diff options
| author | Jouni Malinen <jouni@qca.qualcomm.com> | 2011-09-21 11:14:56 -0400 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2011-09-27 14:29:54 -0400 |
| commit | 38ba3c57af1c737966fb58bcbeecdc71f5f4fa90 (patch) | |
| tree | 5c2539d3c2cf8e2d0728917ecc4227efcb5774b9 /net | |
| parent | 6d30240e3d68f1da7303801f840132d0821f1767 (diff) | |
cfg80211: Validate cipher suite against supported ciphers
Instead of using a hardcoded list of cipher suites in nl80211.c, use a
shared function in util.c to verify that the driver advertises support
for the specified cipher. This provides more accurate validation of the
values and allows vendor-specific cipher suites to be added in drivers.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net')
| -rw-r--r-- | net/wireless/core.h | 1 | ||||
| -rw-r--r-- | net/wireless/nl80211.c | 16 | ||||
| -rw-r--r-- | net/wireless/util.c | 16 |
3 files changed, 15 insertions, 18 deletions
diff --git a/net/wireless/core.h b/net/wireless/core.h index 796a4bdf8b0d..cb87b8bbceb7 100644 --- a/net/wireless/core.h +++ b/net/wireless/core.h | |||
| @@ -406,6 +406,7 @@ void cfg80211_sme_failed_assoc(struct wireless_dev *wdev); | |||
| 406 | bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev); | 406 | bool cfg80211_sme_failed_reassoc(struct wireless_dev *wdev); |
| 407 | 407 | ||
| 408 | /* internal helpers */ | 408 | /* internal helpers */ |
| 409 | bool cfg80211_supported_cipher_suite(struct wiphy *wiphy, u32 cipher); | ||
| 409 | int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev, | 410 | int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev, |
| 410 | struct key_params *params, int key_idx, | 411 | struct key_params *params, int key_idx, |
| 411 | bool pairwise, const u8 *mac_addr); | 412 | bool pairwise, const u8 *mac_addr); |
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 1722998f4984..a3e26951fd8b 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c | |||
| @@ -4126,16 +4126,6 @@ static bool nl80211_valid_wpa_versions(u32 wpa_versions) | |||
| 4126 | NL80211_WPA_VERSION_2)); | 4126 | NL80211_WPA_VERSION_2)); |
| 4127 | } | 4127 | } |
| 4128 | 4128 | ||
| 4129 | static bool nl80211_valid_cipher_suite(u32 cipher) | ||
| 4130 | { | ||
| 4131 | return cipher == WLAN_CIPHER_SUITE_WEP40 || | ||
| 4132 | cipher == WLAN_CIPHER_SUITE_WEP104 || | ||
| 4133 | cipher == WLAN_CIPHER_SUITE_TKIP || | ||
| 4134 | cipher == WLAN_CIPHER_SUITE_CCMP || | ||
| 4135 | cipher == WLAN_CIPHER_SUITE_AES_CMAC; | ||
| 4136 | } | ||
| 4137 | |||
| 4138 | |||
| 4139 | static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) | 4129 | static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) |
| 4140 | { | 4130 | { |
| 4141 | struct cfg80211_registered_device *rdev = info->user_ptr[0]; | 4131 | struct cfg80211_registered_device *rdev = info->user_ptr[0]; |
| @@ -4268,7 +4258,8 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, | |||
| 4268 | memcpy(settings->ciphers_pairwise, data, len); | 4258 | memcpy(settings->ciphers_pairwise, data, len); |
| 4269 | 4259 | ||
| 4270 | for (i = 0; i < settings->n_ciphers_pairwise; i++) | 4260 | for (i = 0; i < settings->n_ciphers_pairwise; i++) |
| 4271 | if (!nl80211_valid_cipher_suite( | 4261 | if (!cfg80211_supported_cipher_suite( |
| 4262 | &rdev->wiphy, | ||
| 4272 | settings->ciphers_pairwise[i])) | 4263 | settings->ciphers_pairwise[i])) |
| 4273 | return -EINVAL; | 4264 | return -EINVAL; |
| 4274 | } | 4265 | } |
| @@ -4276,7 +4267,8 @@ static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev, | |||
| 4276 | if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { | 4267 | if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { |
| 4277 | settings->cipher_group = | 4268 | settings->cipher_group = |
| 4278 | nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); | 4269 | nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); |
| 4279 | if (!nl80211_valid_cipher_suite(settings->cipher_group)) | 4270 | if (!cfg80211_supported_cipher_suite(&rdev->wiphy, |
| 4271 | settings->cipher_group)) | ||
| 4280 | return -EINVAL; | 4272 | return -EINVAL; |
| 4281 | } | 4273 | } |
| 4282 | 4274 | ||
diff --git a/net/wireless/util.c b/net/wireless/util.c index 39dbf4ad7ca1..6304ed63588a 100644 --- a/net/wireless/util.c +++ b/net/wireless/util.c | |||
| @@ -151,12 +151,19 @@ void ieee80211_set_bitrate_flags(struct wiphy *wiphy) | |||
| 151 | set_mandatory_flags_band(wiphy->bands[band], band); | 151 | set_mandatory_flags_band(wiphy->bands[band], band); |
| 152 | } | 152 | } |
| 153 | 153 | ||
| 154 | bool cfg80211_supported_cipher_suite(struct wiphy *wiphy, u32 cipher) | ||
| 155 | { | ||
| 156 | int i; | ||
| 157 | for (i = 0; i < wiphy->n_cipher_suites; i++) | ||
| 158 | if (cipher == wiphy->cipher_suites[i]) | ||
| 159 | return true; | ||
| 160 | return false; | ||
| 161 | } | ||
| 162 | |||
| 154 | int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev, | 163 | int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev, |
| 155 | struct key_params *params, int key_idx, | 164 | struct key_params *params, int key_idx, |
| 156 | bool pairwise, const u8 *mac_addr) | 165 | bool pairwise, const u8 *mac_addr) |
| 157 | { | 166 | { |
| 158 | int i; | ||
| 159 | |||
| 160 | if (key_idx > 5) | 167 | if (key_idx > 5) |
| 161 | return -EINVAL; | 168 | return -EINVAL; |
| 162 | 169 | ||
| @@ -226,10 +233,7 @@ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev, | |||
| 226 | } | 233 | } |
| 227 | } | 234 | } |
| 228 | 235 | ||
| 229 | for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) | 236 | if (!cfg80211_supported_cipher_suite(&rdev->wiphy, params->cipher)) |
| 230 | if (params->cipher == rdev->wiphy.cipher_suites[i]) | ||
| 231 | break; | ||
| 232 | if (i == rdev->wiphy.n_cipher_suites) | ||
| 233 | return -EINVAL; | 237 | return -EINVAL; |
| 234 | 238 | ||
| 235 | return 0; | 239 | return 0; |