From: Kalle Valo <kvalo@codeaurora.org>
To: Martin Fuzzey <martin.fuzzey@flowbird.group>
Cc: Amitkumar Karwar <amitkarwar@gmail.com>,
stable@vger.kernel.org, Siva Rebbagondla <siva8118@gmail.com>,
Marek Vasut <marex@denx.de>,
linux-wireless@vger.kernel.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH V2] rsi: fix AP mode with WPA failure due to encrypted EAPOL
Date: Tue, 15 Jun 2021 13:42:28 +0000 (UTC) [thread overview]
Message-ID: <20210615134228.7A50BC43460@smtp.codeaurora.org> (raw)
In-Reply-To: <1622564459-24430-1-git-send-email-martin.fuzzey@flowbird.group>
Martin Fuzzey <martin.fuzzey@flowbird.group> wrote:
> In AP mode WPA2-PSK connections were not established.
>
> The reason was that the AP was sending the first message
> of the 4 way handshake encrypted, even though no pairwise
> key had (correctly) yet been set.
>
> Encryption was enabled if the "security_enable" driver flag
> was set and encryption was not explicitly disabled by
> IEEE80211_TX_INTFL_DONT_ENCRYPT.
>
> However security_enable was set when *any* key, including
> the AP GTK key, had been set which was causing unwanted
> encryption even if no key was avaialble for the unicast
> packet to be sent.
>
> Fix this by adding a check that we have a key and drop
> the old security_enable driver flag which is insufficient
> and redundant.
>
> The Redpine downstream out of tree driver does it this way too.
>
> Regarding the Fixes tag the actual code being modified was
> introduced earlier, with the original driver submission, in
> dad0d04fa7ba ("rsi: Add RS9113 wireless driver"), however
> at that time AP mode was not yet supported so there was
> no bug at that point.
>
> So I have tagged the introduction of AP support instead
> which was part of the patch set "rsi: support for AP mode" [1]
>
> It is not clear whether AP WPA has ever worked, I can see nothing
> on the kernel side that broke it afterwards yet the AP support
> patch series says "Tests are performed to confirm aggregation,
> connections in WEP and WPA/WPA2 security."
>
> One possibility is that the initial tests were done with a modified
> userspace (hostapd).
>
> [1] https://www.spinics.net/lists/linux-wireless/msg165302.html
>
> Signed-off-by: Martin Fuzzey <martin.fuzzey@flowbird.group>
> Fixes: 38ef62353acb ("rsi: security enhancements for AP mode")
> CC: stable@vger.kernel.org
Patch applied to wireless-drivers-next.git, thanks.
314538041b56 rsi: fix AP mode with WPA failure due to encrypted EAPOL
--
https://patchwork.kernel.org/project/linux-wireless/patch/1622564459-24430-1-git-send-email-martin.fuzzey@flowbird.group/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
prev parent reply other threads:[~2021-06-15 13:43 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-01 16:19 [PATCH V2] rsi: fix AP mode with WPA failure due to encrypted EAPOL Martin Fuzzey
2021-06-15 13:42 ` Kalle Valo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210615134228.7A50BC43460@smtp.codeaurora.org \
--to=kvalo@codeaurora.org \
--cc=amitkarwar@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=marex@denx.de \
--cc=martin.fuzzey@flowbird.group \
--cc=netdev@vger.kernel.org \
--cc=siva8118@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.