Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 75396ae6 authored by Johannes Berg's avatar Johannes Berg Committed by John W. Linville
Browse files

mac80211: fix CMAC races 



Just like TKIP and CCMP, CMAC has the PN race.
It might not actually be possible to hit it now
since there aren't multiple ACs for management
frames, but fix it anyway.

Also move scratch buffers onto the stack.

Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent aba83a0b

net/mac80211/aes_cmac.c

+4 −4
Original line number Diff line number Diff line
@@ -35,10 +35,10 @@ static void gf_mulx(u8 *pad) 
}





static void aes_128_cmac_vector(struct crypto_cipher *tfm, u8 *scratch,

				size_t num_elem,

static void aes_128_cmac_vector(struct crypto_cipher *tfm, size_t num_elem,

				const u8 *addr[], const size_t *len, u8 *mac)

{

	u8 scratch[2 * AES_BLOCK_SIZE];

	u8 *cbc, *pad;

	const u8 *pos, *end;

	size_t i, e, left, total_len;
@@ -95,7 +95,7 @@ static void aes_128_cmac_vector(struct crypto_cipher *tfm, u8 *scratch, 
}





void ieee80211_aes_cmac(struct crypto_cipher *tfm, u8 *scratch, const u8 *aad,

void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad,

			const u8 *data, size_t data_len, u8 *mic)

{

	const u8 *addr[3];
@@ -110,7 +110,7 @@ void ieee80211_aes_cmac(struct crypto_cipher *tfm, u8 *scratch, const u8 *aad, 
	addr[2] = zero;

	len[2] = CMAC_TLEN;



	aes_128_cmac_vector(tfm, scratch, 3, addr, len, mic);

	aes_128_cmac_vector(tfm, 3, addr, len, mic);

}

net/mac80211/aes_cmac.h

+1 −1
Original line number Diff line number Diff line
@@ -12,7 +12,7 @@ 
#include <linux/crypto.h>



struct crypto_cipher * ieee80211_aes_cmac_key_setup(const u8 key[]);

void ieee80211_aes_cmac(struct crypto_cipher *tfm, u8 *scratch, const u8 *aad,

void ieee80211_aes_cmac(struct crypto_cipher *tfm, const u8 *aad,

			const u8 *data, size_t data_len, u8 *mic);

void ieee80211_aes_cmac_key_free(struct crypto_cipher *tfm);

net/mac80211/cfg.c

+7 −6
Original line number Diff line number Diff line
@@ -268,12 +268,13 @@ static int ieee80211_get_key(struct wiphy *wiphy, struct net_device *dev, 
		params.seq_len = 6;

		break;

	case WLAN_CIPHER_SUITE_AES_CMAC:

		seq[0] = key->u.aes_cmac.tx_pn[5];

		seq[1] = key->u.aes_cmac.tx_pn[4];

		seq[2] = key->u.aes_cmac.tx_pn[3];

		seq[3] = key->u.aes_cmac.tx_pn[2];

		seq[4] = key->u.aes_cmac.tx_pn[1];

		seq[5] = key->u.aes_cmac.tx_pn[0];

		pn64 = atomic64_read(&key->u.aes_cmac.tx_pn);

		seq[0] = pn64;

		seq[1] = pn64 >> 8;

		seq[2] = pn64 >> 16;

		seq[3] = pn64 >> 24;

		seq[4] = pn64 >> 32;

		seq[5] = pn64 >> 40;

		params.seq = seq;

		params.seq_len = 6;

		break;

net/mac80211/debugfs_key.c

+3 −4
Original line number Diff line number Diff line
@@ -78,7 +78,6 @@ KEY_OPS(algorithm); 
static ssize_t key_tx_spec_read(struct file *file, char __user *userbuf,

				size_t count, loff_t *ppos)

{

	const u8 *tpn;

	u64 pn;

	char buf[20];

	int len;
@@ -101,10 +100,10 @@ static ssize_t key_tx_spec_read(struct file *file, char __user *userbuf, 
				(u8)(pn >> 16), (u8)(pn >> 8), (u8)pn);

		break;

	case WLAN_CIPHER_SUITE_AES_CMAC:

		tpn = key->u.aes_cmac.tx_pn;

		pn = atomic64_read(&key->u.aes_cmac.tx_pn);

		len = scnprintf(buf, sizeof(buf), "%02x%02x%02x%02x%02x%02x\n",

				tpn[0], tpn[1], tpn[2], tpn[3], tpn[4],

				tpn[5]);

				(u8)(pn >> 40), (u8)(pn >> 32), (u8)(pn >> 24),

				(u8)(pn >> 16), (u8)(pn >> 8), (u8)pn);

		break;

	default:

		return 0;

net/mac80211/key.h

+1 −4
Original line number Diff line number Diff line
@@ -97,14 +97,11 @@ struct ieee80211_key { 
#endif

		} ccmp;

		struct {

			u8 tx_pn[6];

			atomic64_t tx_pn;

			u8 rx_pn[6];

			struct crypto_cipher *tfm;

			u32 replays; /* dot11RSNAStatsCMACReplays */

			u32 icverrors; /* dot11RSNAStatsCMACICVErrors */

			/* scratch buffers for virt_to_page() (crypto API) */

			u8 tx_crypto_buf[2 * AES_BLOCK_LEN];

			u8 rx_crypto_buf[2 * AES_BLOCK_LEN];

		} aes_cmac;

	} u;