Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5dedc767 authored by Vidyullatha Kanchanapally's avatar Vidyullatha Kanchanapally Committed by Ankita Bajaj
Browse files

cfg80211: Include length of kek in rekey data 



With support for new AKM suites (example FILS-SHA256), the KEK length
can now be more than NL80211_KEK_LEN and the KCK length can be zero.
Add changes in cfg80211 to specify the length of KEK, and make KCK
optional. Make NL80211_REKEY_DATA_KEK as NLA_BINARY to enforce a maximum
length check.
Also add macro CFG80211_REKEY_DATA_KEK_LEN to indicate support for
including KEK length in rekey data.

CRs-Fixed: 2087759
Change-Id: Ica8dbb8614e0a9c3905e125b4a5254e43821984e
Signed-off-by: default avatarVidyullatha Kanchanapally <vidyullatha@codeaurora.org>
Signed-off-by: default avatarAnkita Bajaj <bankita@codeaurora.org>
parent 4595c095

include/net/cfg80211.h

+6 −1
Original line number Diff line number Diff line
@@ -32,6 +32,9 @@ 
/* Indicate backport support for external authentication*/

#define CFG80211_EXTERNAL_AUTH_SUPPORT 1



/* Indicate support for including KEK length in rekey data */

#define CFG80211_REKEY_DATA_KEK_LEN 1



/**

 * DOC: Introduction

 *
@@ -2403,12 +2406,14 @@ struct cfg80211_wowlan_wakeup { 


/**

 * struct cfg80211_gtk_rekey_data - rekey data

 * @kek: key encryption key (NL80211_KEK_LEN bytes)

 * @kek: key encryption key

 * @kck: key confirmation key (NL80211_KCK_LEN bytes)

 * @replay_ctr: replay counter (NL80211_REPLAY_CTR_LEN bytes)

 * @kek_len: Length of @kek in octets

 */

struct cfg80211_gtk_rekey_data {

	const u8 *kek, *kck, *replay_ctr;

	size_t kek_len;

};



/**

net/wireless/nl80211.c

+17 −4
Original line number Diff line number Diff line
@@ -490,7 +490,8 @@ nl80211_coalesce_policy[NUM_NL80211_ATTR_COALESCE_RULE] = { 
/* policy for GTK rekey offload attributes */

static const struct nla_policy

nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {

	[NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },

	[NL80211_REKEY_DATA_KEK] = { .type = NLA_BINARY,

				     .len = FILS_MAX_KEK_LEN },

	[NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },

	[NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },

};
@@ -10974,14 +10975,26 @@ static int nl80211_set_rekey_data(struct sk_buff *skb, struct genl_info *info) 
	if (!tb[NL80211_REKEY_DATA_REPLAY_CTR] || !tb[NL80211_REKEY_DATA_KEK] ||

	    !tb[NL80211_REKEY_DATA_KCK])

		return -EINVAL;

	if (!tb[NL80211_REKEY_DATA_KEK] || !tb[NL80211_REKEY_DATA_REPLAY_CTR] ||

	    (!wiphy_ext_feature_isset(&rdev->wiphy,

				      NL80211_EXT_FEATURE_FILS_SK_OFFLOAD) &&

	     !wiphy_ext_feature_isset(&rdev->wiphy,

				      NL80211_EXT_FEATURE_FILS_STA) &&

	     !tb[NL80211_REKEY_DATA_KCK]))

		return -EINVAL;



	if (nla_len(tb[NL80211_REKEY_DATA_REPLAY_CTR]) != NL80211_REPLAY_CTR_LEN)

		return -ERANGE;

	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) != NL80211_KEK_LEN)

	if (nla_len(tb[NL80211_REKEY_DATA_KEK]) < NL80211_KEK_LEN)

		return -ERANGE;

	if (nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)

	if (tb[NL80211_REKEY_DATA_KCK] &&

	    nla_len(tb[NL80211_REKEY_DATA_KCK]) != NL80211_KCK_LEN)

		return -ERANGE;



	memset(&rekey_data, 0, sizeof(rekey_data));

	rekey_data.kek = nla_data(tb[NL80211_REKEY_DATA_KEK]);

	rekey_data.kek_len = nla_len(tb[NL80211_REKEY_DATA_KEK]);

	if (tb[NL80211_REKEY_DATA_KCK])

		rekey_data.kck = nla_data(tb[NL80211_REKEY_DATA_KCK]);

	rekey_data.replay_ctr = nla_data(tb[NL80211_REKEY_DATA_REPLAY_CTR]);