lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1441065883.2718.76.camel@redhat.com>
Date:	Mon, 31 Aug 2015 19:04:43 -0500
From:	Dan Williams <dcbw@...hat.com>
To:	Ondrej Zary <linux@...nbow-software.org>
Cc:	netdev@...r.kernel.org,
	Kernel development list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH 1/2] airo: fix IW_AUTH_ALG_OPEN_SYSTEM

On Tue, 2015-09-01 at 00:12 +0200, Ondrej Zary wrote:
> 
> On Monday 31 August 2015 22:44:54 Dan Williams wrote:
> > On Mon, 2015-08-31 at 21:19 +0200, Ondrej Zary wrote:
> > > Handle IW_AUTH_ALG_OPEN_SYSTEM in set_auth.
> > > This allows wpa_supplicant (and thus NetworkManager) to work with open
> > > APs.
> > >
> > > Signed-off-by: Ondrej Zary <linux@...nbow-software.org>
> > > ---
> > >  drivers/net/wireless/airo.c |    7 +++----
> > >  1 file changed, 3 insertions(+), 4 deletions(-)
> > >
> > > diff --git a/drivers/net/wireless/airo.c b/drivers/net/wireless/airo.c
> > > index d0c97c2..2066a1f 100644
> > > --- a/drivers/net/wireless/airo.c
> > > +++ b/drivers/net/wireless/airo.c
> > > @@ -6670,10 +6670,9 @@ static int airo_set_auth(struct net_device *dev,
> > >  		break;
> > >
> > >  	case IW_AUTH_80211_AUTH_ALG: {
> > > -			/* FIXME: What about AUTH_OPEN?  This API seems to
> > > -			 * disallow setting our auth to AUTH_OPEN.
> > > -			 */
> > > -			if (param->value & IW_AUTH_ALG_SHARED_KEY) {
> > > +			if (param->value & IW_AUTH_ALG_OPEN_SYSTEM) {
> > > +				local->config.authType = AUTH_OPEN;
> > > +			} else if (param->value & IW_AUTH_ALG_SHARED_KEY) {
> > >  				local->config.authType = AUTH_SHAREDKEY;
> > >  			} else if (param->value & IW_AUTH_ALG_OPEN_SYSTEM) {
> > >  				local->config.authType = AUTH_ENCRYPT;
> >
> > NAK; there are two problems with this patch.  First, there's already an
> > if test for OPEN_SYSTEM which sets authType to AUTH_ENCRYPT.  Second,
> > AUTH_OPEN means to disable encryption entirely.  The decision being made
> > here is whether to use Shared Key or Open authentication, not whether
> > encryption is being used or not.  Thus this patch would appear to break
> > most WEP APs?
> >
> > Airo really wants to know the auth type *and* whether encryption will
> > actually be used at the same time, and we don't have that information
> > here.  I guess the only thing you can do here is call get_wep_key() for
> > all the indexes and see if any keys are set, and if any keys are set,
> > use AUTH_ENCRYPT.  If get_wep_key() returns -1 for all 4 indexes, use
> > AUTH_OPEN.  But you have to make sure that this all gets protected by
> > local->wep_capable and that you're not checking indexes above
> > ai->max_wep_idx.  Yay airo!
> 
> Sorry, I got confused (and it worked with WEP with a test AP, although there's
> no open system/shared key setting in the firmware).
> 
> Reading the wpa_supplicant code, it uses IW_AUTH_ALG_OPEN_SYSTEM for WEP open
> system and also as a default value - which gets used when encryption is
> disabled:

I think you're still confusing the relationship between Open System and
WEP in the code and comments here.  802.11 always uses an "auth method"
regardless of whether encryption is used or not.  There are 3 possible
settings here:

Auth    Encryption
------------------
OPEN    NONE
OPEN    WEP
SHARED  WEP

The problem here is that:

1) the WEXT SIWAUTH call only sets authentication, but says nothing
about encryption

2) that airo is currently structured such that it wants both auth &
encryption specified at the same time.  It tracks the states in the
table above with the authType variable, but at the point of SIWAUTH
there is no information about whether the requested mode is OPEN+NONE or
OPEN+WEP.

The patches might work for some cases, but they are ignoring others
where clients might send WEXT calls in different order.  WEXT doesn't
specify any kind of ordering, which is one reason it's been deprecated
and replaced with nl80211.  So in your case, the supplicant does [IWAUTH
+ IWENCODE] but that's just how the supplicant decided to implement it.
If some other client does a perfectly legal [IWENCODE + IWAUTH] then
your original patch will turn off WEP, when the client wanted OPEN +
WEP.

> static int wpa_driver_wext_set_auth_alg(void *priv, int auth_alg)
> {
>         struct wpa_driver_wext_data *drv = priv;
>         int algs = 0, res;
> 
>         if (auth_alg & WPA_AUTH_ALG_OPEN)
>                 algs |= IW_AUTH_ALG_OPEN_SYSTEM;
>         if (auth_alg & WPA_AUTH_ALG_SHARED)
>                 algs |= IW_AUTH_ALG_SHARED_KEY;
>         if (auth_alg & WPA_AUTH_ALG_LEAP)
>                 algs |= IW_AUTH_ALG_LEAP;
>         if (algs == 0) {
>                 /* at least one algorithm should be set */
>                 algs = IW_AUTH_ALG_OPEN_SYSTEM;
>         }
> 
>         res = wpa_driver_wext_set_auth_param(drv, IW_AUTH_80211_AUTH_ALG,
>                                              algs);
>         drv->auth_alg_fallback = res == -2;
>         return res;
> }
> 
> 
> However, when SIOCSIWAUTH fails with EOPNOTSUPP, it tries SIOCSIWENCODE. This
> patch seems to work too with my AP:
> 
> diff --git a/drivers/net/wireless/airo.c b/drivers/net/wireless/airo.c
> index d0c97c2..2610fe3 100644
> --- a/drivers/net/wireless/airo.c
> +++ b/drivers/net/wireless/airo.c
> @@ -6670,14 +6670,17 @@ static int airo_set_auth(struct net_device *dev,
>  		break;
>  
>  	case IW_AUTH_80211_AUTH_ALG: {
> -			/* FIXME: What about AUTH_OPEN?  This API seems to
> -			 * disallow setting our auth to AUTH_OPEN.
> +			/*
> +			 * IW_AUTH_ALG_OPEN_SYSTEM is ambiguous here for WEP as
> +			 * wpa_supplicant uses it for both no encryption and
> +			 * WEP open system. So we return -EOPNOTSUPP and
> +			 * wpa_supplicant will use SIOCSIWENCODE instead.

It's not really the supplicant that's ambiguous, the supplicant is doing
stuff that makes sense.  Unfortunately the WEXT API is what is ambiguous
here.  Plus, even though wpa_supplicant is the de-facto standard, the
kernel should treat the supplicant specially and we shouldn't add hacks
for specific programs.  Let's see if a general solution can be found.

>  			 */
> -			if (param->value & IW_AUTH_ALG_SHARED_KEY) {
> +			if (param->value & IW_AUTH_ALG_OPEN_SYSTEM)
> +				return -EOPNOTSUPP;

While it works due to wpa_supplicant behavior, it's a hack.  It's
perfectly legal to set OPEN_SYSTEM mode in SIWAUTH.  It's just that airo
is so simple in how it handles WEXT that it doesn't have enough
information to do the right thing.  What ipw2200 does is cache values in
the driver struct so it has everything it needs all the time.

So what I'm saying is that your fix here isn't really a complete fix.  A
complete fix would work for all these scenarios:

a) SIWAUTH(open), SIWENCODE(enable wep) = WEP + open system
b) SIWENCODE(enable wep), SIWAUTH(open) = WEP + open system
c) SIWAUTH(open), SIWENCODE(disable WEP) = unencrypted + open system
d) SIWENCODE(disable WEP), SIWAUTH(open) = unencrypted + open system

and that complete fix might well be caching the IW_AUTH_ALG value in  a
couple places (in the SIWAUTH handler and the SIWENCODE and SIWENCODEEXT
handlers) and also whether WEP is enabled or not, and then using both of
those values to set authType in SIWAUTH.

Dan

> +			if (param->value & IW_AUTH_ALG_SHARED_KEY)
>  				local->config.authType = AUTH_SHAREDKEY;
> -			} else if (param->value & IW_AUTH_ALG_OPEN_SYSTEM) {
> -				local->config.authType = AUTH_ENCRYPT;
> -			} else
> +			else
>  				return -EINVAL;
>  
>  			/* Commit the changes to flags if needed */
> 
> 
> 
> -- 
> Ondrej Zary
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ