[FS#3901] WPA encryption broken since commit "mac80211: remove patches stripping down crypto support" (Attachment added)

OpenWrt Bugs openwrt-bugs at lists.openwrt.org
Thu Jun 24 06:27:59 PDT 2021 

THIS IS AN AUTOMATED MESSAGE, DO NOT REPLY.

A new Flyspray task has been opened.  Details are below. 

User who did this - argonym (argonym) 

Attached to Project - OpenWrt/LEDE Project
Summary - WPA encryption broken since commit "mac80211: remove patches stripping down crypto support"
Task Type - Bug Report
Category - Kernel
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - High
Priority - Very Low
Reported Version - Trunk
Due in Version - Undecided
Due Date - Undecided
Details - (This could be a duplicate of [[https://bugs.openwrt.org/index.php?do=details&task_id=3898|FS#3898]]. Created a new report as hostapd log messages differ.)

Model	TP-LINK TD-W8970
Architecture	MIPS 34Kc Lantiq XWAY VRX268
Wireless hardware	AR9381 / ath9k
Firmware Version	OpenWrt SNAPSHOT r17032+11-b4ea780da1 [based on master at e6b3e77e] / LuCI Master git-21.163.60157-1bcb125
Kernel Version	5.4.124

hostapd log messages:

root at LEDE:~# logread | grep hostapd
Thu Jun 24 13:37:53 2021 daemon.notice hostapd: Configuration file: /var/run/hostapd-phy0.conf (phy wlan0) --> new PHY
Thu Jun 24 13:37:53 2021 daemon.notice hostapd: wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
Thu Jun 24 13:37:55 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Thu Jun 24 13:37:55 2021 daemon.err hostapd: Interface initialization failed
Thu Jun 24 13:37:55 2021 daemon.notice hostapd: wlan0: interface state COUNTRY_UPDATE->DISABLED
Thu Jun 24 13:37:55 2021 daemon.notice hostapd: wlan0: AP-DISABLED
Thu Jun 24 13:37:55 2021 daemon.err hostapd: wlan0: Unable to setup interface.
Thu Jun 24 13:37:55 2021 daemon.notice hostapd: nl80211: deinit ifname=wlan0 disabled_11b_rates=0
Thu Jun 24 13:37:55 2021 daemon.notice hostapd: wlan0: CTRL-EVENT-TERMINATING
Thu Jun 24 13:37:55 2021 daemon.err hostapd: hostapd_free_hapd_data: Interface wlan0 wasn't started


wpad-basic, wpad-basic-wolfssl and wpad-mesh-wolfssl (wolfssl with and without /dev/crypto support) with any WPA version are affected. (I did not try wpad-*-openssl.)

**Reverting [[https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=53b6783907f3bd6f0f88f9d6feed20b21e2cd181|53b6783]] fixes the issue.**

My pretty standard AP-mode /etc/config/wireless:

config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11g'
	option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
	option htmode 'HT20'
	option log_level '1'
	option cell_density '1'
	option distance '15'
	option channel '13'
	option country 'DE'

config wifi-iface 'wifinet0'
	option device 'radio0'
	option mode 'ap'
	option network 'lan'
	option ssid '...'
	option encryption 'sae-mixed'
	option key '...'
	option ieee80211w '1'



/var/run/hostapd-phy0.conf:

driver=nl80211
logger_syslog=127
logger_syslog_level=1
logger_stdout=127
logger_stdout_level=1
country_code=DE
ieee80211d=1
hw_mode=g
supported_rates=60 90 120 180 240 360 480 540
basic_rates=60 120 240
beacon_int=100
dtim_period=2
channel=13
chanlist=13


ieee80211n=1
ht_coex=0
ht_capab=[LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]

radio_config_id=614cf6f66f4a51eefaf4bd5d4b33983c
interface=wlan0
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
skip_inactivity_poll=0
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
sae_require_mfp=1
wpa_passphrase=...
wpa_psk_file=/var/run/hostapd-wlan0.psk
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=...
bridge=br-lan
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256 SAE
okc=1
ieee80211w=1
group_mgmt_cipher=AES-128-CMAC
dynamic_vlan=0
vlan_naming=1
vlan_no_bridge=1
vlan_file=/var/run/hostapd-wlan0.vlan
config_id=959613158ed8967fd9f81b6a58d43b5f
bssid=...


Diffconfig and dmesg attached.

One or more files have been attached.

More information can be found at the following URL:
https://bugs.openwrt.org/index.php?do=details&task_id=3901

You are receiving this message because you have requested it from the Flyspray bugtracking system.  If you did not expect this message or don't want to receive mails in future, you can change your notification settings at the URL shown above.

More information about the openwrt-bugs mailing list