From: Johannes Berg <johannes@sipsolutions.net>
To: Matthias May <matthias.may@neratec.com>,
Emmanuel Grumbach <egrumbach@gmail.com>,
voncken <cedric.voncken@acksys.fr>
Cc: linux-wireless <linux-wireless@vger.kernel.org>
Subject: Re: Mac80211 : Wpa rekeying issue
Date: Tue, 05 Jan 2016 16:50:29 +0100 [thread overview]
Message-ID: <1452009029.12357.37.camel@sipsolutions.net> (raw)
In-Reply-To: <568BA0E3.5080905@neratec.com>
On Tue, 2016-01-05 at 11:54 +0100, Matthias May wrote:
>
> Not safe as in "access to stuff which has to be locked", or not safe
> as
> in "a CCMP replay attack is possible"?
> When changing this we argumented that since we are not really
> connected
> yet, a CCMP replay attack doesn't really make sense.
>
It's a bit more complicated than my first look suggested, it seems.
However, I'm not sure what effect your patch is supposed to have.
You're skipping CCMP replay checking and update when not authorized
yet, at which point the station isn't receiving frames anyway (though
they'd be checked for all this, they'd later be discarded).
Once it becomes authorized, you do the checks. However, it never
becomes unauthorized again, even for rekeying, so for the PTK rekeying
issue at hand it's pretty much a no-op?
johannes
PS: the comment in your patch is also wrong:
> + /* If we are a station update the ccmp counter only when we are
> + * authorised. For all other modes always update. */
> + if (!rx->sta ||
> + (rx->sta && test_sta_flag(rx->sta, WLAN_STA_AUTHORIZED)) ) {
There's no check for "if we are a station" here.
next prev parent reply other threads:[~2016-01-05 15:50 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-29 13:01 Mac80211 : Wpa rekeying issue Cedric VONCKEN
2015-12-29 14:19 ` Emmanuel Grumbach
2015-12-29 15:23 ` voncken
2015-12-31 8:12 ` voncken
2015-12-31 8:41 ` Emmanuel Grumbach
2015-12-31 10:15 ` voncken
2015-12-31 15:25 ` Ben Greear
2016-01-05 9:19 ` Johannes Berg
2016-01-05 9:47 ` Matthias May
2016-01-05 9:58 ` Johannes Berg
2016-01-05 10:54 ` Matthias May
2016-01-05 15:50 ` Johannes Berg [this message]
2016-01-06 9:09 ` Matthias May
2016-01-07 21:06 ` Johannes Berg
2016-01-07 21:15 ` Johannes Berg
2016-01-12 11:38 ` Emmanuel Grumbach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1452009029.12357.37.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=cedric.voncken@acksys.fr \
--cc=egrumbach@gmail.com \
--cc=linux-wireless@vger.kernel.org \
--cc=matthias.may@neratec.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.