forked from luck/tmp_suning_uos_patched
cfg80211: Fix BIP (AES-CMAC) cipher validation
This cipher can be used only as a group management frame cipher and as such, there is no point in validating that it is not used with non-zero key-index. Instead, verify that it is not used as a pairwise cipher regardless of the key index. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> [change code to use switch statement which is easier to extend] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This commit is contained in:
parent
3cb10943fc
commit
37720569cc
@ -227,18 +227,26 @@ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev,
|
||||
if (pairwise && !mac_addr)
|
||||
return -EINVAL;
|
||||
|
||||
/*
|
||||
* Disallow pairwise keys with non-zero index unless it's WEP
|
||||
* or a vendor specific cipher (because current deployments use
|
||||
* pairwise WEP keys with non-zero indices and for vendor specific
|
||||
* ciphers this should be validated in the driver or hardware level
|
||||
* - but 802.11i clearly specifies to use zero)
|
||||
*/
|
||||
if (pairwise && key_idx &&
|
||||
((params->cipher == WLAN_CIPHER_SUITE_TKIP) ||
|
||||
(params->cipher == WLAN_CIPHER_SUITE_CCMP) ||
|
||||
(params->cipher == WLAN_CIPHER_SUITE_AES_CMAC)))
|
||||
return -EINVAL;
|
||||
switch (params->cipher) {
|
||||
case WLAN_CIPHER_SUITE_TKIP:
|
||||
case WLAN_CIPHER_SUITE_CCMP:
|
||||
/* Disallow pairwise keys with non-zero index unless it's WEP
|
||||
* or a vendor specific cipher (because current deployments use
|
||||
* pairwise WEP keys with non-zero indices and for vendor
|
||||
* specific ciphers this should be validated in the driver or
|
||||
* hardware level - but 802.11i clearly specifies to use zero)
|
||||
*/
|
||||
if (pairwise && key_idx)
|
||||
return -EINVAL;
|
||||
break;
|
||||
case WLAN_CIPHER_SUITE_AES_CMAC:
|
||||
/* Disallow BIP (group-only) cipher as pairwise cipher */
|
||||
if (pairwise)
|
||||
return -EINVAL;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
switch (params->cipher) {
|
||||
case WLAN_CIPHER_SUITE_WEP40:
|
||||
|
Loading…
Reference in New Issue
Block a user