summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorJouni Malinen <jouni@qca.qualcomm.com>2017-02-04 14:59:22 +0300
committerJohannes Berg <johannes.berg@intel.com>2017-02-06 09:42:39 +0300
commite479ab651f071dbd1518ce8fb121c7f42f2bb97d (patch)
treedae5b419dbf942e66495e705b3f0ffb691abd0a2 /net
parent7892032cfe67f4bde6fc2ee967e45a8fbaf33756 (diff)
downloadlinux-e479ab651f071dbd1518ce8fb121c7f42f2bb97d.tar.xz
mac80211: Fix FILS AEAD protection in Association Request frame
Incorrect num_elem parameter value (1 vs. 5) was used in the aes_siv_encrypt() call. This resulted in only the first one of the five AAD vectors to SIV getting included in calculation. This does not protect all the contents correctly and would not interoperate with a standard compliant implementation. Fix this by using the correct number. A matching fix is needed in the AP side (hostapd) to get FILS authentication working properly. Fixes: 39404feee691 ("mac80211: FILS AEAD protection for station mode association frames") Reported-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'net')
-rw-r--r--net/mac80211/fils_aead.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/mac80211/fils_aead.c b/net/mac80211/fils_aead.c
index ecfdd97758a3..e795aaa2aa1f 100644
--- a/net/mac80211/fils_aead.c
+++ b/net/mac80211/fils_aead.c
@@ -272,7 +272,7 @@ int fils_encrypt_assoc_req(struct sk_buff *skb,
crypt_len = skb->data + skb->len - encr;
skb_put(skb, AES_BLOCK_SIZE);
return aes_siv_encrypt(assoc_data->fils_kek, assoc_data->fils_kek_len,
- encr, crypt_len, 1, addr, len, encr);
+ encr, crypt_len, 5, addr, len, encr);
}
int fils_decrypt_assoc_resp(struct ieee80211_sub_if_data *sdata,