Encryption problems with nl80211

[Dan Williams]

On Wed, 2015-10-28 at 00:54 +0530, Krishna Chaitanya wrote:
> On Wed, Oct 28, 2015 at 12:11 AM, Dan Williams <dcbw at redhat.com> wrote:
> > On Tue, 2015-10-27 at 18:16 +0100, simo wrote:
> >> Hi, I am Simon and I am new in this mail list.
> >>
> >> I am experiencing problems enabling encryption key after creating an
> >> IBSS network through wpa_supplicant.
> >
> > It looks like the error is coming from the kernel mac80211/cfg80211 WiFi
> > stack in nl80211_key_allowed().  That function returns an error if there
> > is not yet any "current_bss", which is probably the case here.  To me it
> > looks like a mismatch in expectations between the kernel and
> > wpa_supplicant about how IBSS WEP is supposed to be configured.
> >
> > wpas_start_assoc_cb() - sets up parameters for IBSS create/join
> > -- kernel cfg80211 has current_bss = NULL
> > wpas_start_assoc_cb() calls wpa_set_wep_keys()
> > -- kernel cfg80211 rejects set_keys request because current_bss == NULL
> > wpas_start_assoc_cb() calls wpa_drv_associate() to being association
> > -- kernel driver creates new IBSS, sends EVENT_IBSS_JOINED
> > -- kernel cfg80211 calls __cfg80211_ibss_joined() and sets current_bss
> >
> > What's odd is that none of this code in the kernel or supplicant has
> > really changed since early 2013, so its either been broken for a long
> > time, or I'm missing something completely about when current_bss gets
> > set.
> >
> > Dan
> >
> >> wlan0: Trying to associate with SSID 'my-net-302'
> >> wlan0: Cancelling scan request
> >> wlan0: WPA: clearing own WPA/RSN IE
> >> wlan0: Automatic auth_alg selection: 0x1
> >> wlan0: WPA: clearing AP WPA IE
> >> wlan0: WPA: clearing AP RSN IE
> >> wlan0: WPA: clearing own WPA/RSN IE
> >> wpa_driver_nl80211_set_key: ifindex=3 (wlan0) alg=1 addr=(nil) key_idx=0
> >> set_tx=1 seq_len=0 key_len=5
> >> nl80211: KEY_DATA - hexdump(len=5): [REMOVED]
> >> nl80211: set_key failed; err=-67 Link has been severed)
> >
> > ^^^ the error
> > <snip>
> >
> >> nl80211: Event message available
> >> nl80211: Drv Event 43 (NL80211_CMD_JOIN_IBSS) received for wlan0
> >> nl80211: IBSS 12:24:21:59:87:d0 joined
> >> nl80211: IBSS-joined on 2412 MHz
> >> nl80211: Operating frequency for the associated BSS from scan results:
> >> 2412 MHz
> >> nl80211: IBSS on frequency 2412 MHz
> >> wlan0: Event ASSOC (0) received
> >> wlan0: State: ASSOCIATING -> ASSOCIATED
> >
> > Then reports success creating/joining the adhoc network.  But of course,
> > since the key set failed, the network is not encrypted.
> set_key after association is successful, the failure before association
> can be ignored. This is not a problem.
> 
> 
> wlan0: State: ASSOCIATED -> COMPLETED
> wlan0: Radio work 'connect'@0xfab20 done in 0.603215 seconds
> wlan0: CTRL-EVENT-CONNECTED - Connection to 12:24:21:59:87:d0 completed
> [id=0 id_str=]
> nl80211: Set wlan0 operstate 0->1 (UP)
> netlink: Operstate: ifindex=3 linkmode=-1 (no change), operstate=6
> (IF_OPER_UP)
> wlan0: Cancelling scan request
> wpa_driver_nl80211_set_key: ifindex=3 (wlan0) alg=1 addr=(nil) key_idx=0
> set_tx=1 seq_len=0 key_len=5
> nl80211: KEY_DATA - hexdump(len=5): [REMOVED]
> RTM_NEWLINK: ifi_index=3 ifname=wlan0 operstate=6 linkmode=1
> ifi_family=0 ifi_flags=0x11043 ([UP][RUNNING][LOWER_

Ah, you are correct.  IIRC some drivers don't really support setting the
keys after IBSS create though, since they don't have a great way to
update the IEs after the join has already happened.  I wonder what
driver the reporter is using?

Dan