Re: iwm(4): fix ccmp decrypt edge cases

Fri, 16 Aug 2019 04:39:26 -0700 

On Fri, Aug 16, 2019 at 10:11:55PM +1200, [email protected] wrote:
> See below for updated diff. Nice idea to add a panic on encrypt. 
> Also I've followed the existing idiom of m_freem(m0); return NULL; 
> 
> I've checked that all assignments to k_flags are to fresh keys; the new 
> flag is never clobbered.
> 
> The new check will be accounted against is_rx_wepfail ("input wep/wpa 
> packets failed").
> 
> Lightly tested with a download and ifconfig up/down. 
> 
> ok?

Yes, ok.

I would suggest to change the panic message to say something like
"%s: key not loaded for software crypto", but it's no big deal.

Thanks!

> 
> best, 
> Richard. 
> 
> Index: net80211/ieee80211_crypto.c
> ===================================================================
> RCS file: /cvs/src/sys/net80211/ieee80211_crypto.c,v
> retrieving revision 1.74
> diff -u -p -u -p -r1.74 ieee80211_crypto.c
> --- net80211/ieee80211_crypto.c       24 Sep 2018 20:14:59 -0000      1.74
> +++ net80211/ieee80211_crypto.c       16 Aug 2019 09:50:47 -0000
> @@ -157,6 +157,10 @@ ieee80211_set_key(struct ieee80211com *i
>               /* should not get there */
>               error = EINVAL;
>       }
> +
> +     if (error == 0)
> +             k->k_flags |= IEEE80211_KEY_SWCRYPTO;
> +
>       return error;
>  }
>  
> @@ -209,6 +213,9 @@ struct mbuf *
>  ieee80211_encrypt(struct ieee80211com *ic, struct mbuf *m0,
>      struct ieee80211_key *k)
>  {
> +     if ((k->k_flags & IEEE80211_KEY_SWCRYPTO) == 0)
> +             panic("%s: unset key %d", __func__, k->k_id);
> +
>       switch (k->k_cipher) {
>       case IEEE80211_CIPHER_WEP40:
>       case IEEE80211_CIPHER_WEP104:
> @@ -280,6 +287,12 @@ ieee80211_decrypt(struct ieee80211com *i
>               }
>               k = &ic->ic_nw_keys[kid];
>       }
> +
> +     if ((k->k_flags & IEEE80211_KEY_SWCRYPTO) == 0) {
> +             m_free(m0);
> +             return NULL;
> +     }
> +
>       switch (k->k_cipher) {
>       case IEEE80211_CIPHER_WEP40:
>       case IEEE80211_CIPHER_WEP104:
> Index: net80211/ieee80211_crypto.h
> ===================================================================
> RCS file: /cvs/src/sys/net80211/ieee80211_crypto.h,v
> retrieving revision 1.25
> diff -u -p -u -p -r1.25 ieee80211_crypto.h
> --- net80211/ieee80211_crypto.h       18 Aug 2017 17:30:12 -0000      1.25
> +++ net80211/ieee80211_crypto.h       16 Aug 2019 09:50:47 -0000
> @@ -78,6 +78,7 @@ struct ieee80211_key {
>  #define IEEE80211_KEY_GROUP  0x00000001      /* group data key */
>  #define IEEE80211_KEY_TX     0x00000002      /* Tx+Rx */
>  #define IEEE80211_KEY_IGTK   0x00000004      /* integrity group key */
> +#define IEEE80211_KEY_SWCRYPTO       0x00000080      /* loaded for software 
> crypto */
>  
>       u_int                   k_len;
>       u_int64_t               k_rsc[IEEE80211_NUM_TID];
>

Reply via email to