From patchwork Sat Feb 4 11:59:22 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jouni Malinen X-Patchwork-Id: 9555603 X-Patchwork-Delegate: johannes@sipsolutions.net Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 8DFB5602B5 for ; Sat, 4 Feb 2017 12:00:27 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 736CE27EE9 for ; Sat, 4 Feb 2017 12:00:27 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6646C283F6; Sat, 4 Feb 2017 12:00:27 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E534727EE9 for ; Sat, 4 Feb 2017 12:00:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754022AbdBDMAY (ORCPT ); Sat, 4 Feb 2017 07:00:24 -0500 Received: from wolverine02.qualcomm.com ([199.106.114.251]:24051 "EHLO wolverine02.qualcomm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753923AbdBDMAX (ORCPT ); Sat, 4 Feb 2017 07:00:23 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=qca.qualcomm.com; i=@qca.qualcomm.com; q=dns/txt; s=qcdkim; t=1486209623; x=1517745623; h=from:to:cc:subject:date:message-id:mime-version; bh=URB4UdxbhyGjr8UpreD1WW82Z3LsXUUFAdRb8dvhGPo=; b=AXwaW2VFZb/Tbr7ZSG7hHpaumQ+MqFgz7+Kh2V4aeTZ2EIC7rWVBCpJE lTs2GneLEk6OqVAg8w4aJPnAibabEHMvajh1GCWWA4iJrbR8t8PMEhzTL 1KZWwU6u4eqjqBhhQFb8c+gwe2be5hRLthyfzYwDLP6Wp6Hjz3FG7WCge 4=; X-IronPort-AV: E=Sophos;i="5.33,333,1477983600"; d="scan'208";a="355713887" Received: from unknown (HELO Ironmsg04-R.qualcomm.com) ([10.53.140.108]) by wolverine02.qualcomm.com with ESMTP; 04 Feb 2017 04:00:22 -0800 X-IronPort-AV: E=McAfee;i="5800,7501,8428"; a="1357330561" Received: from nasanexm02h.na.qualcomm.com ([10.85.0.89]) by Ironmsg04-R.qualcomm.com with ESMTP/TLS/RC4-SHA; 04 Feb 2017 04:00:22 -0800 Received: from eusanexr01e.eu.qualcomm.com (10.85.0.100) by nasanexm02h.na.qualcomm.com (10.85.0.89) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Sat, 4 Feb 2017 04:00:21 -0800 Received: from jouni.qca.qualcomm.com (10.80.80.8) by eusanexr01e.eu.qualcomm.com (10.85.0.100) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Sat, 4 Feb 2017 04:00:18 -0800 From: Jouni Malinen To: Johannes Berg CC: , Ard Biesheuvel , Jouni Malinen Subject: [PATCH] mac80211: Fix FILS AEAD protection in Association Request frame Date: Sat, 4 Feb 2017 13:59:22 +0200 Message-ID: <1486209562-23415-1-git-send-email-jouni@qca.qualcomm.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 X-Originating-IP: [10.80.80.8] X-ClientProxiedBy: NASANEXM01B.na.qualcomm.com (10.85.0.82) To eusanexr01e.eu.qualcomm.com (10.85.0.100) Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Incorrect num_elem parameter value (1 vs. 5) was used in the aes_siv_encrypt() call. This resulted in only the first one of the five AAD vectors to SIV getting included in calculation. This does not protect all the contents correctly and would not interoperate with a standard compliant implementation. Fix this by using the correct number. A matching fix is needed in the AP side (hostapd) to get FILS authentication working properly. Fixes: 39404feee691 ("mac80211: FILS AEAD protection for station mode association frames") Reported-by: Ard Biesheuvel Signed-off-by: Jouni Malinen --- net/mac80211/fils_aead.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) If there is still time, it would be nice to get this included in Linux 4.10 since fils_aead.c is being added there. If not, Cc: stable could be added. diff --git a/net/mac80211/fils_aead.c b/net/mac80211/fils_aead.c index ecfdd97..e795aaa 100644 --- a/net/mac80211/fils_aead.c +++ b/net/mac80211/fils_aead.c @@ -272,7 +272,7 @@ int fils_encrypt_assoc_req(struct sk_buff *skb, crypt_len = skb->data + skb->len - encr; skb_put(skb, AES_BLOCK_SIZE); return aes_siv_encrypt(assoc_data->fils_kek, assoc_data->fils_kek_len, - encr, crypt_len, 1, addr, len, encr); + encr, crypt_len, 5, addr, len, encr); } int fils_decrypt_assoc_resp(struct ieee80211_sub_if_data *sdata,