[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20210615134228.7A50BC43460@smtp.codeaurora.org>
Date: Tue, 15 Jun 2021 13:42:28 +0000 (UTC)
From: Kalle Valo <kvalo@...eaurora.org>
To: Martin Fuzzey <martin.fuzzey@...wbird.group>
Cc: Amitkumar Karwar <amitkarwar@...il.com>, stable@...r.kernel.org,
Siva Rebbagondla <siva8118@...il.com>,
Marek Vasut <marex@...x.de>, linux-wireless@...r.kernel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH V2] rsi: fix AP mode with WPA failure due to encrypted
EAPOL
Martin Fuzzey <martin.fuzzey@...wbird.group> wrote:
> In AP mode WPA2-PSK connections were not established.
>
> The reason was that the AP was sending the first message
> of the 4 way handshake encrypted, even though no pairwise
> key had (correctly) yet been set.
>
> Encryption was enabled if the "security_enable" driver flag
> was set and encryption was not explicitly disabled by
> IEEE80211_TX_INTFL_DONT_ENCRYPT.
>
> However security_enable was set when *any* key, including
> the AP GTK key, had been set which was causing unwanted
> encryption even if no key was avaialble for the unicast
> packet to be sent.
>
> Fix this by adding a check that we have a key and drop
> the old security_enable driver flag which is insufficient
> and redundant.
>
> The Redpine downstream out of tree driver does it this way too.
>
> Regarding the Fixes tag the actual code being modified was
> introduced earlier, with the original driver submission, in
> dad0d04fa7ba ("rsi: Add RS9113 wireless driver"), however
> at that time AP mode was not yet supported so there was
> no bug at that point.
>
> So I have tagged the introduction of AP support instead
> which was part of the patch set "rsi: support for AP mode" [1]
>
> It is not clear whether AP WPA has ever worked, I can see nothing
> on the kernel side that broke it afterwards yet the AP support
> patch series says "Tests are performed to confirm aggregation,
> connections in WEP and WPA/WPA2 security."
>
> One possibility is that the initial tests were done with a modified
> userspace (hostapd).
>
> [1] https://www.spinics.net/lists/linux-wireless/msg165302.html
>
> Signed-off-by: Martin Fuzzey <martin.fuzzey@...wbird.group>
> Fixes: 38ef62353acb ("rsi: security enhancements for AP mode")
> CC: stable@...r.kernel.org
Patch applied to wireless-drivers-next.git, thanks.
314538041b56 rsi: fix AP mode with WPA failure due to encrypted EAPOL
--
https://patchwork.kernel.org/project/linux-wireless/patch/1622564459-24430-1-git-send-email-martin.fuzzey@flowbird.group/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
Powered by blists - more mailing lists