diff options
Diffstat (limited to 'package/kernel/mac80211/patches/subsys/381-mac80211-prevent-mixed-key-and-fragment-cache-attack.patch')
| -rw-r--r-- | package/kernel/mac80211/patches/subsys/381-mac80211-prevent-mixed-key-and-fragment-cache-attack.patch | 87 |
1 files changed, 0 insertions, 87 deletions
diff --git a/package/kernel/mac80211/patches/subsys/381-mac80211-prevent-mixed-key-and-fragment-cache-attack.patch b/package/kernel/mac80211/patches/subsys/381-mac80211-prevent-mixed-key-and-fragment-cache-attack.patch deleted file mode 100644 index de0f89a5b0..0000000000 --- a/package/kernel/mac80211/patches/subsys/381-mac80211-prevent-mixed-key-and-fragment-cache-attack.patch +++ /dev/null @@ -1,87 +0,0 @@ -From: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be> -Date: Tue, 11 May 2021 20:02:43 +0200 -Subject: [PATCH] mac80211: prevent mixed key and fragment cache attacks - -Simultaneously prevent mixed key attacks (CVE-2020-24587) and fragment -cache attacks (CVE-2020-24586). This is accomplished by assigning a -unique color to every key (per interface) and using this to track which -key was used to decrypt a fragment. When reassembling frames, it is -now checked whether all fragments were decrypted using the same key. - -To assure that fragment cache attacks are also prevented, the ID that is -assigned to keys is unique even over (re)associations and (re)connects. -This means fragments separated by a (re)association or (re)connect will -not be reassembled. Because mac80211 now also prevents the reassembly of -mixed encrypted and plaintext fragments, all cache attacks are prevented. - -Cc: stable@vger.kernel.org -Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@kuleuven.be> -Signed-off-by: Johannes Berg <johannes.berg@intel.com> ---- - ---- a/net/mac80211/ieee80211_i.h -+++ b/net/mac80211/ieee80211_i.h -@@ -97,6 +97,7 @@ struct ieee80211_fragment_entry { - u8 rx_queue; - bool check_sequential_pn; /* needed for CCMP/GCMP */ - u8 last_pn[6]; /* PN of the last fragment if CCMP was used */ -+ unsigned int key_color; - }; - - ---- a/net/mac80211/key.c -+++ b/net/mac80211/key.c -@@ -799,6 +799,7 @@ int ieee80211_key_link(struct ieee80211_ - struct ieee80211_sub_if_data *sdata, - struct sta_info *sta) - { -+ static atomic_t key_color = ATOMIC_INIT(0); - struct ieee80211_key *old_key; - int idx = key->conf.keyidx; - bool pairwise = key->conf.flags & IEEE80211_KEY_FLAG_PAIRWISE; -@@ -850,6 +851,12 @@ int ieee80211_key_link(struct ieee80211_ - key->sdata = sdata; - key->sta = sta; - -+ /* -+ * Assign a unique ID to every key so we can easily prevent mixed -+ * key and fragment cache attacks. -+ */ -+ key->color = atomic_inc_return(&key_color); -+ - increment_tailroom_need_count(sdata); - - ret = ieee80211_key_replace(sdata, sta, pairwise, old_key, key); ---- a/net/mac80211/key.h -+++ b/net/mac80211/key.h -@@ -128,6 +128,8 @@ struct ieee80211_key { - } debugfs; - #endif - -+ unsigned int color; -+ - /* - * key config, must be last because it contains key - * material as variable length member ---- a/net/mac80211/rx.c -+++ b/net/mac80211/rx.c -@@ -2265,6 +2265,7 @@ ieee80211_rx_h_defragment(struct ieee802 - * next fragment has a sequential PN value. - */ - entry->check_sequential_pn = true; -+ entry->key_color = rx->key->color; - memcpy(entry->last_pn, - rx->key->u.ccmp.rx_pn[queue], - IEEE80211_CCMP_PN_LEN); -@@ -2302,6 +2303,11 @@ ieee80211_rx_h_defragment(struct ieee802 - - if (!requires_sequential_pn(rx, fc)) - return RX_DROP_UNUSABLE; -+ -+ /* Prevent mixed key and fragment cache attacks */ -+ if (entry->key_color != rx->key->color) -+ return RX_DROP_UNUSABLE; -+ - memcpy(pn, entry->last_pn, IEEE80211_CCMP_PN_LEN); - for (i = IEEE80211_CCMP_PN_LEN - 1; i >= 0; i--) { - pn[i]++; |