staging: wfx: fix support for cipher AES_CMAC (multicast PMF)

When MFP is enabled, the multicast management frames are not protected, in fact. Instead, but they should include an IE containing the MMIC of the frames (i.e. a cryptographic signature). Until now, the driver didn't correctly detect this kind of frames (they are not marked protected but they are associated to a key) and didn't ask to the device to encrypt them. In add, the device is not able to generate the IE itself. Mac80211 has to generate the IE and let the device compute the MMIC. Signed-off-by: Jérôme Pouiller <jerome.pouiller@silabs.com> Link: https://lore.kernel.org/r/20200825085828.399505-5-Jerome.Pouiller@silabs.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-08-25 10:58:21 +02:00 · 2020-08-25 10:58:21 +02:00 · 0a3279d39c
commit 0a3279d39c
parent 152df50609
2 changed files with 5 additions and 4 deletions
--- a/drivers/staging/wfx/data_tx.c
+++ b/drivers/staging/wfx/data_tx.c
@ -325,6 +325,8 @@ static int wfx_tx_get_icv_len(struct ieee80211_key_conf *hw_key)

 	if (!hw_key)
 		return 0;
+	if (hw_key->cipher == WLAN_CIPHER_SUITE_AES_CMAC)
+		return 0;
 	mic_space = (hw_key->cipher == WLAN_CIPHER_SUITE_TKIP) ? 8 : 0;
 	return hw_key->icv_len + mic_space;
 }
@ -350,8 +352,7 @@ static int wfx_tx_inner(struct wfx_vif *wvif, struct ieee80211_sta *sta,
 	memset(tx_info->rate_driver_data, 0, sizeof(struct wfx_tx_priv));
 	// Fill tx_priv
 	tx_priv = (struct wfx_tx_priv *)tx_info->rate_driver_data;
-	if (ieee80211_has_protected(hdr->frame_control))
-		tx_priv->hw_key = hw_key;
+	tx_priv->hw_key = hw_key;

 	// Fill hif_msg
 	WARN(skb_headroom(skb) < wmsg_len, "not enough space in skb");
--- a/drivers/staging/wfx/key.c
+++ b/drivers/staging/wfx/key.c
@ -198,8 +198,8 @@ static int wfx_add_key(struct wfx_vif *wvif, struct ieee80211_sta *sta,
 		else
 			k.type = fill_sms4_group(&k.key.wapi_group_key, key);
 	} else if (key->cipher == WLAN_CIPHER_SUITE_AES_CMAC) {
-		k.type = fill_aes_cmac_group(&k.key.igtk_group_key, key,
-					     &seq);
+		k.type = fill_aes_cmac_group(&k.key.igtk_group_key, key, &seq);
+		key->flags |= IEEE80211_KEY_FLAG_GENERATE_MMIE;
 	} else {
 		dev_warn(wdev->dev, "unsupported key type %d\n", key->cipher);
 		wfx_free_key(wdev, idx);