Dear all,
I need to set a secured Adhoc network using WPA or WPA2 on my embedded
device (linux 3.10, mwifiex backported 4.1.1, wpa_supplicant 2.5 (with
CONFIG_IBSS_RSN=y), hostap 2.5). I tried the following configs:
WPA-NONE:
I start a WPA-NONE Adhoc with wpa_supplicant on the embedded device
(see wpa_supplicant-wpa-none.conf + wpa_supplicant-wpa-none.log). Then
from my computer (Ubuntu 14.04), I managed to join the network and ping
the device without setting any password! The connection is not secured.
WPA-PSK:
I also tried WPA-RSN (see wpa_supplicant-rsn.conf +
wpa_supplicant-rsn.log). As you can see in log file, the 4Way-Handshake
is completed. But after some seconds, the log shows a timeout and an
authentication failure. The device and my computer are connected to the
same network and they share the same BSS, but ping always fails. Note
that if I set a bad password on computer side, the handshake never
completes.
dmesg does not show any error.
WEP works fine.
Any idea of what could be wrong?
Thank you,
Vincent
Hi Raymond,
Who is trying to mark the peer authorized? Should I look into mwifiex
driver? cfg80211.ko? libnl? wpa_supplicant? I am a bit lost among all
these elements.
Vincent
Le 2016-06-14 02:30, Raymond Hayes a écrit :
> From the RSN log, the dual 4-way handshakes succeeded, but the GTK was
> not installed:
>
> nl80211: set_key failed; err=-22 Invalid argument)
>
> and it looks like there was a problem marking the peer authorized:
>
> AUTH: 48:45:20:3b:31:75 authorizing port
> Could not set station 48:45:20:3b:31:75 flags for kernel driver
> (errno=11)
>
> Ray
>
> On Mon, Jun 13, 2016 at 7:42 AM, Vincent CESSON
> <[email protected]> wrote:
>> Hi Amitkumar,
>>
>> Here are the wpa_supplicant logs (with CONFIG_IBSS_RSN=y enabled)
>> from the
>> two devices. Beside wpa_supplicant, I manually set IPs 192.168.1.xy
>> with
>> command "ifconfig mlan0 192.168.1.xy" and then I try to ping each
>> other,
>> without success.
>>
>> Vincent
>>
>>
>>
>> Le 2016-06-13 15:40, Amitkumar Karwar a écrit :
>>>
>>> Hi Vincent,
>>>
>>>> From: Vincent CESSON [mailto:[email protected]]
>>>> Sent: Monday, June 13, 2016 7:09 PM
>>>> To: Amitkumar Karwar
>>>> Cc: Raymond Hayes; [email protected]
>>>> Subject: RE: mwifiex+wpa_supplicant cannot set up WPA/WPA2 ADHOC
>>>>
>>>> About the strange behaviour with the two devices connecting despite
>>>> the
>>>> bad passwords, I made a little mistake: on the device 2,
>>>> wpa_supplicant
>>>> was not built with option CONFIG_IBSS_RSN=y. But still, device 1
>>>> should
>>>> not accept device 2...
>>>>
>>>> Note that with option CONFIG_IBSS_RSN=y enabled on both devices,
>>>> WPA-PSK
>>>> connection does not work, even with the right password...
>>>>
>>>
>>> I see. Please share the wpa_supplicant logs with CONFIG_IBSS_RSN=y
>>> enabled for analysis.
>>>
>>> Regards,
>>> Amitkumar
Luana,
as confirmed by Marvell this is a firmware issue and the firmware is
not free/open so only Marvell is able to fix it.
At the moment the latest firmware available is still the 15.68.7.p5, aka p5.
http://git.marvell.com/?p=mwifiex-firmware.git;a=tree;f=mrvl;hb=HEAD
Unfortunately in this case the community can't give you support..
Regards
Nestor
2016-07-20 15:23 GMT+02:00 Luana Borgia <[email protected]>:
> Hi Amitkumar,
> any news about this issue? I've the same problem also..
>
> Security a part, we can't leave the WIFI open or just with WEP because
> we get too many not trusted connection that consume a lot of our
> bandwidth
>
> Thanks, regards
> Luana
>
> 2016-07-08 11:15 GMT+02:00 Amitkumar Karwar <[email protected]>:
>> Yes. This is a bug in our firmware. ADHOC in WPA/WPA2 security is broken. We have asked firmware experts to look into this. As we have a mid-year shutdown this week, they will be able to check the problem next week only. However ADHOC in open mode should work as expected
>>
>>
>> Regards,
>> Amitkumar
Hi Amitkumar,
any news about this issue? I've the same problem also..
Security a part, we can't leave the WIFI open or just with WEP because
we get too many not trusted connection that consume a lot of our
bandwidth
Thanks, regards
Luana
2016-07-08 11:15 GMT+02:00 Amitkumar Karwar <[email protected]>:
>> From: [email protected] [mailto:linux-wireless-
>> [email protected]] On Behalf Of Nestor Machno
>> Sent: Thursday, July 07, 2016 6:07 AM
>> To: [email protected]
>> Subject: Fwd: mwifiex+wpa_supplicant cannot set up WPA/WPA2 ADHOC
>>
>> Hi All,
>> Amitkumar, can you confirm if this this is a bug or today is fixed?
>
> Yes. This is a bug in our firmware. ADHOC in WPA/WPA2 security is broken. We have asked firmware experts to look into this. As we have a mid-year shutdown this week, they will be able to check the problem next week only. However ADHOC in open mode should work as expected
>
>>
>> Vincent, I had also faced similar issue on Surface Pro 2 with backports
>> from 4.1... So here few question:
>>
>> * I saw in 1st post that you where working to make work the
>> wpa_supplicant with mixed configuration for adhoc (wpa-none + wpa-ibss),
>> but also in recent post that you focus mostly on debugging wpa-ibss. I
>> suggest to focus your test on one wpa mode and I think wpa-none better
>> because it's easier..
>> * Why you are not testing the latest backport from upstream kernel? as
>> you can know Marvell is focus most to fix open issue on current stable
>> release, I saw from commit that recently they fix something about WPA on
>> mixflex, see
>> https://backports.wiki.kernel.org/index.php/Documentation/compat-
>> drivers/hacking
>> * Would be good information to know if you tested also on backport 3.x,
>> did you? I know mwifiex's WPA stack changed a lot from 3.x kernel.
>> * To support you more, could you enable debug info and provide full log
>> of your setup? .config? patch? anything else?
>> * Can you share us your hacked backport?
>> * Lat question Vincent, are you working for AIRBUS, ACTIA or THALES ?
>> :)
>>
>> Best Regards
>> Nestor
>>
>> On Mon, Jun 13, 2016 at 7:42 AM, Vincent CESSON
>> <[email protected]> wrote:
>> > Hi Amitkumar,
>> >
>> > Here are the wpa_supplicant logs (with CONFIG_IBSS_RSN=y enabled) from
>> > the two devices. Beside wpa_supplicant, I manually set IPs
>> > 192.168.1.xy with command "ifconfig mlan0 192.168.1.xy" and then I try
>> > to ping each other, without success.
>> >
>
> Regards,
> Amitkumar
Hi Amitkumar,
if I understood correctly you are working to solve the issue related
to ibss-rsn (wpa2 in adhoc), I'm I right?
What about the alternative WPA mechanism with wpa-none instead? Fix it
shouldn't be simpler than RSN?
Thanks for update and
best regards.
Luana
2016-07-21 11:05 GMT+02:00 Amitkumar Karwar <[email protected]>:
> Hi Luana,
>
>> From: Luana Borgia [mailto:[email protected]]
>> Sent: Wednesday, July 20, 2016 6:53 PM
>> To: Amitkumar Karwar
>> Cc: Nestor Machno; [email protected]
>> Subject: Re: mwifiex+wpa_supplicant cannot set up WPA/WPA2 ADHOC
>>
>> Hi Amitkumar,
>> any news about this issue? I've the same problem also..
>>
>> Security a part, we can't leave the WIFI open or just with WEP because
>> we get too many not trusted connection that consume a lot of our
>> bandwidth
>>
>
> We are still working on this. With some driver changes, we are able to RSN IE in transmitted frames, but 4 way handshake doesn't occur.
>
> Regards,
> Amitkumar
PiBGcm9tOiBMdWFuYSBCb3JnaWEgW21haWx0bzpsdWFuYWJvcmdpYTE5NjlAZ21haWwuY29tXQ0K
PiBTZW50OiBUaHVyc2RheSwgSnVseSAyMSwgMjAxNiA2OjA1IFBNDQo+IFRvOiBBbWl0a3VtYXIg
S2Fyd2FyDQo+IENjOiBOZXN0b3IgTWFjaG5vOyBsaW51eC13aXJlbGVzc0B2Z2VyLmtlcm5lbC5v
cmcNCj4gU3ViamVjdDogUmU6IG13aWZpZXgrd3BhX3N1cHBsaWNhbnQgY2Fubm90IHNldCB1cCBX
UEEvV1BBMiBBREhPQw0KPiANCj4gSGkgQW1pdGt1bWFyLA0KPiBpZiBJIHVuZGVyc3Rvb2QgY29y
cmVjdGx5IHlvdSBhcmUgd29ya2luZyB0byBzb2x2ZSB0aGUgaXNzdWUgcmVsYXRlZCB0bw0KPiBp
YnNzLXJzbiAod3BhMiBpbiBhZGhvYyksIEknbSBJIHJpZ2h0Pw0KPiBXaGF0IGFib3V0IHRoZSBh
bHRlcm5hdGl2ZSBXUEEgbWVjaGFuaXNtIHdpdGggd3BhLW5vbmUgaW5zdGVhZD8gRml4IGl0DQo+
IHNob3VsZG4ndCBiZSBzaW1wbGVyIHRoYW4gUlNOPw0KDQpNYWtlcyBzZW5zZS4gSXQgd291bGQg
YmUgdXNlZnVsIHRvIGhhdmUgc3VjY2Vzc2Z1bCBjYXNlIGxvZyBmb3IgY29tcGFyaXNvbiBhbmQg
ZnVydGhlciBkZWJ1Z2dpbmcuDQpJcyBpdCBwb3NzaWJsZSBmb3IgeW91IChvciBzb21lb25lIGVs
c2UpIGNhcHR1cmUgdGhlIHdwYV9zdXBwbGljYW50J3Mgc3VjY2Vzc2Z1bCBjYXNlIGxvZ3MgdXNp
bmcgb3RoZXIgdmVuZG9yJ3MgY2hpcHNldD8NCldlIHRyaWVkIHdpdGggSW50ZWwgZGV2aWNlcy4g
SXQgd29ya2VkIHVzaW5nIEdVSSBvbiB3aW5kb3dzIG1hY2hpbmUsIGJ1dCBkaWRuJ3Qgd29yayB1
c2luZyB3cGFfc3VwcGxpY2FudC4NCg0KUmVnYXJkcywNCkFtaXRrdW1hcg0K
SGkgTHVhbmEsDQoNCj4gRnJvbTogTHVhbmEgQm9yZ2lhIFttYWlsdG86bHVhbmFib3JnaWExOTY5
QGdtYWlsLmNvbV0NCj4gU2VudDogV2VkbmVzZGF5LCBKdWx5IDIwLCAyMDE2IDY6NTMgUE0NCj4g
VG86IEFtaXRrdW1hciBLYXJ3YXINCj4gQ2M6IE5lc3RvciBNYWNobm87IGxpbnV4LXdpcmVsZXNz
QHZnZXIua2VybmVsLm9yZw0KPiBTdWJqZWN0OiBSZTogbXdpZmlleCt3cGFfc3VwcGxpY2FudCBj
YW5ub3Qgc2V0IHVwIFdQQS9XUEEyIEFESE9DDQo+IA0KPiBIaSBBbWl0a3VtYXIsDQo+IGFueSBu
ZXdzIGFib3V0IHRoaXMgaXNzdWU/IEkndmUgdGhlIHNhbWUgcHJvYmxlbSBhbHNvLi4NCj4gDQo+
IFNlY3VyaXR5IGEgcGFydCwgd2UgY2FuJ3QgbGVhdmUgdGhlIFdJRkkgb3BlbiBvciBqdXN0IHdp
dGggV0VQIGJlY2F1c2UNCj4gd2UgZ2V0IHRvbyBtYW55IG5vdCB0cnVzdGVkIGNvbm5lY3Rpb24g
dGhhdCBjb25zdW1lIGEgbG90IG9mIG91cg0KPiBiYW5kd2lkdGgNCj4gDQoNCldlIGFyZSBzdGls
bCB3b3JraW5nIG9uIHRoaXMuIFdpdGggc29tZSBkcml2ZXIgY2hhbmdlcywgd2UgYXJlIGFibGUg
dG8gUlNOIElFIGluIHRyYW5zbWl0dGVkIGZyYW1lcywgYnV0IDQgd2F5IGhhbmRzaGFrZSBkb2Vz
bid0IG9jY3VyLg0KDQpSZWdhcmRzLA0KQW1pdGt1bWFyDQo=