diff mbox series

[5.3] rt2x00: clear up IV's on key removal

Message ID 1566564483-31088-1-git-send-email-sgruszka@redhat.com (mailing list archive)
State Accepted
Commit 14d5e14c8a6c257eb322ddeb294ac4c243a7d2e1
Delegated to: Kalle Valo
Headers show
Series [5.3] rt2x00: clear up IV's on key removal | expand

Commit Message

Stanislaw Gruszka Aug. 23, 2019, 12:48 p.m. UTC
After looking at code I realized that my previous fix
95844124385e ("rt2x00: clear IV's on start to fix AP mode regression")
was incomplete. We can still have wrong IV's after re-keyring.
To fix that, clear up IV's also on key removal.

Fixes: 710e6cc1595e ("rt2800: do not nullify initialization vector data")
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
---
 drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

Comments

Emil Karlson Aug. 27, 2019, 8:30 a.m. UTC | #1
On Fri, 23 Aug 2019 14:48:03 +0200
Stanislaw Gruszka <sgruszka@redhat.com> wrote:

> After looking at code I realized that my previous fix
> 95844124385e ("rt2x00: clear IV's on start to fix AP mode regression")
> was incomplete. We can still have wrong IV's after re-keyring.
> To fix that, clear up IV's also on key removal.
> 
> Fixes: 710e6cc1595e ("rt2800: do not nullify initialization vector
> data") Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
> ---
>  drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 19
> ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-)
> 
> diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
> b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c index
> ecbe78b8027b..28e2de04834e 100644 ---
> a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c +++
> b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c @@ -1654,13 +1654,18
> @@ static void rt2800_config_wcid_attr_cipher(struct rt2x00_dev
> *rt2x00dev, offset = MAC_IVEIV_ENTRY(key->hw_key_idx);
>  
> -	rt2800_register_multiread(rt2x00dev, offset,
> -				  &iveiv_entry, sizeof(iveiv_entry));
> -	if ((crypto->cipher == CIPHER_TKIP) ||
> -	    (crypto->cipher == CIPHER_TKIP_NO_MIC) ||
> -	    (crypto->cipher == CIPHER_AES))
> -		iveiv_entry.iv[3] |= 0x20;
> -	iveiv_entry.iv[3] |= key->keyidx << 6;
> +	if (crypto->cmd == SET_KEY) {
> +		rt2800_register_multiread(rt2x00dev, offset,
> +					  &iveiv_entry,
> sizeof(iveiv_entry));
> +		if ((crypto->cipher == CIPHER_TKIP) ||
> +		    (crypto->cipher == CIPHER_TKIP_NO_MIC) ||
> +		    (crypto->cipher == CIPHER_AES))
> +			iveiv_entry.iv[3] |= 0x20;
> +		iveiv_entry.iv[3] |= key->keyidx << 6;
> +	} else {
> +		memset(&iveiv_entry, 0, sizeof(iveiv_entry));
> +	}
> +
>  	rt2800_register_multiwrite(rt2x00dev, offset,
>  				   &iveiv_entry,
> sizeof(iveiv_entry)); }

Seems to work when used with the previous patch on top of 5.3-rc6
tested-by: Emil Karlson <jekarl@iki.fi>
Kalle Valo Sept. 3, 2019, 1:52 p.m. UTC | #2
Stanislaw Gruszka <sgruszka@redhat.com> wrote:

> After looking at code I realized that my previous fix
> 95844124385e ("rt2x00: clear IV's on start to fix AP mode regression")
> was incomplete. We can still have wrong IV's after re-keyring.
> To fix that, clear up IV's also on key removal.
> 
> Fixes: 710e6cc1595e ("rt2800: do not nullify initialization vector data")
> Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
> tested-by: Emil Karlson <jekarl@iki.fi>

Patch applied to wireless-drivers.git, thanks.

14d5e14c8a6c rt2x00: clear up IV's on key removal
diff mbox series

Patch

diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
index ecbe78b8027b..28e2de04834e 100644
--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
@@ -1654,13 +1654,18 @@  static void rt2800_config_wcid_attr_cipher(struct rt2x00_dev *rt2x00dev,
 
 	offset = MAC_IVEIV_ENTRY(key->hw_key_idx);
 
-	rt2800_register_multiread(rt2x00dev, offset,
-				  &iveiv_entry, sizeof(iveiv_entry));
-	if ((crypto->cipher == CIPHER_TKIP) ||
-	    (crypto->cipher == CIPHER_TKIP_NO_MIC) ||
-	    (crypto->cipher == CIPHER_AES))
-		iveiv_entry.iv[3] |= 0x20;
-	iveiv_entry.iv[3] |= key->keyidx << 6;
+	if (crypto->cmd == SET_KEY) {
+		rt2800_register_multiread(rt2x00dev, offset,
+					  &iveiv_entry, sizeof(iveiv_entry));
+		if ((crypto->cipher == CIPHER_TKIP) ||
+		    (crypto->cipher == CIPHER_TKIP_NO_MIC) ||
+		    (crypto->cipher == CIPHER_AES))
+			iveiv_entry.iv[3] |= 0x20;
+		iveiv_entry.iv[3] |= key->keyidx << 6;
+	} else {
+		memset(&iveiv_entry, 0, sizeof(iveiv_entry));
+	}
+
 	rt2800_register_multiwrite(rt2x00dev, offset,
 				   &iveiv_entry, sizeof(iveiv_entry));
 }