Cannot connect to APs with password + CCMP

[rojer]

hi.

i'm having problems connecting to wifi networks that are secured by password with CCMP (AES) cipher.
the only way to get wifi with password to work is to force TKIP only - any other mode, including TKIP+CCMP, won't work.

i have a pretty small test program: http://pastebin.com/W4Zp9eU9

all it does is initiate wifi station mode, set config and then poll and print status and system heap free every second.
i also have two APs: one unsecured, called "TehCloud" and one secure, called "DeiWolke" with the same password, where i control encryption.

here are the results i observe:
1) connecting to unsecured AP is never a problem.

wifi status: 1 30216
wifi status: 1 30216
scandone
add 0
aid 1
pm open phy_2,type:2 0 0

connected with TehCloud, channel 4
dhcp client start...
cnt
wifi status: 1 30080
ip:192.168.1.122,mask:255.255.255.0,gw:192.168.1.254
wifi status: 5 30080
wifi status: 5 30080

2) connecting to secured AP with CCMP enabled never completes:

wifi status: 1 29888
wifi status: 1 29560
wifi status: 1 29232
wifi status: 1 28904
rm 0
pm close 7 0 0/4017682
wifi status: 1 28904
reconnect
f 0, wifi status: 1 28904
wifi status: 1 28904
scandone
add 0
aid 1
pm open phy_2,type:2 0 0
cnt
wifi status: 1 28576
wifi status: 1 28248

in fact, it claims there is no AP there when i know it's there and can connect with my laptop:

reconnect
f -240, wifi status: 1 27592
wifi status: 1 27592
scandone
no DeiWolke found, reconnect after 1s
reconnect
f 0, wifi status: 3 27592
wifi status: 3 27592

notice that system heap free is going down. eventually it runs out of heap and get completely stuck. so there is a memory leak problem here.
now, if i go to the AP settings and change encryption to TKIP - while it's still retrying - it is able to connect immediately:

wifi status: 3 21032
wifi status: 3 21032
reconnect
rm 0
pm close 7 0 0/10005241
f 0, wifi status: 3 21032
wifi status: 3 21032
scandone
add 0
aid 1
pm open phy_2,type:2 0 0
cnt

connected with DeiWolke, channel 6
dhcp client start...
wifi status: 3 20544
wifi status: 3 20544
wifi status: 3 20424
ip:192.168.1.122,mask:255.255.255.0,gw:192.168.1.254
wifi status: 5 20544
wifi status: 5 20544

i found another topic where author reports that changing AP to TKIP fixed his connection problem.
problem with this? i do not always control APs and telling customers to force TKIP is giving them bad advice, since TKIP is deprecated.

at the same time, CCMP is so widespread that i find it hard to believe that i ran into this problem first.
what am i doing wrong here?

[ESP_Faye]

Hi，

Sorry that we can’t duplicate your problem and we can‘t access to your test code.

Please notice that ESP8266 only support 2.4G, do NOT support 5G.

Could you have a try with our demo code here ? http://bbs.espressif.com/viewtopic.php?f=21&t=228

If your problem is still unsolved, please offer more information about your special router and upload your test code as an attachment. We will test it with your router and your test code.

Thanks for your interest in ESP8266 !

[tve]

I'd recommend you use the os_timer functionality to call your get_status function repeatedly, something like

Code: Select all

static ETSTimer statusTimer;
      os_timer_disarm(&statusTimer);
      os_timer_setfn(&statusTimer, get_status, NULL);
      os_timer_arm(&statusTimer, 1000, 1);

Faye, the code is:

Code: Select all

#include "mem.h"
#include "osapi.h"
#include "os_type.h"
#include "user_interface.h"
 
os_event_t *queue;
void get_status(os_event_t *e);
 
ICACHE_FLASH_ATTR void my_init_done_cb() {
  struct station_config conf;
  strcpy(conf.ssid, "DeiWolke");
  strcpy(conf.password, "DeiWolke");
  //strcpy(conf.ssid, "TehCloud");
  //conf.password[0] = '\0';
  conf.bssid_set = 0;
  ETS_UART_INTR_DISABLE();
  wifi_station_set_config(&conf);
  wifi_station_connect();
  ETS_UART_INTR_ENABLE();
  wifi_station_dhcpc_start();
 
  queue = (os_event_t*) os_malloc(sizeof(os_event_t) * 5);
  system_os_task(get_status, 0, queue, 5);
  system_os_post(0, 0, 0);
}
 
int x = 0;
 
ICACHE_FLASH_ATTR void get_status(os_event_t *e) {
  x++;
  if (x % 100 == 0) {
    int status = wifi_station_get_connect_status();
    int32 free = system_get_free_heap_size();
    os_printf("wifi status: %d %u\n", status, free);
  }
  os_delay_us(10000);
  system_os_post(0, 0, 0);
}
 
ICACHE_FLASH_ATTR void user_init() {
  wifi_set_opmode(STATION_MODE);
  wifi_station_set_auto_connect(FALSE);
  uart_div_modify(0, UART_CLK_FREQ / 115200);
 
  system_init_done_cb(my_init_done_cb);
}

[rojer]

thanks tve, that looks cleaner, but, as you could imagine, made no difference.

yes, we are using 2.4G and there is nothing special about our APs. we have two - main office AP and two we use for development.
for development we use Asus RT-N10 with OpenWRT firmware (which gives maximum control).
office ap uses CCMP and ESP connect to it either, with the same symptoms.
as i said - the *only* parameter i need to change for it toi start working is to put it into TKIP-only mode. channels, frequencies, WPA/WPA2 mode - all remains the same.
as soon as CCMP is disabled, ESP can connect.

this is a pretty big blocking issue for us, i'm willing to provide any kind of assistance - packet captures, try custom builds of fw, or even give you access to a host with ESP and the AP to play with. please let me know.

i could not attach the file (neither .c not .txt extensions are allowed and i didn't care to try more), but it's short enough to be posted:

Code: Select all

#include "mem.h"
#include "osapi.h"
#include "os_type.h"
#include "user_interface.h"

ETSTimer status_timer;
void get_status(void *arg);

ICACHE_FLASH_ATTR void my_init_done_cb() {
  struct station_config conf;
  strcpy(conf.ssid, "DeiWolke");
  strcpy(conf.password, "DeiWolke");
  //strcpy(conf.ssid, "TehCloud");
  //conf.password[0] = '\0';
  conf.bssid_set = 0;
  ETS_UART_INTR_DISABLE();
  wifi_station_set_config(&conf);
  wifi_station_connect();
  ETS_UART_INTR_ENABLE();
  wifi_station_dhcpc_start();

  os_timer_disarm(&status_timer);
  os_timer_setfn(&status_timer, get_status, NULL);
  os_timer_arm(&status_timer, 1000, 1);
}

ICACHE_FLASH_ATTR void get_status(void *arg) {
  int status = wifi_station_get_connect_status();
  int32 free = system_get_free_heap_size();
  os_printf("wifi status: %d %u\n", status, free);
  os_timer_arm(&status_timer, 1000, 1);
}

ICACHE_FLASH_ATTR void user_init() {
  wifi_set_opmode(STATION_MODE);
  wifi_station_set_auto_connect(FALSE);
  uart_div_modify(0, UART_CLK_FREQ / 115200);

  system_init_done_cb(my_init_done_cb);
}


[ESP_Faye]

Hi,

So sorry that we don't have this special router now, but we are going to buy one and test it .

When I search about "Asus RT-N10", I got "RT-N10+", "RT-N10U", "RT-N10P", "RT-N10E", could you tell me which one is the one ?

Could you offer the capture packet about connecting this special router ? You can zip it and upload it as an attachment.

Thanks for your interest in Espressif Systems and ESP8266 !

[rojer]

hi Faye

we made some progress in analyzing the bug, and at this point it looks more and more like toolchain bug of some sort, which manifests in such a weird way.
while the user_main.c file is exactly as i posted and no other code gets executed, the firmware includes a lot of other "dead wood", not used in the test (when analyzing the bug we of course started with larger code, our real product adds a lot of other stuff).
and it seems that just having this stuff in the fw tickles the bug somehow - if i remove the other stuff (again, not used in any way in the test but only the real fw) the bug goes away.
our current best guess is that the kind/amount/location of other code somehow causes the linker to stomp SDK functions related to CCMP/AES.
i will continue my investigation today, try to find exactly what tickles it and report.

[rojer]

ok, for those who are watching this saga, there is a happy end.

it turns out, that our code brought in its own hmac_sha1 function, which overrode the one in ROM, but which evidently has a different signature and didn't work right.
at one point i was actually looking at symbols, but i was focusing on AES-related symbols, and they were fine, and it turned out to be SHA1.

so, there is no problem with the SDK, but given how subtle the problem was, i think i'd encourage Espressif to do something to make it less likely.
for example, have esptool make_image and elf2image commands warn about user code overriding functions used by SDK.

wow, this was a difficult one to trace.

[rojer]

to close the loop - for our repository we implemented a symbol clash check.
turned out to be very simple, commit is here if anyone's interested: https://github.com/cesanta/smart.js/com ... b0c9362dc5

Espressif guys, feel free to pick it up - i do not wish anyone of your users to go through what we went through to find this

[sweetpants]

Hi,
I have exactly the same issue with Cisco AP's that are using WPA2 and CCMP in the office, but i'm 100% sure i do not have a symbol clash as I only use the SDK. At home with the same SSID and password, but there it is running just fine.
regards, Harry