Re: [PATCH V2] rsi: fix AP mode with WPA failure due to encrypted EAPOL

From: Kalle Valo
Date: Tue Jun 15 2021 - 09:43:47 EST

Next message: Marcel Holtmann: "Re: [PATCH] Bluetooth: Fix a spelling mistake"
Previous message: Vladimir Oltean: "Re: [PATCH][next] net: pcs: xpcs: Fix a less than zero u16 comparision error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Martin Fuzzey <martin.fuzzey@flowbird.group> wrote:

> In AP mode WPA2-PSK connections were not established.
>
> The reason was that the AP was sending the first message
> of the 4 way handshake encrypted, even though no pairwise
> key had (correctly) yet been set.
>
> Encryption was enabled if the "security_enable" driver flag
> was set and encryption was not explicitly disabled by
> IEEE80211_TX_INTFL_DONT_ENCRYPT.
>
> However security_enable was set when *any* key, including
> the AP GTK key, had been set which was causing unwanted
> encryption even if no key was avaialble for the unicast
> packet to be sent.
>
> Fix this by adding a check that we have a key and drop
> the old security_enable driver flag which is insufficient
> and redundant.
>
> The Redpine downstream out of tree driver does it this way too.
>
> Regarding the Fixes tag the actual code being modified was
> introduced earlier, with the original driver submission, in
> dad0d04fa7ba ("rsi: Add RS9113 wireless driver"), however
> at that time AP mode was not yet supported so there was
> no bug at that point.
>
> So I have tagged the introduction of AP support instead
> which was part of the patch set "rsi: support for AP mode" [1]
>
> It is not clear whether AP WPA has ever worked, I can see nothing
> on the kernel side that broke it afterwards yet the AP support
> patch series says "Tests are performed to confirm aggregation,
> connections in WEP and WPA/WPA2 security."
>
> One possibility is that the initial tests were done with a modified
> userspace (hostapd).
>
> [1] https://www.spinics.net/lists/linux-wireless/msg165302.html
>
> Signed-off-by: Martin Fuzzey <martin.fuzzey@flowbird.group>
> Fixes: 38ef62353acb ("rsi: security enhancements for AP mode")
> CC: stable@xxxxxxxxxxxxxxx

Patch applied to wireless-drivers-next.git, thanks.

314538041b56 rsi: fix AP mode with WPA failure due to encrypted EAPOL

--
https://patchwork.kernel.org/project/linux-wireless/patch/1622564459-24430-1-git-send-email-martin.fuzzey@flowbird.group/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

Next message: Marcel Holtmann: "Re: [PATCH] Bluetooth: Fix a spelling mistake"
Previous message: Vladimir Oltean: "Re: [PATCH][next] net: pcs: xpcs: Fix a less than zero u16 comparision error"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]