Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FS#3901 - WPA encryption broken since commit "mac80211: remove patches stripping down crypto support" #8932

Closed
openwrt-bot opened this issue Jun 24, 2021 · 4 comments
Closed

FS#3901 - WPA encryption broken since commit "mac80211: remove patches stripping down crypto support" #8932

openwrt-bot opened this issue Jun 24, 2021 · 4 comments
Labels
flyspray

Comments

@openwrt-bot
Copy link

argonym:

(This could be a duplicate of [[https://bugs.openwrt.org/index.php?do=details&task_id=3898|FS#3898]]. Created a new report as hostapd log messages differ.)

Model TP-LINK TD-W8970
Architecture MIPS 34Kc Lantiq XWAY VRX268
Wireless hardware AR9381 / ath9k
Firmware Version OpenWrt SNAPSHOT r17032+11-b4ea780da1 [based on master@e6b3e77e] / LuCI Master git-21.163.60157-1bcb125
Kernel Version 5.4.124

hostapd log messages:

root@LEDE:~# logread | grep hostapd
Thu Jun 24 13:37:53 2021 daemon.notice hostapd: Configuration file: /var/run/hostapd-phy0.conf (phy wlan0) --> new PHY
Thu Jun 24 13:37:53 2021 daemon.notice hostapd: wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
Thu Jun 24 13:37:55 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Thu Jun 24 13:37:55 2021 daemon.err hostapd: Interface initialization failed
Thu Jun 24 13:37:55 2021 daemon.notice hostapd: wlan0: interface state COUNTRY_UPDATE->DISABLED
Thu Jun 24 13:37:55 2021 daemon.notice hostapd: wlan0: AP-DISABLED
Thu Jun 24 13:37:55 2021 daemon.err hostapd: wlan0: Unable to setup interface.
Thu Jun 24 13:37:55 2021 daemon.notice hostapd: nl80211: deinit ifname=wlan0 disabled_11b_rates=0
Thu Jun 24 13:37:55 2021 daemon.notice hostapd: wlan0: CTRL-EVENT-TERMINATING
Thu Jun 24 13:37:55 2021 daemon.err hostapd: hostapd_free_hapd_data: Interface wlan0 wasn't started

wpad-basic, wpad-basic-wolfssl and wpad-mesh-wolfssl (wolfssl with and without /dev/crypto support) with any WPA version are affected. (I did not try wpad-*-openssl.)

Reverting [[https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=53b6783907f3bd6f0f88f9d6feed20b21e2cd181|53b6783]] fixes the issue.

My pretty standard AP-mode /etc/config/wireless:

config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11g'
option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'HT20'
option log_level '1'
option cell_density '1'
option distance '15'
option channel '13'
option country 'DE'

config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option network 'lan'
option ssid '...'
option encryption 'sae-mixed'
option key '...'
option ieee80211w '1'

/var/run/hostapd-phy0.conf:

driver=nl80211
logger_syslog=127
logger_syslog_level=1
logger_stdout=127
logger_stdout_level=1
country_code=DE
ieee80211d=1
hw_mode=g
supported_rates=60 90 120 180 240 360 480 540
basic_rates=60 120 240
beacon_int=100
dtim_period=2
channel=13
chanlist=13

ieee80211n=1
ht_coex=0
ht_capab=[LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]

radio_config_id=614cf6f66f4a51eefaf4bd5d4b33983c
interface=wlan0
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
skip_inactivity_poll=0
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
sae_require_mfp=1
wpa_passphrase=...
wpa_psk_file=/var/run/hostapd-wlan0.psk
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=...
bridge=br-lan
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256 SAE
okc=1
ieee80211w=1
group_mgmt_cipher=AES-128-CMAC
dynamic_vlan=0
vlan_naming=1
vlan_no_bridge=1
vlan_file=/var/run/hostapd-wlan0.vlan
config_id=959613158ed8967fd9f81b6a58d43b5f
bssid=...

Diffconfig and dmesg attached.
@openwrt-bot
Copy link
Author

nbd:

Does the issue also happen if you remove the DEU driver?

@openwrt-bot
Copy link
Author

argonym:

Good catch. If I deselect kmod-ltq-deu-vr9, the issue is gone.

The driver is also [[https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=e85180d90ed01ef4fb89675702622a9cabf3b092|not compatible with kernel 5.10]]. Same cause? Maybe it should simply be removed (for now).

@openwrt-bot
Copy link
Author

kestrel1974:

(copy of the comment in the commit to disable ltq-deu) I had a look at the driver in trunk and could reproduce the issue by using mac80211_hwsim on fritzbox 7490 even without a physical wifi. While removing the driver or commenting out AES makes this issue go away, the drivers AES methods (aes_set_key) are not even called when the error occurs. They are called, when the error does not occur, e.g. I added printk and dumpstack() to the methods in ifxmips_aes.c and in some cases the error went away and the virtual wlan0 and wlan1 initialized just fine. There is a 'netifd: radio0 (2354): Command failed: Invalid argument' error from netifd in the log (logread not dmesg), so to me it seems the actual error is caused before even calling the ltq-deu drivers set_key method:

Fri Jul 2 19:51:13 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Fri Jul 2 19:51:13 2021 daemon.err hostapd: Interface initialization failed
Fri Jul 2 19:51:13 2021 daemon.notice hostapd: wlan0: interface state UNINITIALIZED->DISABLED
Fri Jul 2 19:51:13 2021 daemon.notice hostapd: wlan0: AP-DISABLED
Fri Jul 2 19:51:13 2021 daemon.err hostapd: wlan0: Unable to setup interface.
Fri Jul 2 19:51:13 2021 daemon.notice hostapd: nl80211: deinit ifname=wlan0 disabled_11b_rates=0
Fri Jul 2 19:51:13 2021 kern.info kernel: [ 87.629502] device wlan0 left promiscuous mode
Fri Jul 2 19:51:13 2021 kern.info kernel: [ 87.632878] br-lan: port 6(wlan0) entered disabled state
Fri Jul 2 19:51:13 2021 daemon.notice hostapd: wlan0: CTRL-EVENT-TERMINATING
Fri Jul 2 19:51:13 2021 daemon.err hostapd: hostapd_free_hapd_data: Interface wlan0 wasn't started
Fri Jul 2 19:51:13 2021 daemon.notice netifd: radio0 (2354): Command failed: Invalid argument
Fri Jul 2 19:51:13 2021 daemon.err hostapd: Interface initialization failed
Fri Jul 2 19:51:13 2021 daemon.notice netifd: radio0 (2354): Device setup failed: HOSTAPD_START_FAILED

Unfortunately I have no clue, which command and which argument failed.
The behaviour on real hardware might be different, since as mentioned sometimes I could bring up wlan0 and wlan1 just by adding printk to the aes_set_key method and there were cases, when commenting out the printk and rebuilding the initramfs image did not make the error appear again. For the log to capture I have to delete the ltq-deu directory in the build_dir in order to make the error appear again. I wonder if its a timing issue in the startup scripts or who knows.

@openwrt-bot
Copy link
Author

kestrel1974:

The new driver seems to work, I screwed it up by copying an newer version of the driver over with an older timestamp and it was not build, due to the timestamp. I was confused by @Notupus reports that the new driver does not work.

Sorry for the confusion.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
flyspray
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@openwrt-bot