lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Tue, 15 Jun 2021 13:42:28 +0000 (UTC)
From:   Kalle Valo <kvalo@...eaurora.org>
To:     Martin Fuzzey <martin.fuzzey@...wbird.group>
Cc:     Amitkumar Karwar <amitkarwar@...il.com>, stable@...r.kernel.org,
        Siva Rebbagondla <siva8118@...il.com>,
        Marek Vasut <marex@...x.de>, linux-wireless@...r.kernel.org,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH V2] rsi: fix AP mode with WPA failure due to encrypted
 EAPOL

Martin Fuzzey <martin.fuzzey@...wbird.group> wrote:

> In AP mode WPA2-PSK connections were not established.
> 
> The reason was that the AP was sending the first message
> of the 4 way handshake encrypted, even though no pairwise
> key had (correctly) yet been set.
> 
> Encryption was enabled if the "security_enable" driver flag
> was set and encryption was not explicitly disabled by
> IEEE80211_TX_INTFL_DONT_ENCRYPT.
> 
> However security_enable was set when *any* key, including
> the AP GTK key, had been set which was causing unwanted
> encryption even if no key was avaialble for the unicast
> packet to be sent.
> 
> Fix this by adding a check that we have a key and drop
> the old security_enable driver flag which is insufficient
> and redundant.
> 
> The Redpine downstream out of tree driver does it this way too.
> 
> Regarding the Fixes tag the actual code being modified was
> introduced earlier, with the original driver submission, in
> dad0d04fa7ba ("rsi: Add RS9113 wireless driver"), however
> at that time AP mode was not yet supported so there was
> no bug at that point.
> 
> So I have tagged the introduction of AP support instead
> which was part of the patch set "rsi: support for AP mode" [1]
> 
> It is not clear whether AP WPA has ever worked, I can see nothing
> on the kernel side that broke it afterwards yet the AP support
> patch series says "Tests are performed to confirm aggregation,
> connections in WEP and WPA/WPA2 security."
> 
> One possibility is that the initial tests were done with a modified
> userspace (hostapd).
> 
> [1] https://www.spinics.net/lists/linux-wireless/msg165302.html
> 
> Signed-off-by: Martin Fuzzey <martin.fuzzey@...wbird.group>
> Fixes: 38ef62353acb ("rsi: security enhancements for AP mode")
> CC: stable@...r.kernel.org

Patch applied to wireless-drivers-next.git, thanks.

314538041b56 rsi: fix AP mode with WPA failure due to encrypted EAPOL

-- 
https://patchwork.kernel.org/project/linux-wireless/patch/1622564459-24430-1-git-send-email-martin.fuzzey@flowbird.group/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ