From patchwork Sat Jan 24 17:52:04 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jouni Malinen X-Patchwork-Id: 5700031 X-Patchwork-Delegate: johannes@sipsolutions.net Return-Path: X-Original-To: patchwork-linux-wireless@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id A680D9F302 for ; Sat, 24 Jan 2015 17:52:37 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id EB87B202EB for ; Sat, 24 Jan 2015 17:52:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id E5457202E9 for ; Sat, 24 Jan 2015 17:52:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754826AbbAXRwd (ORCPT ); Sat, 24 Jan 2015 12:52:33 -0500 Received: from sabertooth01.qualcomm.com ([65.197.215.72]:9694 "EHLO sabertooth01.qualcomm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754167AbbAXRwb (ORCPT ); Sat, 24 Jan 2015 12:52:31 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qca.qualcomm.com; i=@qca.qualcomm.com; q=dns/txt; s=qcdkim; t=1422121952; x=1453657952; h=from:to:cc:subject:date:message-id:mime-version; bh=JOcqYrQi1SVVQZzklmkXoTtZVgrgzSC9l5VO4x4jRl4=; b=KE2PlHw2lQ4J2P07Kx2UAUnku8oKtUnYUPqgcClzq5WfWgDZp6EGcZ26 krOUJu39VVWBPGE2VLKnvqxeKbk0wAbqQEObTEs9fDaQiBxt7lwiV04zh o7p4nd6bvZlXiJH437F8O6GX7mZEjjxPlFUmTvICACFT19j9hHAjQ/vrn k=; X-IronPort-AV: E=McAfee;i="5600,1067,7690"; a="82054877" Received: from ironmsg03-l.qualcomm.com ([172.30.48.18]) by sabertooth01.qualcomm.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 24 Jan 2015 09:52:30 -0800 X-IronPort-AV: E=Sophos;i="5.09,460,1418112000"; d="scan'208";a="825154435" Received: from nasanexm01e.na.qualcomm.com ([10.85.0.31]) by Ironmsg03-L.qualcomm.com with ESMTP/TLS/RC4-SHA; 24 Jan 2015 09:52:29 -0800 Received: from jouni.qca.qualcomm.com (10.80.80.8) by NASANEXM01E.na.qualcomm.com (10.85.0.31) with Microsoft SMTP Server (TLS) id 15.0.995.29; Sat, 24 Jan 2015 09:52:28 -0800 From: Jouni Malinen To: Johannes Berg CC: Subject: [PATCH 1/6] cfg80211: Fix BIP (AES-CMAC) cipher validation Date: Sat, 24 Jan 2015 19:52:04 +0200 Message-ID: <1422121929-18238-1-git-send-email-jouni@qca.qualcomm.com> X-Mailer: git-send-email 1.9.1 MIME-Version: 1.0 X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: NASANEXM01F.na.qualcomm.com (10.85.0.32) To NASANEXM01E.na.qualcomm.com (10.85.0.31) Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP This cipher can be used only as a group management frame cipher and as such, there is no point in validating that it is not used with non-zero key-index. Instead, verify that it is not used as a pairwise cipher regardless of the key index. Signed-off-by: Jouni Malinen --- net/wireless/util.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/net/wireless/util.c b/net/wireless/util.c index 3535e8a..f608ba0 100644 --- a/net/wireless/util.c +++ b/net/wireless/util.c @@ -236,8 +236,11 @@ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev, */ if (pairwise && key_idx && ((params->cipher == WLAN_CIPHER_SUITE_TKIP) || - (params->cipher == WLAN_CIPHER_SUITE_CCMP) || - (params->cipher == WLAN_CIPHER_SUITE_AES_CMAC))) + (params->cipher == WLAN_CIPHER_SUITE_CCMP))) + return -EINVAL; + + /* Disallow BIP (group-only) cipher as pairwise cipher */ + if (pairwise && params->cipher == WLAN_CIPHER_SUITE_AES_CMAC) return -EINVAL; switch (params->cipher) {