lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 16 Jan 2019 18:29:07 +0200
From:   Kalle Valo <kvalo@...eaurora.org>
To:     Stanislaw Gruszka <sgruszka@...hat.com>
Cc:     Bernd Edlinger <bernd.edlinger@...mail.de>,
        Helmut Schaa <helmut.schaa@...glemail.com>,
        "David S. Miller" <davem@...emloft.net>,
        "linux-wireless\@vger.kernel.org" <linux-wireless@...r.kernel.org>,
        "netdev\@vger.kernel.org" <netdev@...r.kernel.org>,
        "linux-kernel\@vger.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] rt61pci: Work around a firmware bug with shared keys

Stanislaw Gruszka <sgruszka@...hat.com> writes:

> On Tue, Jan 15, 2019 at 02:01:29PM +0000, Bernd Edlinger wrote:
>> Apparently the rt2x61 firmware fails temporarily to decode
>> broadcast packets if the shared keys are not assigned
>> in the "correct" sequence. At the same time unicast
>> packets work fine, since they are encrypted with the
>> pairwise key.
>> 
>> At least with WPA2 CCMP mode the shared keys are
>> set in the following sequence: keyidx=1, 2, 1, 2.
>> After a while only keyidx 2 gets decrypted, and
>> keyidx 1 is ignored, probably because there is never
>> a keyidx 3.
>> 
>> Symptoms are arping -b works for 10 minutes, since
>> keyidx=2 is used for broadcast, and then it stops
>> working for 10 minutes, because keyidx=1 is used.
>> That failure mode repeats forever.
>> 
>> Note, the firmware does not even know which keyidx
>> corresponds to which hw_key_idx so the firmware is
>> trying to be smarter than the driver, which is bound
>> to fail.
>> 
>> As workaround the function rt61pci_config_shared_key
>> requests software decryption of the shared keys,
>> by returning EOPNOTSUPP. However, pairwise keys are
>> still handled by hardware which works just fine.
>> 
>> Signed-off-by: Bernd Edlinger <bernd.edlinger@...mail.de>
>
> Acked-by: Stanislaw Gruszka <sgruszka@...hat.com>

The prefix should be "rt2x00:", I can change that.

-- 
Kalle Valo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ