From: Johannes Berg <johannes@sipsolutions.net>
To: Jouni Malinen <jouni@qca.qualcomm.com>
Cc: linux-wireless@vger.kernel.org
Subject: Re: [PATCH 5/8] cfg80211: Add KEK/nonces for FILS association frames
Date: Wed, 26 Oct 2016 07:36:27 +0200 [thread overview]
Message-ID: <1477460187.4059.4.camel@sipsolutions.net> (raw)
In-Reply-To: <1477435489-8555-1-git-send-email-jouni@qca.qualcomm.com>
> +++ b/net/wireless/nl80211.c
> @@ -414,6 +414,10 @@ enum nl80211_multicast_groups {
> [NL80211_ATTR_NAN_MASTER_PREF] = { .type = NLA_U8 },
> [NL80211_ATTR_NAN_DUAL] = { .type = NLA_U8 },
> [NL80211_ATTR_NAN_FUNC] = { .type = NLA_NESTED },
> + [NL80211_ATTR_FILS_KEK] = { .type = NLA_BINARY,
> + .len = FILS_MAX_KEK_LEN },
> + [NL80211_ATTR_FILS_NONCES] = { .type = NLA_BINARY,
> + .len = 2 * FILS_NONCE_LEN },
> };
If you remove the type = NLA_BINARY and just leave the type zero, then
you'll get *minimum* length validation, rather than limiting the
maximum length. That seems more appropriate for the nonces?
> + if (info->attrs[NL80211_ATTR_FILS_NONCES]) {
> + if (nla_len(info->attrs[NL80211_ATTR_FILS_NONCES])
> !=
> + 2 * FILS_NONCE_LEN)
> + return -EINVAL;
You're validating the *exact* length here, which unfortunately nlattr
doesn't support right now, but perhaps we can live with checking that
it's at least that many bytes, and using only 2*nonces? We do that for
most other attributes (like MAC addresses).
Or do we expect to extend this to more than 2 nonces in the future, at
which point we'll need the length?
johannes
next prev parent reply other threads:[~2016-10-26 5:36 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-10-25 22:44 [PATCH 5/8] cfg80211: Add KEK/nonces for FILS association frames Jouni Malinen
2016-10-25 22:44 ` [PATCH 6/8] mac80211: Add FILS auth alg mapping Jouni Malinen
2016-10-25 22:44 ` [PATCH 7/8] mac80211: FILS AEAD protection for station mode association frames Jouni Malinen
2016-10-26 5:49 ` Johannes Berg
2016-10-26 21:04 ` Malinen, Jouni
2016-10-25 22:44 ` [PATCH 8/8] mac80211: Claim Fast Initial Link Setup (FILS) support Jouni Malinen
2016-10-26 5:50 ` Johannes Berg
2016-10-26 9:23 ` Malinen, Jouni
2016-10-26 9:26 ` Johannes Berg
2016-10-26 5:36 ` Johannes Berg [this message]
2016-10-26 9:18 ` [PATCH 5/8] cfg80211: Add KEK/nonces for FILS association frames Malinen, Jouni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1477460187.4059.4.camel@sipsolutions.net \
--to=johannes@sipsolutions.net \
--cc=jouni@qca.qualcomm.com \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.