[5.3] rt2x00: clear up IV's on key removal

Message ID	1566564483-31088-1-git-send-email-sgruszka@redhat.com (mailing list archive)
State	Accepted
Commit	14d5e14c8a6c257eb322ddeb294ac4c243a7d2e1
Delegated to:	Kalle Valo
Headers	show Return-Path: <SRS0=oGbZ=WT=vger.kernel.org=linux-wireless-owner@kernel.org> From: Stanislaw Gruszka <sgruszka@redhat.com> To: linux-wireless@vger.kernel.org Cc: Felix Fietkau <nbd@nbd.name>, Daniel Golle <daniel@makrotopia.org>, =?utf-8?q?Tomislav_Po=C5=BEega?= <pozega.tomislav@gmail.com>, Mathias Kresin <dev@kresin.me>, Emil Karlson <jekarl@iki.fi>, Fredrik Noring <noring@nocrew.org> Subject: [PATCH 5.3] rt2x00: clear up IV's on key removal Date: Fri, 23 Aug 2019 14:48:03 +0200 Message-Id: <1566564483-31088-1-git-send-email-sgruszka@redhat.com> Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk
Series	[5.3] rt2x00: clear up IV's on key removal \| expand [5.3] rt2x00: clear up IV's on key removal

Message ID

1566564483-31088-1-git-send-email-sgruszka@redhat.com (mailing list archive)

State

Accepted

Commit

14d5e14c8a6c257eb322ddeb294ac4c243a7d2e1

Delegated to:

Kalle Valo

Headers

show

Return-Path: <SRS0=oGbZ=WT=vger.kernel.org=linux-wireless-owner@kernel.org>
Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org
 [172.30.200.123])
	by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 71B66112C
	for <patchwork-linux-wireless@patchwork.kernel.org>;
 Fri, 23 Aug 2019 12:48:07 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 592B020578
	for <patchwork-linux-wireless@patchwork.kernel.org>;
 Fri, 23 Aug 2019 12:48:07 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388782AbfHWMsG (ORCPT
        <rfc822;patchwork-linux-wireless@patchwork.kernel.org>);
        Fri, 23 Aug 2019 08:48:06 -0400
Received: from mx1.redhat.com ([209.132.183.28]:47238 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1732009AbfHWMsG (ORCPT <rfc822;linux-wireless@vger.kernel.org>);
        Fri, 23 Aug 2019 08:48:06 -0400
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id AB11089ACA;
        Fri, 23 Aug 2019 12:48:05 +0000 (UTC)
Received: from localhost (unknown [10.43.2.236])
        by smtp.corp.redhat.com (Postfix) with ESMTP id 20E256CE58;
        Fri, 23 Aug 2019 12:48:04 +0000 (UTC)
From: Stanislaw Gruszka <sgruszka@redhat.com>
To: linux-wireless@vger.kernel.org
Cc: Felix Fietkau <nbd@nbd.name>, Daniel Golle <daniel@makrotopia.org>,
	=?utf-8?q?Tomislav_Po=C5=BEega?= <pozega.tomislav@gmail.com>,
 Mathias Kresin <dev@kresin.me>, Emil Karlson <jekarl@iki.fi>,
 Fredrik Noring <noring@nocrew.org>
Subject: [PATCH 5.3] rt2x00: clear up IV's on key removal
Date: Fri, 23 Aug 2019 14:48:03 +0200
Message-Id: <1566564483-31088-1-git-send-email-sgruszka@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]);
 Fri, 23 Aug 2019 12:48:06 +0000 (UTC)
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org

Series

[5.3] rt2x00: clear up IV's on key removal | expand

Commit Message

Stanislaw Gruszka Aug. 23, 2019, 12:48 p.m. UTC

After looking at code I realized that my previous fix
95844124385e ("rt2x00: clear IV's on start to fix AP mode regression")
was incomplete. We can still have wrong IV's after re-keyring.
To fix that, clear up IV's also on key removal.

Fixes: 710e6cc1595e ("rt2800: do not nullify initialization vector data")
Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
---
 drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)

Comments

Emil Karlson Aug. 27, 2019, 8:30 a.m. UTC | #1

On Fri, 23 Aug 2019 14:48:03 +0200
Stanislaw Gruszka <sgruszka@redhat.com> wrote:

> After looking at code I realized that my previous fix
> 95844124385e ("rt2x00: clear IV's on start to fix AP mode regression")
> was incomplete. We can still have wrong IV's after re-keyring.
> To fix that, clear up IV's also on key removal.
> 
> Fixes: 710e6cc1595e ("rt2800: do not nullify initialization vector
> data") Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
> ---
>  drivers/net/wireless/ralink/rt2x00/rt2800lib.c | 19
> ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-)
> 
> diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
> b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c index
> ecbe78b8027b..28e2de04834e 100644 ---
> a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c +++
> b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c @@ -1654,13 +1654,18
> @@ static void rt2800_config_wcid_attr_cipher(struct rt2x00_dev
> *rt2x00dev, offset = MAC_IVEIV_ENTRY(key->hw_key_idx);
>  
> -	rt2800_register_multiread(rt2x00dev, offset,
> -				  &iveiv_entry, sizeof(iveiv_entry));
> -	if ((crypto->cipher == CIPHER_TKIP) ||
> -	    (crypto->cipher == CIPHER_TKIP_NO_MIC) ||
> -	    (crypto->cipher == CIPHER_AES))
> -		iveiv_entry.iv[3] |= 0x20;
> -	iveiv_entry.iv[3] |= key->keyidx << 6;
> +	if (crypto->cmd == SET_KEY) {
> +		rt2800_register_multiread(rt2x00dev, offset,
> +					  &iveiv_entry,
> sizeof(iveiv_entry));
> +		if ((crypto->cipher == CIPHER_TKIP) ||
> +		    (crypto->cipher == CIPHER_TKIP_NO_MIC) ||
> +		    (crypto->cipher == CIPHER_AES))
> +			iveiv_entry.iv[3] |= 0x20;
> +		iveiv_entry.iv[3] |= key->keyidx << 6;
> +	} else {
> +		memset(&iveiv_entry, 0, sizeof(iveiv_entry));
> +	}
> +
>  	rt2800_register_multiwrite(rt2x00dev, offset,
>  				   &iveiv_entry,
> sizeof(iveiv_entry)); }

Seems to work when used with the previous patch on top of 5.3-rc6
tested-by: Emil Karlson <jekarl@iki.fi>

Kalle Valo Sept. 3, 2019, 1:52 p.m. UTC | #2

Stanislaw Gruszka <sgruszka@redhat.com> wrote:

> After looking at code I realized that my previous fix
> 95844124385e ("rt2x00: clear IV's on start to fix AP mode regression")
> was incomplete. We can still have wrong IV's after re-keyring.
> To fix that, clear up IV's also on key removal.
> 
> Fixes: 710e6cc1595e ("rt2800: do not nullify initialization vector data")
> Signed-off-by: Stanislaw Gruszka <sgruszka@redhat.com>
> tested-by: Emil Karlson <jekarl@iki.fi>

Patch applied to wireless-drivers.git, thanks.

14d5e14c8a6c rt2x00: clear up IV's on key removal

diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
index ecbe78b8027b..28e2de04834e 100644
--- a/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt2800lib.c
@@ -1654,13 +1654,18 @@  static void rt2800_config_wcid_attr_cipher(struct rt2x00_dev *rt2x00dev,
 
 	offset = MAC_IVEIV_ENTRY(key->hw_key_idx);
 
-	rt2800_register_multiread(rt2x00dev, offset,
-				  &iveiv_entry, sizeof(iveiv_entry));
-	if ((crypto->cipher == CIPHER_TKIP) ||
-	    (crypto->cipher == CIPHER_TKIP_NO_MIC) ||
-	    (crypto->cipher == CIPHER_AES))
-		iveiv_entry.iv[3] |= 0x20;
-	iveiv_entry.iv[3] |= key->keyidx << 6;
+	if (crypto->cmd == SET_KEY) {
+		rt2800_register_multiread(rt2x00dev, offset,
+					  &iveiv_entry, sizeof(iveiv_entry));
+		if ((crypto->cipher == CIPHER_TKIP) ||
+		    (crypto->cipher == CIPHER_TKIP_NO_MIC) ||
+		    (crypto->cipher == CIPHER_AES))
+			iveiv_entry.iv[3] |= 0x20;
+		iveiv_entry.iv[3] |= key->keyidx << 6;
+	} else {
+		memset(&iveiv_entry, 0, sizeof(iveiv_entry));
+	}
+
 	rt2800_register_multiwrite(rt2x00dev, offset,
 				   &iveiv_entry, sizeof(iveiv_entry));
 }