mac80211: accept key reinstall without changing anything - xavi/android_kernel_m2note - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Johannes Berg <johannes.berg@intel.com>	2017-09-05 14:54:54 +0200
committer	Moyster <oysterized@gmail.com>	2017-10-20 17:42:17 +0200
commit	bb5e9f999e9c7025ab4fe1156dbfbdff3af466f3 (patch)
tree	2a22e04f7e0ee5bd6ef5c15315148f585fae26cb /include/linux/stacktrace.h
parent	ce94a41204865079f725db4ba2ef5ae19375547b (diff)

mac80211: accept key reinstall without changing anything

When a key is reinstalled we can reset the replay counters etc. which can lead to nonce reuse and/or replay detection being impossible, breaking security properties, as described in the "KRACK attacks". In particular, CVE-2017-13080 applies to GTK rekeying that happened in firmware while the host is in D3, with the second part of the attack being done after the host wakes up. In this case, the wpa_supplicant mitigation isn't sufficient since wpa_supplicant doesn't know the GTK material. In case this happens, simply silently accept the new key coming from userspace but don't take any action on it since it's the same key; this keeps the PN replay counters intact. Change-Id: I7576ed8c8df85a767ebf15e74a642063eb34d0f5 Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Moyster <oysterized@gmail.com>

Diffstat (limited to 'include/linux/stacktrace.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: