aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohannes Berg <johannes.berg@intel.com>2017-09-05 08:54:54 -0400
committerJohannes Berg <johannes.berg@intel.com>2017-10-16 07:02:03 -0400
commitfdf7cb4185b60c68e1a75e61691c4afdc15dea0e (patch)
tree65428a5a3961cae26521908dc9cdece90eb4cca0
parentc0576e3975084d4699b7bfef578613fb8e1144f6 (diff)
mac80211: accept key reinstall without changing anything
When a key is reinstalled we can reset the replay counters etc. which can lead to nonce reuse and/or replay detection being impossible, breaking security properties, as described in the "KRACK attacks". In particular, CVE-2017-13080 applies to GTK rekeying that happened in firmware while the host is in D3, with the second part of the attack being done after the host wakes up. In this case, the wpa_supplicant mitigation isn't sufficient since wpa_supplicant doesn't know the GTK material. In case this happens, simply silently accept the new key coming from userspace but don't take any action on it since it's the same key; this keeps the PN replay counters intact. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat
-rw-r--r--net/mac80211/key.c21
1 files changed, 17 insertions, 4 deletions
diff --git a/net/mac80211/key.c b/net/mac80211/key.c
index a98fc2b5e0dc..ae995c8480db 100644
--- a/net/mac80211/key.c
+++ b/net/mac80211/key.c
@@ -4,7 +4,7 @@
4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz> 4 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
5 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net> 5 * Copyright 2007-2008 Johannes Berg <johannes@sipsolutions.net>
6 * Copyright 2013-2014 Intel Mobile Communications GmbH 6 * Copyright 2013-2014 Intel Mobile Communications GmbH
7 * Copyright 2015 Intel Deutschland GmbH 7 * Copyright 2015-2017 Intel Deutschland GmbH
8 * 8 *
9 * This program is free software; you can redistribute it and/or modify 9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License version 2 as 10 * it under the terms of the GNU General Public License version 2 as
@@ -620,9 +620,6 @@ int ieee80211_key_link(struct ieee80211_key *key,
620 620
621 pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE; 621 pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE;
622 idx = key->conf.keyidx; 622 idx = key->conf.keyidx;
623 key->local = sdata->local;
624 key->sdata = sdata;
625 key->sta = sta;
626 623
627 mutex_lock(&sdata->local->key_mtx); 624 mutex_lock(&sdata->local->key_mtx);
628 625
@@ -633,6 +630,21 @@ int ieee80211_key_link(struct ieee80211_key *key,
633 else 630 else
634 old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]); 631 old_key = key_mtx_dereference(sdata->local, sdata->keys[idx]);
635 632
633 /*
634 * Silently accept key re-installation without really installing the
635 * new version of the key to avoid nonce reuse or replay issues.
636 */
637 if (old_key && key->conf.keylen == old_key->conf.keylen &&
638 !memcmp(key->conf.key, old_key->conf.key, key->conf.keylen)) {
639 ieee80211_key_free_unused(key);
640 ret = 0;
641 goto out;
642 }
643
644 key->local = sdata->local;
645 key->sdata = sdata;
646 key->sta = sta;
647
636 increment_tailroom_need_count(sdata); 648 increment_tailroom_need_count(sdata);
637 649
638 ieee80211_key_replace(sdata, sta, pairwise, old_key, key); 650 ieee80211_key_replace(sdata, sta, pairwise, old_key, key);
@@ -648,6 +660,7 @@ int ieee80211_key_link(struct ieee80211_key *key,
648 ret = 0; 660 ret = 0;
649 } 661 }
650 662
663 out:
651 mutex_unlock(&sdata->local->key_mtx); 664 mutex_unlock(&sdata->local->key_mtx);
652 665
653 return ret; 666 return ret;
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-28 20:44:16 -0400