Search Linux Wireless

Re: brcmfmac SAE/WPA3 negotiation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Arend,

I looked through the info where I got the latest firmware:
https://community.infineon.com/t5/Wi-Fi-Bluetooth-for-Linux/Wi-Fi-A-class-Linux-Driver-release-FMAC-2024-11-21-Documents/td-p/905045
https://community.infineon.com/t5/AIROC-Wi-Fi-and-Wi-Fi-Bluetooth/Cypress-Linux-WiFi-Driver-Release-FMAC-2024-11-21/td-p/902888
and did not find anything, but I really do not know what I am looking for.

Keith

On Fri, Dec 13, 2024 at 6:40 PM KeithG <ys3al35l@xxxxxxxxx> wrote:
>
> On Fri, Dec 13, 2024 at 11:35 AM Arend Van Spriel
> <arend.vanspriel@xxxxxxxxxxxx> wrote:
> >
> > On December 13, 2024 4:13:17 PM KeithG <ys3al35l@xxxxxxxxx> wrote:
> >
> > > On Thu, Dec 12, 2024 at 2:17 PM Arend van Spriel
> > > <arend.vanspriel@xxxxxxxxxxxx> wrote:
> > >>
> > >> On 12/12/2024 3:24 PM, KeithG wrote:
> > >>> Based on a hunch that brcmfmac dbug might reveal something, I turned
> > >>> it on to see what turned up. I attempted the same as before: using iwd
> > >>> to connect to the WPA3 AP.
> > >>>
> > >>> [iwd]# station wlan0 connect deskSAE
> > >>> Type the network passphrase for deskSAE psk.
> > >>> Passphrase: *********
> > >>> [iwd]# station wlan0 show
> > >>>                            Station: wlan0
> > >>> --------------------------------------------------------------------------------
> > >>> Settable  Property              Value
> > >>> --------------------------------------------------------------------------------
> > >>>       Scanning              no
> > >>>       State                 connecting
> > >>>       Connected network     deskSAE
> > >>>       IPv4 address          169.254.203.147
> > >>>
> > >>> the attached log shows brcmfmac debug
> > >>>
> > >>> it always shows 'State connecting' never connected.
> > >>>
> > >>> Is one of these what is causing it to error out:
> > >>> Dec 09 18:11:06 jackrune kernel: brcmfmac: brcmf_fil_cmd_data Firmware
> > >>> error: BCME_UNSUPPORTED (-23)
> > >>> Dec 09 18:11:06 jackrune kernel: brcmfmac: brcmf_fil_iovar_data_get
> > >>> ifidx=0, name=tdls_sta_info, len=296, err=-52
> > >>> ...
> > >>> Dec 09 18:11:06 jackrune kernel: brcmfmac: brcmf_fil_cmd_data Firmware
> > >>> error: BCME_BADADDR (-21)
> > >>> Dec 09 18:11:06 jackrune kernel: brcmfmac: brcmf_fil_iovar_data_get
> > >>> ifidx=0, name=sta_info, len=296, err=-52
> > >>> ...
> > >>> Dec 09 18:33:32 jackrune kernel: ieee80211 phy0:
> > >>> brcmf_cfg80211_get_station: GET STA INFO failed, -52
> > >>>
> > >>> I do not know what BCME is.
> > >>
> > >> BCME are the error codes produced by the firmware. Without debug prints
> > >> you will only see a generic error code, ie. -52 (-EBADE). So you always
> > >> see the "Firmware error" message following by the "generic" error
> > >> message. It is not truly generic as it mentions the command name. So the
> > >> above says the command "tdls_sta_info" is unsupported and the mac
> > >> address provided in the "sta_info" command is not found in firmware.
> > >>
> > >> Looking at the log I see periodically:
> > >>
> > >> Dec 09 18:32:55 jackrune kernel: brcmfmac: brcmf_fil_cmd_data Firmware
> > >> error: BCME_NOTASSOCIATED (-17)
> > >> Dec 09 18:32:55 jackrune kernel: brcmfmac: brcmf_fil_cmd_data_get
> > >> ifidx=0, cmd=23, len=6, err=-52
> > >>
> > >> According fwil.h the driver sends BRCMF_C_GET_BSSID command. When
> > >> associated is returns the BSSID of your AP. As you are not yet
> > >> associated it fails. Not really related to the external auth procedure I
> > >> think.
> > >>
> > >> The following is more interesting:
> > >>
> > >> Dec 09 18:32:55 jackrune kernel: brcmfmac: brcmf_cfg80211_external_auth
> > >> Enter
> > >> Dec 09 18:32:55 jackrune kernel: brcmfmac: brcmf_fil_iovar_data_set
> > >> ifidx=0, name=auth_status, len=44
> > >> Dec 09 18:32:55 jackrune kernel: brcmutil: data
> > >> Dec 09 18:32:55 jackrune kernel: 00000000: 04 00 d8 3a dd 60 a3 0c 07 00
> > >> 00 00 64 65 73 6b  ...:.`......desk
> > >> Dec 09 18:32:55 jackrune kernel: 00000010: 53 41 45 00 00 00 00 00 00 00
> > >> 00 00 00 00 00 00  SAE.............
> > >> Dec 09 18:32:55 jackrune kernel: 00000020: 00 00 00 00 00 00 00 00 00 00
> > >> 00 00              ............
> > >> Dec 09 18:32:55 jackrune kernel: brcmfmac: brcmf_sdio_bus_txctl Enter
> > >> Dec 09 18:32:55 jackrune kernel: brcmfmac: brcmf_sdio_bus_rxctl Enter
> > >> Dec 09 18:32:55 jackrune kernel: brcmfmac: brcmf_sdio_isr Enter
> > >> Dec 09 18:32:55 jackrune kernel: brcmfmac: brcmf_sdio_bus_rxctl resumed
> > >> on rxctl frame, got 72 expected 72
> > >> Dec 09 18:32:55 jackrune kernel: brcmfmac: brcmf_fil_cmd_data Firmware
> > >> error: BCME_BADLEN (-24)
> > >> Dec 09 18:32:55 jackrune kernel: ieee80211 phy0:
> > >> brcmf_cfg80211_external_auth: auth_status iovar failed: ret=-52
> > >>
> > >> So the "auth_status" command fails and the firmware error code indicates
> > >> the length is invalid. The length of the "auth_status" command as sent
> > >> by the driver to the device is 44 and apparently the firmware expects
> > >> some other length. Here is what I did in my patch:
> > >>
> > >> +static int
> > >> +brcmf_cyw_external_auth(struct wiphy *wiphy, struct net_device *dev,
> > >> +                       struct cfg80211_external_auth_params *params)
> > >> +{
> > >> +       struct brcmf_if *ifp;
> > >> +       struct brcmf_pub *drvr;
> > >> +       struct brcmf_auth_req_status_le auth_status;
> > >> +       int ret = 0;
> > >> +
> > >> +       brcmf_dbg(TRACE, "Enter\n");
> > >> +
> > >> +       ifp = netdev_priv(dev);
> > >> +       drvr = ifp->drvr;
> > >> +       if (params->status == WLAN_STATUS_SUCCESS) {
> > >> +               auth_status.flags = cpu_to_le16(BRCMF_EXTAUTH_SUCCESS);
> > >> +       } else {
> > >> +               bphy_err(drvr, "External authentication failed: status=%d\n",
> > >> +                        params->status);
> > >> +               auth_status.flags = cpu_to_le16(BRCMF_EXTAUTH_FAIL);
> > >> +       }
> > >> +
> > >> +       memcpy(auth_status.peer_mac, params->bssid, ETH_ALEN);
> > >> +       auth_status.ssid_len = cpu_to_le32(min_t(u8, params->ssid.ssid_len,
> > >> +                                                IEEE80211_MAX_SSID_LEN));
> > >> +       memcpy(auth_status.ssid, params->ssid.ssid, auth_status.ssid_len);
> > >> +
> > >> +       ret = brcmf_fil_iovar_data_set(ifp, "auth_status", &auth_status,
> > >> +                                      sizeof(auth_status));
> > >> +       if (ret < 0)
> > >> +               bphy_err(drvr, "auth_status iovar failed: ret=%d\n", ret);
> > >> +
> > >> +       return ret;
> > >> +}
> > >>
> > >> So the type struct brcmf_auth_req_status_le is used for external auth
> > >> request and for auth_status. Maybe for the "auth_status" it only needs a
> > >> subset of fields. Here is the struct declaration:
> > >>
> > >> +/**
> > >> + * struct brcmf_auth_req_status_le - external auth request and status
> > >> update
> > >> + *
> > >> + * @flags: flags for external auth status
> > >> + * @peer_mac: peer MAC address
> > >> + * @ssid_len: length of ssid
> > >> + * @ssid: ssid characters
> > >> + */
> > >> +struct brcmf_auth_req_status_le {
> > >> +       __le16 flags;
> > >> +       u8 peer_mac[ETH_ALEN];
> > >> +       __le32 ssid_len;
> > >> +       u8 ssid[IEEE80211_MAX_SSID_LEN];
> > >> +};
> > >>
> > >> Maybe flags and peer_mac is sufficient? That would be 8 bytes so can you
> > >> try and change brcmf_cyw_external_auth() such that it does:
> > >>
> > >> +       ret = brcmf_fil_iovar_data_set(ifp, "auth_status", &auth_status, 8);
> > >>
> > >> Without firmware source code we can only guess.
> > >>
> > >> Regards,
> > >> Arend
> > >>
> > >>> On Mon, Dec 9, 2024 at 8:30 AM KeithG <ys3al35l@xxxxxxxxx> wrote:
> > >>>>
> > >>>> I poked at this a while back and decided to try it again over the weekend.
> > >>>>
> > >>>> Infineon has released a new firmware:
> > >>>> Firmware: BCM4345/6 wl0: Oct 28 2024 23:27:00 version 7.45.286
> > >>>> (be70ab3 CY) FWID 01-95efe7fa
> > >>>> it is not in the RPiOS release, yet, but I installed it on a Pi3B+ and
> > >>>> decided to give it a try. I have an AP running WPA3 personal on a
> > >>>> desktop in the home and can connect to it with my phone as proof that
> > >>>> it 'works'.
> > >>>>
> > >>>> I tried to connect to it once again from the Pi while running this new
> > >>>> firmware. It gets closer than last time I checked, but it does not
> > >>>> actually negotiate a functional connection.
> > >>>> I tried with connman/iwd, NetworkManager/iwd and it gets close, but
> > >>>> still errors out. I get a number of these in the iwmon log:
> > >>>>
> > >>>>> Response: Get Station (0x11) len 4                                  38.439787
> > >>>> Status: Invalid exchange (52)
> > >>>>
> > >>>> Can I probe this further to assist in diagnosing the cause and
> > >>>> potentially help with a solution?
> > >>>> The log is attached.
> > >>>>
> > >>>> Regards,
> > >>>>
> > >>>> Keith
> > > Arend,
> > >
> > > Does this iwmon log help at all.
> >
> > Probably not. The issue seems to be between driver and firmware.
> >
> > If there is anyone out there that successfully used the ext_auth with
> > downstream ifx driver they could create the same log and see what length
> > the auth_status command uses.
> >
> > I'll see what I can find.
> >
> > Regards,
> > Arend
>
> Arend,
>
> I took a look anyway.
>
> Don't know exactly what I am looking at, but it seems that this is
> where it goes sideways:
>
> > Event: Frame (0x3b) len 120                                          7.530849
>     Wiphy: 0 (0x00000000)
>     Interface Index: 3 (0x00000003)
>     Wireless Device: 1 (0x0000000000000001)
>     Wiphy Frequency: 2412 (0x0000096c)
>     Unknown: 290 len 4
>         00 00 00 00                                      ....
>     Frame: len 64
>         Frame Type: 0x00b0
>             Type: Management (0)
>             Authentication:
>                 Frame Control: protocol: 00 type: 00 subtype: 11 to:
> 00 from: 00 more_frags: 00
>                     retry: 00 power_mgmt: 00 more_data: 00 protected:
> 00 order: 00
>                 Duration: 0
>                 Address 1 (RA): B8:27:EB:A4:6E:0F
>                 Address 2 (TA): D8:3A:DD:60:A3:0C
>                 Address 3: 00:00:00:00:00:00
>                 Fragment Number: 0
>                 Sequence Number: 0
>                 Algorithm: SAE (seq: 2, status: 0)
>                 IEs: len 34
>                     Error decoding Supported rates IE len 0: Invalid
> argument (-22)
>         b0 00 00 00 b8 27 eb a4 6e 0f d8 3a dd 60 a3 0c  .....'..n..:.`..
>         00 00 00 00 00 00 00 00 03 00 02 00 00 00 01 00  ................
>         b3 a1 af e2 4c 57 c9 0d 5e 56 0d 70 91 58 e1 53  ....LW..^V.p.X.S
>         5c 1c 6c 20 05 78 9b d9 81 ce b9 b8 f4 8b a8 c7  \.l .x..........
>     RX Management Flags: 2 (0x00000002)
> < Request: External Auth (0x7f) len 40 [ack]                           7.531125
>     Interface Index: 3 (0x00000003)
>     Status Code: 0 (0x0000)
>     SSID: len 7
>         64 65 73 6b 53 41 45                             deskSAE
>     BSSID D8:3A:DD:60:A3:0C
> > Response: External Auth (0x7f) len 4                                 7.531626
>     Status: Invalid exchange (52)
> < Request: Get Station (0x11) len 20 [ack]                             8.410689
>     Interface Index: 3 (0x00000003)
>     MAC Address D8:3A:DD:60:A3:0C
> > Response: Get Station (0x11) len 4                                   8.415045
>     Status: Invalid exchange (52)





[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Wireless Regulations]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux