linux/net/mac80211
Johannes Berg fdf7cb4185 mac80211: accept key reinstall without changing anything
When a key is reinstalled we can reset the replay counters
etc. which can lead to nonce reuse and/or replay detection
being impossible, breaking security properties, as described
in the "KRACK attacks".

In particular, CVE-2017-13080 applies to GTK rekeying that
happened in firmware while the host is in D3, with the second
part of the attack being done after the host wakes up. In
this case, the wpa_supplicant mitigation isn't sufficient
since wpa_supplicant doesn't know the GTK material.

In case this happens, simply silently accept the new key
coming from userspace but don't take any action on it since
it's the same key; this keeps the PN replay counters intact.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-10-16 13:02:03 +02:00
..
aes_ccm.c mac80211: move struct aead_req off the stack 2016-10-17 16:14:04 +02:00
aes_ccm.h mac80211: move struct aead_req off the stack 2016-10-17 16:14:04 +02:00
aes_cmac.c mac80211: aes-cmac: switch to shash CMAC driver 2017-02-08 09:19:33 +01:00
aes_cmac.h mac80211: aes-cmac: switch to shash CMAC driver 2017-02-08 09:19:33 +01:00
aes_gcm.c mac80211: move struct aead_req off the stack 2016-10-17 16:14:04 +02:00
aes_gcm.h mac80211: move struct aead_req off the stack 2016-10-17 16:14:04 +02:00
aes_gmac.c mac80211: move struct aead_req off the stack 2016-10-17 16:14:04 +02:00
aes_gmac.h mac80211: move struct aead_req off the stack 2016-10-17 16:14:04 +02:00
agg-rx.c mac80211: fix deadlock in driver-managed RX BA session start 2017-09-06 15:22:02 +02:00
agg-tx.c mac80211: agg-tx: call drv_wake_tx_queue in proper context 2017-09-05 16:25:07 +02:00
cfg.c networking: make skb_put & friends return void pointers 2017-06-16 11:48:39 -04:00
chan.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-01-17 15:19:37 -05:00
debug.h mac80211: 802.11p OCB mode support 2014-11-04 13:18:21 +01:00
debugfs_key.c mac80211: move TKIP TX IVs to public part of key struct 2016-02-24 09:04:38 +01:00
debugfs_key.h
debugfs_netdev.c networking: convert many more places to skb_put_zero() 2017-06-16 11:48:35 -04:00
debugfs_netdev.h mac80211: fix some missing includes 2014-04-09 14:49:43 +02:00
debugfs_sta.c mac80211: Dynamically set CoDel parameters per station 2017-05-17 16:03:40 +02:00
debugfs_sta.h
debugfs.c mac80211: check for allocation failure in debugfs code 2017-02-08 10:05:07 +01:00
debugfs.h mac80211: fix some missing includes 2014-04-09 14:49:43 +02:00
driver-ops.c mac80211: add offset_tsf driver op and use it for mesh 2016-09-30 13:45:44 +02:00
driver-ops.h mac80211: add offset_tsf driver op and use it for mesh 2016-09-30 13:45:44 +02:00
ethtool.c mac80211: move station statistics into sub-structs 2015-10-21 10:08:22 +02:00
fils_aead.c Some more updates: 2017-02-10 14:31:51 -05:00
fils_aead.h mac80211: FILS AEAD protection for station mode association frames 2016-10-27 16:03:25 +02:00
ht.c mac80211: fix deadlock in driver-managed RX BA session start 2017-09-06 15:22:02 +02:00
ibss.c networking: introduce and use skb_put_data() 2017-06-16 11:48:37 -04:00
ieee80211_i.h mac80211: fix deadlock in driver-managed RX BA session start 2017-09-06 15:22:02 +02:00
iface.c mac80211: Fix null pointer dereference with iTXQ support 2017-09-05 11:28:51 +02:00
Kconfig mac80211: fils_aead: Use crypto api CMAC shash rather than bare cipher 2017-02-08 09:19:17 +01:00
key.c mac80211: accept key reinstall without changing anything 2017-10-16 13:02:03 +02:00
key.h mac80211: aes-cmac: switch to shash CMAC driver 2017-02-08 09:19:33 +01:00
led.c mac80211: fix throughput LED trigger 2015-05-11 19:16:04 +02:00
led.h mac80211: make LED triggering depend on activation 2015-05-05 14:21:56 +02:00
main.c mac80211: disentangle iflist_mtx and chanctx_mtx 2017-04-26 23:17:44 +02:00
Makefile Makefile: drop -D__CHECK_ENDIAN__ from cflags 2016-12-16 00:13:43 +02:00
mesh_hwmp.c networking: convert many more places to skb_put_zero() 2017-06-16 11:48:35 -04:00
mesh_pathtbl.c mac80211: Use setup_timer instead of init_timer for mesh path 2017-03-16 10:54:04 +01:00
mesh_plink.c networking: convert many more places to skb_put_zero() 2017-06-16 11:48:35 -04:00
mesh_ps.c networking: make skb_put & friends return void pointers 2017-06-16 11:48:39 -04:00
mesh_sync.c mac80211: Use appropriate name for functions and messages 2016-12-13 16:22:27 +01:00
mesh.c networking: make skb_put & friends return void pointers 2017-06-16 11:48:39 -04:00
mesh.h mac80211: Use appropriate name for functions and messages 2016-12-13 16:22:27 +01:00
michael.c
michael.h mac80211: fix some missing includes 2014-04-09 14:49:43 +02:00
mlme.c mac80211: fix incorrect assignment of reassoc value 2017-09-05 09:04:20 +02:00
ocb.c mac80211: remove rx_stats.last_rx update after sta alloc 2016-04-06 13:18:15 +02:00
offchannel.c mac80211: flush hw_roc_start work before cancelling the ROC 2017-09-05 16:25:07 +02:00
pm.c cfg80211: add request id to cfg80211_sched_scan_*() api 2017-04-28 14:51:43 +02:00
rate.c mac80211: Dynamically set CoDel parameters per station 2017-05-17 16:03:40 +02:00
rate.h mac80211: make rate control tx status API more extensible 2017-04-28 10:57:33 +02:00
rc80211_minstrel_debugfs.c mac80211: minstrel: store probability variance instead of standard deviation 2016-12-15 11:07:52 +01:00
rc80211_minstrel_ht_debugfs.c mac80211: minstrel: store probability variance instead of standard deviation 2016-12-15 11:07:52 +01:00
rc80211_minstrel_ht.c mac80211: make rate control tx status API more extensible 2017-04-28 10:57:33 +02:00
rc80211_minstrel_ht.h mac80211: minstrel_ht: move supported bitrate mask out of group data 2016-12-15 11:07:52 +01:00
rc80211_minstrel.c mac80211: make rate control tx status API more extensible 2017-04-28 10:57:33 +02:00
rc80211_minstrel.h mac80211: minstrel: make prob_ewma u16 instead of u32 2016-12-15 11:07:53 +01:00
rx.c networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
scan.c cfg80211: add request id to cfg80211_sched_scan_*() api 2017-04-28 14:51:43 +02:00
spectmgmt.c networking: convert many more places to skb_put_zero() 2017-06-16 11:48:35 -04:00
sta_info.c networking: make skb_put & friends return void pointers 2017-06-16 11:48:39 -04:00
sta_info.h mac80211: manage RX BA session offload without SKB queue 2017-06-08 14:16:29 +02:00
status.c networking: make skb_push & __skb_push return void pointers 2017-06-16 11:48:40 -04:00
tdls.c net: manual clean code which call skb_put_[data:zero] 2017-06-20 13:30:15 -04:00
tkip.c mac80211: move TKIP TX IVs to public part of key struct 2016-02-24 09:04:38 +01:00
tkip.h mac80211: move TKIP TX IVs to public part of key struct 2016-02-24 09:04:38 +01:00
trace_msg.h mac80211: Move message tracepoints to their own header 2015-04-07 12:32:09 -04:00
trace.c mac80211: Move message tracepoints to their own header 2015-04-07 12:32:09 -04:00
trace.h mac80211: add the action to the drv_ampdu_action tracepoint 2017-06-13 11:06:39 +02:00
tx.c mac80211: fix VLAN handling with TXQs 2017-09-05 11:28:43 +02:00
util.c mac80211: add MESH IE in the correct order 2017-09-05 11:28:51 +02:00
vht.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-01-17 15:19:37 -05:00
wep.c mac80211: Add RX flag to indicate ICV stripped 2017-01-12 10:15:18 +01:00
wep.h
wme.c mac80211: preserve more bits when building QoS header 2016-10-12 14:17:13 +02:00
wme.h mac80211: add WMM admission control support 2014-10-22 10:42:09 +02:00
wpa.c networking: make skb_put & friends return void pointers 2017-06-16 11:48:39 -04:00
wpa.h mac80111: Add BIP-GMAC-128 and BIP-GMAC-256 ciphers 2015-01-27 11:10:13 +01:00