From: Kalle Valo <kvalo@codeaurora.org>
To: Martin Fuzzey <martin.fuzzey@flowbird.group>
Cc: Amitkumar Karwar <amitkarwar@gmail.com>,
stable@vger.kernel.org, Siva Rebbagondla <siva8118@gmail.com>,
Marek Vasut <marex@denx.de>,
linux-wireless@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH V2] rsi: fix AP mode with WPA failure due to encrypted EAPOL
Date: Tue, 15 Jun 2021 13:42:28 +0000 (UTC) [thread overview]
Message-ID: <20210615134228.7A50BC43460@smtp.codeaurora.org> (raw)
In-Reply-To: <1622564459-24430-1-git-send-email-martin.fuzzey@flowbird.group>
Martin Fuzzey <martin.fuzzey@flowbird.group> wrote:
> In AP mode WPA2-PSK connections were not established.
>
> The reason was that the AP was sending the first message
> of the 4 way handshake encrypted, even though no pairwise
> key had (correctly) yet been set.
>
> Encryption was enabled if the "security_enable" driver flag
> was set and encryption was not explicitly disabled by
> IEEE80211_TX_INTFL_DONT_ENCRYPT.
>
> However security_enable was set when *any* key, including
> the AP GTK key, had been set which was causing unwanted
> encryption even if no key was avaialble for the unicast
> packet to be sent.
>
> Fix this by adding a check that we have a key and drop
> the old security_enable driver flag which is insufficient
> and redundant.
>
> The Redpine downstream out of tree driver does it this way too.
>
> Regarding the Fixes tag the actual code being modified was
> introduced earlier, with the original driver submission, in
> dad0d04fa7ba ("rsi: Add RS9113 wireless driver"), however
> at that time AP mode was not yet supported so there was
> no bug at that point.
>
> So I have tagged the introduction of AP support instead
> which was part of the patch set "rsi: support for AP mode" [1]
>
> It is not clear whether AP WPA has ever worked, I can see nothing
> on the kernel side that broke it afterwards yet the AP support
> patch series says "Tests are performed to confirm aggregation,
> connections in WEP and WPA/WPA2 security."
>
> One possibility is that the initial tests were done with a modified
> userspace (hostapd).
>
> [1] https://www.spinics.net/lists/linux-wireless/msg165302.html
>
> Signed-off-by: Martin Fuzzey <martin.fuzzey@flowbird.group>
> Fixes: 38ef62353acb ("rsi: security enhancements for AP mode")
> CC: stable@vger.kernel.org
Patch applied to wireless-drivers-next.git, thanks.
314538041b56 rsi: fix AP mode with WPA failure due to encrypted EAPOL
--
https://patchwork.kernel.org/project/linux-wireless/patch/1622564459-24430-1-git-send-email-martin.fuzzey@flowbird.group/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
prev parent reply other threads:[~2021-06-15 13:43 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-01 16:19 [PATCH V2] rsi: fix AP mode with WPA failure due to encrypted EAPOL Martin Fuzzey
2021-06-15 13:42 ` Kalle Valo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210615134228.7A50BC43460@smtp.codeaurora.org \
--to=kvalo@codeaurora.org \
--cc=amitkarwar@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=marex@denx.de \
--cc=martin.fuzzey@flowbird.group \
--cc=netdev@vger.kernel.org \
--cc=siva8118@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).