# unable to use CCMP [Solved]

## jeanfrancis

Hi there !

I've got a problem with WPA2/CCMP.

On the same AP, I can connect using TKIP, but not CCMP (tested on 2 APs).

The authentification works, dhcpcd even gives me an IP address (which I think is wrong), but the "route add" fails as if the AP didn't give me the correct informations (IP, gateway)...

Any idea where to check ?  :Smile:  I don't know what command output to provide, so please ask  :Smile: Last edited by jeanfrancis on Mon Feb 16, 2009 2:54 pm; edited 1 time in total

----------

## jeanfrancis

```
$ emerge --info

Portage 2.2_rc22 (default/linux/amd64/2008.0/no-multilib, gcc-4.3.2, glibc-2.8_p20080602-r1, 2.6.28-gentoo x86_64)

=================================================================                                                 

System uname: Linux-2.6.28-gentoo-x86_64-Intel-R-_Core-TM-2_CPU_T5600_@_1.83GHz-with-glibc2.2.5                   

Timestamp of tree: Sun, 18 Jan 2009 05:35:01 +0000                                                                

app-shells/bash:     3.2_p48                                                                                      

dev-java/java-config: 1.3.7-r1, 2.1.6-r1                                                                          

dev-lang/python:     2.5.2-r8                                                                                     

dev-util/cmake:      2.6.2-r1                                                                                     

sys-apps/baselayout: 2.0.0-r1                                                                                     

sys-apps/openrc:     0.4.1                                                                                        

sys-apps/sandbox:    1.3.2                                                                                        

sys-devel/autoconf:  2.13, 2.63                                                                                   

sys-devel/automake:  1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2                                                    

sys-devel/binutils:  2.19                                                                                         

sys-devel/gcc-config: 1.4.0-r4                                                                                    

sys-devel/libtool:   2.2.6a                                                                                       

virtual/os-headers:  2.6.27-r2                                                                                    

ACCEPT_KEYWORDS="amd64 ~amd64"                                                                                    

CBUILD="x86_64-pc-linux-gnu"                                                                                      

CFLAGS="-march=native -O2 -pipe"                                                                                  

CHOST="x86_64-pc-linux-gnu"                                                                                       

CONFIG_PROTECT="/etc /usr/share/config /var/lib/hsqldb"                                                           

CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d"                                                                                                 

CXXFLAGS="-march=native -O2 -pipe"

DISTDIR="/usr/portage/distfiles"

EMERGE_DEFAULT_OPTS="--with-bdeps y"

FEATURES="distlocks fixpackages parallel-fetch preserve-libs protect-owned sandbox sfperms strict unmerge-orphans userfetch"

GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"

LDFLAGS="-Wl,-O1"

LINGUAS="en"

MAKEOPTS="-j3"

PKGDIR="/usr/portage/packages"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"

PORTAGE_TMPDIR="/var/tmp"

PORTDIR="/usr/portage"

PORTDIR_OVERLAY="/usr/local/portage/layman/kde-testing /usr/local/portage/local-overlay"

SYNC="rsync://rsync.gentoo.org/gentoo-portage"

USE="X acl acpi alsa amd64 berkdb blas bluetooth branding bzip2 cairo cdr cli cracklib crypt cups dbus dri dvd dvdr dvdread eds emboss encode esd evo fam firefox flac fortran gcj gdbm gif gpm gsl gstreamer gtk hal iconv ipv6 isdnlog java java6 jpeg kde kde4 laptop ldap libnotify mad midi mikmod mmx mp3 mpeg mudflap ncurses networkmanager nls nptl nptlonly nsplugin ogg opengl openmp pam pcre pdf perl plasma png ppds pppd python qt3support qt4 quicktime readline reflection sdl semantic-desktop session spell spl sse sse2ssl startup-notification svg sysfs tcpd tiff truetype unicode usb vorbis wifi xcomposite xml xorg xv zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_ownerauthz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev synaptics" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en" USERLAND="GNU" VIDEO_CARDS="nvidia"

Unset:  CPPFLAGS, CTARGET, FFLAGS, INSTALL_MASK, LANG, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS

```

----------

## d2_racing

Hi JF, I would like to know if your CCMP ever worked with theses 2 APs ?

Also, when you run :

```

# wpa_cli status

```

What do you have, maybe the firmware of your AP doesn't support CCMP at all ?

What do you have inside /etc/wpa_supplicant/wpa_supplicant.conf

----------

## d2_racing

Did you try with the kernel 2.6.27 ?

Maybe the iwl3945 firmware doesn't properly work with the kernel 2.6.28.

----------

## jeanfrancis

Hi new moderator  :Wink: 

CCMP worked until last week, when I removed NetworkManager and went back to "manual" wpa_supplicant. I was already on 2.6.28, and I didn't notice any significant package upgrade.

TKIP :

```

# wpa_cli status

Selected interface 'wlan0'

bssid=00:12:80:e1:88:44

ssid=ulaval

id=4

id_str=

pairwise_cipher=TKIP

group_cipher=TKIP

key_mgmt=WPA/IEEE 802.1X/EAP

wpa_state=COMPLETED

ip_address=10.240.131.195

Supplicant PAE state=AUTHENTICATED

suppPortStatus=Authorized

EAP state=SUCCESS

selectedMethod=17 (EAP-LEAP)

```

CCMP :

```

# wpa_cli status

Selected interface 'wlan0'

bssid=00:12:80:ed:2b:11

ssid=ulaval-wpa

id=0

pairwise_cipher=CCMP

group_cipher=TKIP

key_mgmt=WPA2/IEEE 802.1X/EAP

wpa_state=COMPLETED

ip_address=10.240.38.77

Supplicant PAE state=AUTHENTICATED

suppPortStatus=Authorized

EAP state=SUCCESS

selectedMethod=17 (EAP-LEAP)

```

Is the group_cipher supposed to be also CCMP ?

----------

## jeanfrancis

(Testing with two different APs, both of Laval University's wifi)

----------

## jeanfrancis

 *jeanfrancis wrote:*   

> Is the group_cipher supposed to be also CCMP ?

 

I'll answer myself, yep. Now, what is causing that ?  :Razz: 

----------

## jeanfrancis

 *jeanfrancis wrote:*   

>  *jeanfrancis wrote:*   Is the group_cipher supposed to be also CCMP ? 
> 
> I'll answer myself, yep. Now, what is causing that ? 

 

Well, finally, that's not it. I just asked to a friend to connect to the same AP and it has the same (pairwise_cipher=CCMP, group_cipher=TKIP)

Still no clue.

----------

## d2_racing

You are not connecting to the same AP :

```

TKIP :

bssid=00:12:80:e1:88:44 

CCMP:

bssid=00:12:80:ed:2b:11 

```

And both are EAP state=SUCCESS, that's weird.

Do you have something weird inside : 

```

# cat /etc/udev/rules.d/70-persistent-net.rules

```

----------

## d2_racing

After your have a connection, do you see something here :

```

# tail | grep -i iwl

```

----------

## jeanfrancis

I know it is not the same AP  :Smile:  There are two different APs for different encryptions: ulaval-wpa for CCMP, and ulaval for TKIP.

```

# cat /etc/udev/rules.d/70-persistent-net.rules

# This file was automatically generated by the /lib64/udev/write_net_rules

# program run by the persistent-net-generator.rules rules file.

#

# You can modify it, as long as you keep each rule on a single line.

# PCI device 0x8086:0x1092 (e100)

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:a0:d1:5c:0d:09", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"

# PCI device 0x8086:0x4222 (iwl3945)

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:18:de:68:2b:c5", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan0"

```

```

# dmesg | grep -i iwl

[    5.962040] iwl3945: Intel(R) PRO/Wireless 3945ABG/BG Network Connection driver for Linux, 1.2.26ks

[    5.962043] iwl3945: Copyright(c) 2003-2008 Intel Corporation

[    5.962164] iwl3945 0000:05:00.0: PCI INT A -> GSI 18 (level, low) -> IRQ 18

[    5.962180] iwl3945 0000:05:00.0: setting latency timer to 64

[    5.962218] iwl3945: Detected Intel Wireless WiFi Link 3945ABG

[    6.024147] iwl3945: Tunable channels: 11 802.11bg, 13 802.11a channels

[    6.024972] phy0: Selected rate control algorithm 'iwl-3945-rs'

[    6.027189] iwl3945 0000:05:00.0: PCI INT A disabled

[   10.468705] iwl3945 0000:05:00.0: PCI INT A -> GSI 18 (level, low) -> IRQ 18

[   10.468851] iwl3945 0000:05:00.0: restoring config space at offset 0x1 (was 0x100002, writing 0x100006)

[   10.469039] iwl3945 0000:05:00.0: irq 379 for MSI/MSI-X

[   10.469137] iwl3945 0000:05:00.0: firmware: requesting iwlwifi-3945-1.ucode

[   10.566616] Registered led device: iwl-phy0:radio

[   10.566694] Registered led device: iwl-phy0:assoc

[   10.566744] Registered led device: iwl-phy0:RX

[   10.566780] Registered led device: iwl-phy0:TX

```

I'm still clueless  :Sad: 

----------

## d2_racing

Me too   :Crying or Very sad: 

----------

## d2_racing

Can you check that : https://forums.gentoo.org/viewtopic-p-5423783.html

----------

## jeanfrancis

Thanks for the reply,

Yep I saw this message also. Some places say that I need iwl3945-ucode:1 already with kernel 2.6.28, but the message in the ebuild says 2.6.29... I installed the new ucode and removed the old one, but the module is still asking for the old one.

I'll test all of that once 2.6.29 is out. If I still get my CCMP problem, I'll emerge -e @system @world.

----------

## jeanfrancis

I just found something, googling it...

```
# dmesg | grep -i aes 

[    0.525479] alg: cipher: Test 1 failed on encryption for aes-asm

```

----------

## jeanfrancis

false alarm, this message occurs when AES is built against the kernel. Building it as a module again (like it was before my tests) will solve this.

----------

## jeanfrancis

Problem solved when reinstalling from scratch.

No clue what the problem was.

----------

## d2_racing

since, it's solve, then great  :Razz: 

----------

