summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2015-01-24 20:52:04 +0300
committerJohannes Berg <johannes.berg@intel.com>2015-01-27 13:03:41 +0300
commit37720569cc89205c23011d6b52f8c63ea2057c3d (patch)
tree9de42e7ea5d1fd7cc802633e9fe50ac981f939c1
parent3cb10943fc60b4349a4d7865bdd579bc5c8eaf73 (diff)
downloadlinux-37720569cc89205c23011d6b52f8c63ea2057c3d.tar.xz
cfg80211: Fix BIP (AES-CMAC) cipher validation
This cipher can be used only as a group management frame cipher and as such, there is no point in validating that it is not used with non-zero key-index. Instead, verify that it is not used as a pairwise cipher regardless of the key index. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> [change code to use switch statement which is easier to extend] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
-rw-r--r--net/wireless/util.c32
1 files changed, 20 insertions, 12 deletions
diff --git a/net/wireless/util.c b/net/wireless/util.c
index 3535e8ade48f..08f136ad2ea5 100644
--- a/net/wireless/util.c
+++ b/net/wireless/util.c
@@ -227,18 +227,26 @@ int cfg80211_validate_key_settings(struct cfg80211_registered_device *rdev,
if (pairwise && !mac_addr)
return -EINVAL;
- /*
- * Disallow pairwise keys with non-zero index unless it's WEP
- * or a vendor specific cipher (because current deployments use
- * pairwise WEP keys with non-zero indices and for vendor specific
- * ciphers this should be validated in the driver or hardware level
- * - but 802.11i clearly specifies to use zero)
- */
- if (pairwise && key_idx &&
- ((params->cipher == WLAN_CIPHER_SUITE_TKIP) ||
- (params->cipher == WLAN_CIPHER_SUITE_CCMP) ||
- (params->cipher == WLAN_CIPHER_SUITE_AES_CMAC)))
- return -EINVAL;
+ switch (params->cipher) {
+ case WLAN_CIPHER_SUITE_TKIP:
+ case WLAN_CIPHER_SUITE_CCMP:
+ /* Disallow pairwise keys with non-zero index unless it's WEP
+ * or a vendor specific cipher (because current deployments use
+ * pairwise WEP keys with non-zero indices and for vendor
+ * specific ciphers this should be validated in the driver or
+ * hardware level - but 802.11i clearly specifies to use zero)
+ */
+ if (pairwise && key_idx)
+ return -EINVAL;
+ break;
+ case WLAN_CIPHER_SUITE_AES_CMAC:
+ /* Disallow BIP (group-only) cipher as pairwise cipher */
+ if (pairwise)
+ return -EINVAL;
+ break;
+ default:
+ break;
+ }
switch (params->cipher) {
case WLAN_CIPHER_SUITE_WEP40: