > > 03dcb07e74a62eec2badb9f6a091790c484f4a6c. No difference:
>> > > > > >
>> > > > >
>> > > > > Thanks for trying this.
>> > > > > Can you try to load the module with swcrypto=1 and try again ?
>> > > > > This disables the HW encryption acceleration. Trying
this will allow
>> > > > > to make 100% sure that the bug is in iwlwifi. The bug
is likely to be
>> > > > > there, but I think it is worth to make this 100% sure.
>> > > >
>> > > > Well it happens for me with iwl3945 which uses swcrypto
by default see:
>> > > >
>> > > > http://marc.info/?l=linux-wireless&m=120699235803881&w=2
>> > > >
>> > >
>> > > Actually, I made quite a lot of changes in security in iwl4965 that
>> > > are not in iwl3945 so I think it is worth trying with iwl4965 in SW.
>> > > The security code is not the same between 3945 and 4965
>> >
>> > OK, are you planning to port this changes/fixes to 3945 ?
>> >
>>
>> Well... Low priority...
>
> This changes fix an important bug that otherwise make the driver
> useless in some configurations.
> So I think it should be backported to 3945 (even when development is
> focused on newer hardware)
But 3945 uses SW encryption this fix is for HW crypto
Thanks
Tomas
Hi,
can you please send your wpa_supplicant config file ?
Did you try with a newer driver ?
03dcb07e74a62eec2badb9f6a091790c484f4a6c may help, you can get it by
downloading the latest wireless-testing tree
thanks,
Emmanuel Grumbach
I could reproduce the bug here. The patch below should solve the
issue. In any case, this patch is not meant to be pushed, it's debug
only.
Final and clean patch will come soon.
On Mon, May 12, 2008 at 12:13 PM, Emmanuel Grumbach <[email protected]> wrote:
> here is the patch I promised last week, can you please try it ?
> You might have some trouble to apply since my code base slightly
> differs from yours.
>
> --------------------------------
>
> From 860fe4a63b1e9be8047f1b2f37c9072e92df5a5b Mon Sep 17 00:00:00 2001
>
> From: Emmanuel Grumbach <[email protected]>
> Date: Mon, 12 May 2008 10:21:01 +0300
> Subject: [PATCH] iwlwifi: code clean up in security
>
> This patch cleans up code in security. This clean up uses the
> new pointer to ieee80211_key_conf passed with the tx_control.
>
>
> Signed-off-by: Emmanuel Grumbach <[email protected]>
> ---
> drivers/net/wireless/iwlwifi/iwl-sta.c | 24 +++++++--------
> drivers/net/wireless/iwlwifi/iwl4965-base.c | 43 +++++++++------------------
> 2 files changed, 25 insertions(+), 42 deletions(-)
>
> diff --git a/drivers/net/wireless/iwlwifi/iwl-sta.c
> b/drivers/net/wireless/iwlwifi/iwl-sta.c
> index c8e468f..ab3e223 100644
> --- a/drivers/net/wireless/iwlwifi/iwl-sta.c
> +++ b/drivers/net/wireless/iwlwifi/iwl-sta.c
> @@ -324,7 +324,7 @@ int iwl_set_default_wep_key(struct iwl_priv *priv,
> unsigned long flags;
>
> keyconf->flags &= ~IEEE80211_KEY_FLAG_GENERATE_IV;
> - keyconf->hw_key_idx = keyconf->keyidx;
> + keyconf->hw_key_idx = 1;
> priv->stations[IWL_AP_ID].keyinfo.alg = ALG_WEP;
>
> spin_lock_irqsave(&priv->sta_lock, flags);
> @@ -354,7 +354,6 @@ static int iwl_set_wep_dynamic_key_info(struct
> iwl_priv *priv,
> int ret;
>
> keyconf->flags &= ~IEEE80211_KEY_FLAG_GENERATE_IV;
> - keyconf->hw_key_idx = keyconf->keyidx;
>
> key_flags |= (STA_KEY_FLG_WEP | STA_KEY_FLG_MAP_KEY_MSK);
> key_flags |= cpu_to_le16(keyconf->keyidx << STA_KEY_FLG_KEYID_POS);
> @@ -411,7 +410,6 @@ static int iwl_set_ccmp_dynamic_key_info(struct
> iwl_priv *priv,
> key_flags |= STA_KEY_MULTICAST_MSK;
>
> keyconf->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
> - keyconf->hw_key_idx = keyconf->keyidx;
>
> spin_lock_irqsave(&priv->sta_lock, flags);
> priv->stations[sta_id].keyinfo.alg = keyconf->alg;
> @@ -449,12 +447,10 @@ static int iwl_set_tkip_dynamic_key_info(struct
> iwl_priv *priv,
>
> keyconf->flags |= IEEE80211_KEY_FLAG_GENERATE_IV;
> keyconf->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIC;
> - keyconf->hw_key_idx = keyconf->keyidx;
>
> spin_lock_irqsave(&priv->sta_lock, flags);
>
> priv->stations[sta_id].keyinfo.alg = keyconf->alg;
> - priv->stations[sta_id].keyinfo.conf = keyconf;
> priv->stations[sta_id].keyinfo.keylen = 16;
>
> if ((priv->stations[sta_id].sta.key.key_flags & STA_KEY_FLG_ENCRYPT_MSK)
> @@ -483,7 +479,7 @@ int iwl_remove_dynamic_key(struct iwl_priv *priv,
> u16 key_flags;
> u8 keyidx;
>
> - priv->key_mapping_key = 0;
> + priv->key_mapping_key--;
>
> spin_lock_irqsave(&priv->sta_lock, flags);
> key_flags = le16_to_cpu(priv->stations[sta_id].sta.key.key_flags);
> @@ -521,24 +517,26 @@ int iwl_remove_dynamic_key(struct iwl_priv *priv,
> EXPORT_SYMBOL(iwl_remove_dynamic_key);
>
> int iwl_set_dynamic_key(struct iwl_priv *priv,
> - struct ieee80211_key_conf *key, u8 sta_id)
> + struct ieee80211_key_conf *keyconf, u8 sta_id)
> {
> int ret;
>
> - priv->key_mapping_key = 1;
> + priv->key_mapping_key++;
> + priv->stations[sta_id].keyinfo.conf = keyconf;
> + keyconf->hw_key_idx = 0;
>
> - switch (key->alg) {
> + switch (keyconf->alg) {
> case ALG_CCMP:
> - ret = iwl_set_ccmp_dynamic_key_info(priv, key, sta_id);
> + ret = iwl_set_ccmp_dynamic_key_info(priv, keyconf, sta_id);
> break;
> case ALG_TKIP:
> - ret = iwl_set_tkip_dynamic_key_info(priv, key, sta_id);
> + ret = iwl_set_tkip_dynamic_key_info(priv, keyconf, sta_id);
> break;
> case ALG_WEP:
> - ret = iwl_set_wep_dynamic_key_info(priv, key, sta_id);
> + ret = iwl_set_wep_dynamic_key_info(priv, keyconf, sta_id);
> break;
> default:
> - IWL_ERROR("Unknown alg: %s alg = %d\n", __func__, key->alg);
> + IWL_ERROR("Unknown alg: %s alg = %d\n", __func__, keyconf->alg);
> ret = -EINVAL;
>
> }
>
> diff --git a/drivers/net/wireless/iwlwifi/iwl4965-base.c
> b/drivers/net/wireless/iwlwifi/iwl4965-base.c
> index 481e943..492fc63 100644
>
> --- a/drivers/net/wireless/iwlwifi/iwl4965-base.c
> +++ b/drivers/net/wireless/iwlwifi/iwl4965-base.c
> @@ -1466,16 +1466,13 @@ static void
> iwl4965_build_tx_cmd_hwcrypto(struct iwl_priv *priv,
> struct sk_buff *skb_frag,
> int sta_id)
> {
> - struct iwl_hw_key *keyinfo = &priv->stations[sta_id].keyinfo;
> - struct iwl_wep_key *wepkey;
> int keyidx = 0;
> + struct ieee80211_key_conf *keyconf = ctl->hw_key;
>
> - BUG_ON(ctl->hw_key->hw_key_idx > 3);
> -
> - switch (keyinfo->alg) {
> + switch (keyconf->alg) {
> case ALG_CCMP:
> cmd->cmd.tx.sec_ctl = TX_CMD_SEC_CCM;
> - memcpy(cmd->cmd.tx.key, keyinfo->key, keyinfo->keylen);
> + memcpy(cmd->cmd.tx.key, keyconf->key, keyconf->keylen);
> if (ctl->flags & IEEE80211_TXCTL_AMPDU)
> cmd->cmd.tx.tx_flags |= TX_CMD_FLG_AGG_CCMP_MSK;
> IWL_DEBUG_TX("tx_cmd with aes hwcrypto\n");
> @@ -1483,39 +1480,26 @@ static void
> iwl4965_build_tx_cmd_hwcrypto(struct iwl_priv *priv,
>
> case ALG_TKIP:
> cmd->cmd.tx.sec_ctl = TX_CMD_SEC_TKIP;
> - ieee80211_get_tkip_key(keyinfo->conf, skb_frag,
> + ieee80211_get_tkip_key(keyconf, skb_frag,
> IEEE80211_TKIP_P2_KEY, cmd->cmd.tx.key);
> IWL_DEBUG_TX("tx_cmd with tkip hwcrypto\n");
> break;
>
> case ALG_WEP:
> - wepkey = &priv->wep_keys[ctl->hw_key->hw_key_idx];
> - cmd->cmd.tx.sec_ctl = 0;
> - if (priv->default_wep_key) {
> - /* the WEP key was sent as static */
> - keyidx = ctl->hw_key->hw_key_idx;
> - memcpy(&cmd->cmd.tx.key[3], wepkey->key,
> - wepkey->key_size);
> - if (wepkey->key_size == WEP_KEY_LEN_128)
> - cmd->cmd.tx.sec_ctl |= TX_CMD_SEC_KEY128;
> - } else {
> - /* the WEP key was sent as dynamic */
> - keyidx = keyinfo->keyidx;
> - memcpy(&cmd->cmd.tx.key[3], keyinfo->key,
> - keyinfo->keylen);
> - if (keyinfo->keylen == WEP_KEY_LEN_128)
> - cmd->cmd.tx.sec_ctl |= TX_CMD_SEC_KEY128;
> - }
> + cmd->cmd.tx.sec_ctl = (TX_CMD_SEC_WEP |
> + (keyconf->keyidx & TX_CMD_SEC_MSK) << TX_CMD_SEC_SHIFT);
>
> - cmd->cmd.tx.sec_ctl |= (TX_CMD_SEC_WEP |
> - (keyidx & TX_CMD_SEC_MSK) << TX_CMD_SEC_SHIFT);
> + if (keyconf->keylen == WEP_KEY_LEN_128)
> + cmd->cmd.tx.sec_ctl |= TX_CMD_SEC_KEY128;
> +
> + memcpy(&cmd->cmd.tx.key[3], keyconf->key, keyconf->keylen);
>
> IWL_DEBUG_TX("Configuring packet for WEP encryption "
> "with key %d\n", keyidx);
> break;
>
> default:
> - printk(KERN_ERR "Unknown encode alg %d\n", keyinfo->alg);
> + printk(KERN_ERR "Unknown encode alg %d\n", keyconf->alg);
> break;
> }
> }
> @@ -5579,11 +5563,11 @@ static int iwl4965_mac_set_key(struct
>
> ieee80211_hw *hw, enum set_key_cmd cmd,
> if (cmd == SET_KEY)
> is_default_wep_key = !priv->key_mapping_key;
> else
> - is_default_wep_key = priv->default_wep_key;
> + is_default_wep_key = key->hw_key_idx;
> }
> -
> switch (cmd) {
> case SET_KEY:
> + printk(KERN_ERR "Set key: static = %d, keyidx = %d sta = %d default
> = %d\n", is_default_wep_key, key->keyidx, sta_id,
> priv->key_mapping_key);
>
> if (is_default_wep_key)
> ret = iwl_set_default_wep_key(priv, key);
> else
> @@ -5592,6 +5576,7 @@ static int iwl4965_mac_set_key(struct
>
> ieee80211_hw *hw, enum set_key_cmd cmd,
>
> IWL_DEBUG_MAC80211("enable hwcrypto key\n");
> break;
> case DISABLE_KEY:
> + printk(KERN_ERR "Remove key: static = %d, keyidx = %d sta = %d
> default = %d\n", is_default_wep_key, key->keyidx, sta_id,
> priv->key_mapping_key);
>
> if (is_default_wep_key)
> ret = iwl_remove_default_wep_key(priv, key);
> else
> --
> 1.5.4.1
>
>
>
>
>
> --
> Emmanuel Grumbach
> [email protected]
>
--
Emmanuel Grumbach
[email protected]
On Mon, May 12, 2008 at 2:07 PM, Tomas Winkler <[email protected]> wrote:
>
> On Mon, May 12, 2008 at 2:47 PM, drago01 <[email protected]> wrote:
> > On Tue, May 6, 2008 at 2:14 PM, Emmanuel Grumbach <[email protected]> wrote:
> >>
> >> On Tue, May 6, 2008 at 3:10 PM, drago01 <[email protected]> wrote:
> >> >
> >> > On Tue, May 6, 2008 at 9:32 AM, Emmanuel Grumbach
> <[email protected]> wrote:
> >> > >
> >> > > On Tue, May 6, 2008 at 10:22 AM, drago01 <[email protected]> wrote:
> >> > > > On Tue, May 6, 2008 at 8:46 AM, Emmanuel Grumbach
> <[email protected]> wrote:
> >> > > > > > I just tried compat-wireless-2008-05-05, which does contain
> >> > > > > > 03dcb07e74a62eec2badb9f6a091790c484f4a6c. No difference:
> >> > > > > >
> >> > > > >
> >> > > > > Thanks for trying this.
> >> > > > > Can you try to load the module with swcrypto=1 and try again ?
> >> > > > > This disables the HW encryption acceleration. Trying
> this will allow
> >> > > > > to make 100% sure that the bug is in iwlwifi. The bug
> is likely to be
> >> > > > > there, but I think it is worth to make this 100% sure.
> >> > > >
> >> > > > Well it happens for me with iwl3945 which uses swcrypto
> by default see:
> >> > > >
> >> > > > http://marc.info/?l=linux-wireless&m=120699235803881&w=2
> >> > > >
> >> > >
> >> > > Actually, I made quite a lot of changes in security in iwl4965 that
> >> > > are not in iwl3945 so I think it is worth trying with iwl4965 in SW.
> >> > > The security code is not the same between 3945 and 4965
> >> >
> >> > OK, are you planning to port this changes/fixes to 3945 ?
> >> >
> >>
> >> Well... Low priority...
> >
> > This changes fix an important bug that otherwise make the driver
> > useless in some configurations.
> > So I think it should be backported to 3945 (even when development is
> > focused on newer hardware)
>
> But 3945 uses SW encryption this fix is for HW crypto.
I was talking about this:
"Actually, I made quite a lot of changes in security in iwl4965 that
are not in iwl3945 so I think it is worth trying with iwl4965 in SW.
The security code is not the same between 3945 and 4965"
which seemed to work for Volker using swcrypto
On Tue, May 13, 2008 at 11:24 AM, Johannes Berg
<[email protected]> wrote:
>
> > > SW crypto is handled by mac80211 so I ponder why it works above 4965
> > > and not over 3945 but it has nothing to do with this particular change
> >
> > OK, Johannes any idea why this happens?
>
> I don't even know what happens :)
he ok.
The problem is that when connecting to a dynamic wep network which
uses multiple keys iwl3945 fails to get a dhcp lease. (See
http://marc.info/?l=linux-wireless&m=120699235803881&w=2)
Volker had the same problem with iwl4965. But when turning off
hwcrypto and therefore use the mac80211 code it works for him.
iwl3945 does not use hwcrypto by default (and when I enable it it does
not work either) but fails. Both should be using the same code
(mac80211) but one driver works and the other doesn't which is odd.
Here is my wpa_supplicant.conf:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=2
ap_scan=1
network={
priority=1
ssid="airsas"
key_mgmt=IEEE8021X
eap=TTLS
phase2="auth=PAP"
identity="XXXXX"
password="XXXXX"
ca_cert="/etc/pki/tls/cert.pem"
}
Leaving out all global options (only the network={} block) produces the
same result (authenticates but no dhcp lease).
I just tried compat-wireless-2008-05-05, which does contain
03dcb07e74a62eec2badb9f6a091790c484f4a6c. No difference:
wpa_supplicant output:
[...]
EAPOL: Received EAPOL-Key frame
EAPOL: KEY_RX entering state KEY_RECEIVE
EAPOL: processKey
EAPOL: RX IEEE 802.1X ver=1 type=3 len=57 EAPOL-Key: type=1 key_length=13 key_index=0x1
EAPOL: Successfully fetched key (len=64)
EAPOL: EAPOL-Key key signature verified
EAPOL: Decrypted(RC4) key - hexdump(len=13): [REMOVED]
EAPOL: Setting dynamic WEP key: broadcast keyidx 1 len 13
wpa_driver_wext_set_key: alg=1 key_idx=1 set_tx=0 seq_len=0 key_len=13
RX EAPOL from 00:15:c6:5e:e5:70
RX EAPOL - hexdump(len=48): 01 03 00 2c 01 00 0d 00 00 48 1f 2b 36 3d 64 ed ce c4 13 56 c5 d9 74 22 67 3d 69 09 78 de 22 83 d6 b4 21 2a ab 31 32 d3 f1 a2 12 a5 66 6b a3 82
EAPOL: Received EAPOL-Key frame
EAPOL: KEY_RX entering state KEY_RECEIVE
EAPOL: processKey
EAPOL: RX IEEE 802.1X ver=1 type=3 len=44 EAPOL-Key: type=1 key_length=13 key_index=0x83
EAPOL: Successfully fetched key (len=64)
EAPOL: EAPOL-Key key signature verified
EAPOL: using part of EAP keying material data encryption key - hexdump(len=13): [REMOVED]
EAPOL: Setting dynamic WEP key: unicast keyidx 3 len 13
wpa_driver_wext_set_key: alg=1 key_idx=3 set_tx=128 seq_len=0 key_len=13
EAPOL: all required EAPOL-Key frames received
WPA: EAPOL processing complete
[...]
but dhclient still times out:
May 5 11:44:59 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 1
May 5 11:45:14 localhost kernel: iwl4965: I iwl4965_mac_tx enter
May 5 11:45:14 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
May 5 11:45:14 localhost kernel: iwl4965: I iwl4965_tx_skb station Id 0
May 5 11:45:14 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
May 5 11:45:14 localhost kernel: iwl4965: I iwl4965_mac_tx leave
May 5 11:45:14 localhost dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 19
May 5 11:45:14 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 1
May 5 11:45:26 localhost kernel: iwl4965: I iwl4965_mac_tx enter
May 5 11:45:26 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(49 bytes) at rate 0x0a
May 5 11:45:26 localhost kernel: iwl4965: I iwl4965_tx_skb station Id 31
May 5 11:45:26 localhost kernel: iwl4965: I iwl4965_mac_tx leave
May 5 11:45:26 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 0 Status SUCCESS (0x00000201) rate_n_flags 0x820a retries 0
May 5 11:45:33 localhost dhclient: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 10
May 5 11:45:33 localhost kernel: iwl4965: I iwl4965_mac_tx enter
May 5 11:45:33 localhost kernel: iwl4965: I iwl4965_mac_tx dev->xmit(362 bytes) at rate 0x21c
May 5 11:45:33 localhost kernel: iwl4965: I iwl4965_tx_skb station Id 0
May 5 11:45:33 localhost kernel: iwl4965: I iwl4965_build_tx_cmd_hwcrypto Configuring packet for WEP encryption with key 3
May 5 11:45:33 localhost kernel: iwl4965: I iwl4965_mac_tx leave
May 5 11:45:33 localhost kernel: iwl4965: I iwl4965_rx_reply_tx Tx queue 2 Status SUCCESS (0x00002201) rate_n_flags 0x4003 retries 0
May 5 11:45:43 localhost dhclient: No DHCPOFFERS received.
On Mon, 2008-05-05 at 17:35 +0300, Emmanuel Grumbach wrote:
> can you please send your wpa_supplicant config file ?
> Did you try with a newer driver ?
> 03dcb07e74a62eec2badb9f6a091790c484f4a6c may help, you can get it by
> downloading the latest wireless-testing tree
> > I haven't got a clue. Are those identical networks?
>
> Judging from the settings yes. The only difference is that he is using
> PAP and I use MSCHAPv2 for phase 2. But this shouldn't make any
> difference.
> I don't know which kind of information I should provide to diagnose
> this ... wpa_supplicant output?
network capture, wpa_suppplicant output with lots of debugging and
kernel logs, but those might not be verbose enough, some printks in
wext.c's encryption handlers would be good too.
johannes
The official patch will be sent by Yi Zhu in the next bunch of
patches, please look for iwlwifi: clean up and bug fix in security
thanks for reporting and help with debug
On Tue, May 13, 2008 at 4:53 PM, Volker Braun <[email protected]> wrote:
> I tried the patch and now my wireless works perfectly. Thank you! Let me
> know when your "official" patch is ready then I'll test it as well.
>
> Volker
>
>
>
>
> On Mon, 2008-05-12 at 12:13 +0300, Emmanuel Grumbach wrote:
> > here is the patch I promised last week, can you please try it ?
>
>
>
--
Emmanuel Grumbach
[email protected]
> > SW crypto is handled by mac80211 so I ponder why it works above 4965
> > and not over 3945 but it has nothing to do with this particular change
>
> OK, Johannes any idea why this happens?
I don't even know what happens :)
johannes
On Tue, May 6, 2008 at 9:32 AM, Emmanuel Grumbach <[email protected]> wrote:
>
> On Tue, May 6, 2008 at 10:22 AM, drago01 <[email protected]> wrote:
> > On Tue, May 6, 2008 at 8:46 AM, Emmanuel Grumbach <[email protected]> wrote:
> > > > I just tried compat-wireless-2008-05-05, which does contain
> > > > 03dcb07e74a62eec2badb9f6a091790c484f4a6c. No difference:
> > > >
> > >
> > > Thanks for trying this.
> > > Can you try to load the module with swcrypto=1 and try again ?
> > > This disables the HW encryption acceleration. Trying this will allow
> > > to make 100% sure that the bug is in iwlwifi. The bug is likely to be
> > > there, but I think it is worth to make this 100% sure.
> >
> > Well it happens for me with iwl3945 which uses swcrypto by default see:
> >
> > http://marc.info/?l=linux-wireless&m=120699235803881&w=2
> >
>
> Actually, I made quite a lot of changes in security in iwl4965 that
> are not in iwl3945 so I think it is worth trying with iwl4965 in SW.
> The security code is not the same between 3945 and 4965
OK, are you planning to port this changes/fixes to 3945 ?
> The problem is that when connecting to a dynamic wep network which
> uses multiple keys iwl3945 fails to get a dhcp lease. (See
> http://marc.info/?l=linux-wireless&m=120699235803881&w=2)
> Volker had the same problem with iwl4965. But when turning off
> hwcrypto and therefore use the mac80211 code it works for him.
> iwl3945 does not use hwcrypto by default (and when I enable it it does
> not work either) but fails. Both should be using the same code
> (mac80211) but one driver works and the other doesn't which is odd.
I haven't got a clue. Are those identical networks?
johannes
Here is more data on my problem with dynamic wep.
compat-wireless-2008-05-07 + iwl4965 + swcrypto=1: Associates and
obtains dhcp lease, works fine.
So it really is about the HW accelleration. I tried your patch (without
swcrypto=1). First, output of wpa_supplicant:
EAPOL: Received EAPOL-Key frame
EAPOL: KEY_RX entering state KEY_RECEIVE
EAPOL: processKey
EAPOL: RX IEEE 802.1X ver=1 type=3 len=57 EAPOL-Key: type=1 key_length=13 key_index=0x1
EAPOL: Successfully fetched key (len=64)
EAPOL: EAPOL-Key key signature verified
EAPOL: Decrypted(RC4) key - hexdump(len=13): [REMOVED]
EAPOL: Setting dynamic WEP key: broadcast keyidx 1 len 13
wpa_driver_wext_set_key: alg=1 key_idx=1 set_tx=0 seq_len=0 key_len=13
RX EAPOL from 00:13:c4:8a:be:30
RX EAPOL - hexdump(len=48): 01 03 00 2c 01 00 0d 00 00 48 23 40 de a7 a8 0e 57 ec cc b4 2e c4 58 30 18 51 11 55 a0 9d 5f 83 77 f4 ef ca 46 09 02 4b d4 1a 01 84 47 03 41 80
EAPOL: Received EAPOL-Key frame
EAPOL: KEY_RX entering state KEY_RECEIVE
EAPOL: processKey
EAPOL: RX IEEE 802.1X ver=1 type=3 len=44 EAPOL-Key: type=1 key_length=13 key_index=0x83
EAPOL: Successfully fetched key (len=64)
EAPOL: EAPOL-Key key signature verified
EAPOL: using part of EAP keying material data encryption key - hexdump(len=13): [REMOVED]
EAPOL: Setting dynamic WEP key: unicast keyidx 3 len 13
wpa_driver_wext_set_key: alg=1 key_idx=3 set_tx=128 seq_len=0 key_len=13
EAPOL: all required EAPOL-Key frames received
WPA: EAPOL processing complete
Cancelling scan request
Cancelling authentication timeout
State: ASSOCIATED -> COMPLETED
CTRL-EVENT-CONNECTED - Connection to 00:13:c4:8a:be:30 completed (auth) [id=0 id_str=]
Your patch yields:
May 8 14:03:54 localhost kernel: iwl4965: enable hwcrypto key sta=31 alg=0,keyid=1 static_key=1
May 8 14:03:54 localhost kernel: iwl4965: enable hwcrypto key sta=0 alg=0,keyid=3 static_key=0
Should static_key not be the other way round (key_idx 3 is unicast)? In
any case, after a while the broadcast key gets updated: wpa_supplicant
says
EAPOL: Received EAPOL-Key frame
EAPOL: KEY_RX entering state KEY_RECEIVE
EAPOL: processKey
EAPOL: RX IEEE 802.1X ver=1 type=3 len=57 EAPOL-Key: type=1 key_length=13 key_index=0x2
EAPOL: Successfully fetched key (len=64)
EAPOL: EAPOL-Key key signature verified
EAPOL: Decrypted(RC4) key - hexdump(len=13): [REMOVED]
EAPOL: Setting dynamic WEP key: broadcast keyidx 2 len 13
wpa_driver_wext_set_key: alg=1 key_idx=2 set_tx=0 seq_len=0 key_len=13
EAPOL: all required EAPOL-Key frames received
WPA: EAPOL processing complete
and the syslog contains
May 8 14:05:10 localhost kernel: iwl4965: enable hwcrypto key sta=31 alg=0,keyid=2 static_key=0
5 minutes later the next cycle:
EAPOL: Received EAPOL-Key frame
EAPOL: KEY_RX entering state KEY_RECEIVE
EAPOL: processKey
EAPOL: RX IEEE 802.1X ver=1 type=3 len=57 EAPOL-Key: type=1 key_length=13 key_index=0x1
EAPOL: Successfully fetched key (len=64)
EAPOL: EAPOL-Key key signature verified
EAPOL: Decrypted(RC4) key - hexdump(len=13): [REMOVED]
EAPOL: Setting dynamic WEP key: broadcast keyidx 1 len 13
wpa_driver_wext_set_key: alg=1 key_idx=1 set_tx=0 seq_len=0 key_len=13
EAPOL: all required EAPOL-Key frames received
WPA: EAPOL processing complete
Cancelling scan request
May 8 14:10:30 localhost kernel: iwl4965: disable hwcrypto key sta=31 alg=0,keyid=1 static_key=1
May 8 14:10:30 localhost kernel: iwl4965: enable hwcrypto key sta=31 alg=0,keyid=1 static_key=0
and so on... I never acquire a dhcp lease, dhclient always times out.
As an aside, I just got an atheros-based pcmcia card for testing
purposes and maybe sniff if necessary (though haven't done that yet).
Result so far:
1) compat-wireless-2008-05-07 + ath5k: Fails to associate with AP.
2) madwifi: associates and obtains dhcp lease, works perfectly.
Volker
On Tue, May 6, 2008 at 2:14 PM, Emmanuel Grumbach <[email protected]> wrote:
>
> On Tue, May 6, 2008 at 3:10 PM, drago01 <[email protected]> wrote:
> >
> > On Tue, May 6, 2008 at 9:32 AM, Emmanuel Grumbach <[email protected]> wrote:
> > >
> > > On Tue, May 6, 2008 at 10:22 AM, drago01 <[email protected]> wrote:
> > > > On Tue, May 6, 2008 at 8:46 AM, Emmanuel Grumbach <[email protected]> wrote:
> > > > > > I just tried compat-wireless-2008-05-05, which does contain
> > > > > > 03dcb07e74a62eec2badb9f6a091790c484f4a6c. No difference:
> > > > > >
> > > > >
> > > > > Thanks for trying this.
> > > > > Can you try to load the module with swcrypto=1 and try again ?
> > > > > This disables the HW encryption acceleration. Trying this will allow
> > > > > to make 100% sure that the bug is in iwlwifi. The bug is likely to be
> > > > > there, but I think it is worth to make this 100% sure.
> > > >
> > > > Well it happens for me with iwl3945 which uses swcrypto by default see:
> > > >
> > > > http://marc.info/?l=linux-wireless&m=120699235803881&w=2
> > > >
> > >
> > > Actually, I made quite a lot of changes in security in iwl4965 that
> > > are not in iwl3945 so I think it is worth trying with iwl4965 in SW.
> > > The security code is not the same between 3945 and 4965
> >
> > OK, are you planning to port this changes/fixes to 3945 ?
> >
>
> Well... Low priority...
This changes fix an important bug that otherwise make the driver
useless in some configurations.
So I think it should be backported to 3945 (even when development is
focused on newer hardware)
On Tue, May 13, 2008 at 12:07 PM, Johannes Berg
<[email protected]> wrote:
>
> > The problem is that when connecting to a dynamic wep network which
> > uses multiple keys iwl3945 fails to get a dhcp lease. (See
> > http://marc.info/?l=linux-wireless&m=120699235803881&w=2)
> > Volker had the same problem with iwl4965. But when turning off
> > hwcrypto and therefore use the mac80211 code it works for him.
> > iwl3945 does not use hwcrypto by default (and when I enable it it does
> > not work either) but fails. Both should be using the same code
> > (mac80211) but one driver works and the other doesn't which is odd.
>
> I haven't got a clue. Are those identical networks?
Judging from the settings yes. The only difference is that he is using
PAP and I use MSCHAPv2 for phase 2. But this shouldn't make any
difference.
I don't know which kind of information I should provide to diagnose
this ... wpa_supplicant output?