summaryrefslogtreecommitdiff
path: root/net/mac80211/fils_aead.c
AgeCommit message (Collapse)Author
2017-02-10Merge tag 'mac80211-next-for-davem-2017-02-09' of ↵David S. Miller
git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next Johannes Berg says: ==================== Some more updates: * use shash in mac80211 crypto code where applicable * some documentation fixes * pass RSSI levels up in change notifications * remove unused rfkill-regulator * various other cleanups ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
2017-02-08mac80211: fils_aead: Use crypto api CMAC shash rather than bare cipherArd Biesheuvel
Switch the FILS AEAD code to use a cmac(aes) shash instantiated by the crypto API rather than reusing the open coded implementation in aes_cmac_vector(). This makes the code more understandable, and allows platforms to implement cmac(aes) in a more secure (*) and efficient way than is typically possible when using the AES cipher directly. So replace the crypto_cipher by a crypto_shash, and update the aes_s2v() routine to call the shash interface directly. * In particular, the generic table based AES implementation is sensitive to known-plaintext timing attacks on the key, to which AES based MAC algorithms are especially vulnerable, given that their plaintext is not usually secret. Time invariant alternatives are available (e.g., based on SIMD algorithms), but may incur a setup cost that is prohibitive when operating on a single block at a time, which is why they don't usually expose the cipher API. Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-02-06mac80211: Allocate a sync skcipher explicitly for FILS AEADJouni Malinen
The skcipher could have been of the async variant which may return from skcipher_encrypt() with -EINPROGRESS after having queued the request. The FILS AEAD implementation here does not have code for dealing with that possibility, so allocate a sync cipher explicitly to avoid potential issues with hardware accelerators. This is based on the patch sent out by Ard. Fixes: 39404feee691 ("mac80211: FILS AEAD protection for station mode association frames") Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-02-06mac80211: Fix FILS AEAD protection in Association Request frameJouni Malinen
Incorrect num_elem parameter value (1 vs. 5) was used in the aes_siv_encrypt() call. This resulted in only the first one of the five AAD vectors to SIV getting included in calculation. This does not protect all the contents correctly and would not interoperate with a standard compliant implementation. Fix this by using the correct number. A matching fix is needed in the AP side (hostapd) to get FILS authentication working properly. Fixes: 39404feee691 ("mac80211: FILS AEAD protection for station mode association frames") Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2016-10-28mac80211: fils_aead: fix encrypt error handlingArnd Bergmann
gcc -Wmaybe-uninitialized reports a bug in aes_siv_encryp: net/mac80211/fils_aead.c: In function ‘aes_siv_encrypt.constprop’: net/mac80211/fils_aead.c:84:26: error: ‘tfm2’ may be used uninitialized in this function [-Werror=maybe-uninitialized] At the time that the memory allocation fails, 'tfm2' has not been allocated, so we should not attempt to free it later, and we can simply return an error. Fixes: 39404feee691 ("mac80211: FILS AEAD protection for station mode association frames") Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2016-10-27mac80211: FILS AEAD protection for station mode association framesJouni Malinen
This adds support for encrypting (Re)Association Request frame and decryption (Re)Association Response frame when using FILS in station mode. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>