wifi: iwlwifi: mvm: don't set the MFP flag for the GTK
[ Upstream commit e35f316bce9e5733c9826120c1838f4c447b2c4c ] The firmware doesn't need the MFP flag for the GTK, it can even make the firmware crash. in case the AP is configured with: group cipher TKIP and MFPC. We would send the GTK with cipher = TKIP and MFP which is of course not possible. Fixes: 5c75a208c244 ("wifi: iwlwifi: mvm: support new key API") Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com> Signed-off-by: Miri Korenblit <miriam.rachel.korenblit@intel.com> Link: https://msgid.link/20240206175739.2f2c602ab3c6.If13b2e2fa532381d985c07df130bee1478046c89@changeid Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
67e7b24a70
commit
b4f1b0b3b9
@ -1,6 +1,6 @@
|
||||
// SPDX-License-Identifier: GPL-2.0 OR BSD-3-Clause
|
||||
/*
|
||||
* Copyright (C) 2022 - 2023 Intel Corporation
|
||||
* Copyright (C) 2022 - 2024 Intel Corporation
|
||||
*/
|
||||
#include <linux/kernel.h>
|
||||
#include <net/mac80211.h>
|
||||
@ -62,11 +62,13 @@ u32 iwl_mvm_get_sec_flags(struct iwl_mvm *mvm,
|
||||
struct ieee80211_key_conf *keyconf)
|
||||
{
|
||||
struct iwl_mvm_vif *mvmvif = iwl_mvm_vif_from_mac80211(vif);
|
||||
bool pairwise = keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE;
|
||||
bool igtk = keyconf->keyidx == 4 || keyconf->keyidx == 5;
|
||||
u32 flags = 0;
|
||||
|
||||
lockdep_assert_held(&mvm->mutex);
|
||||
|
||||
if (!(keyconf->flags & IEEE80211_KEY_FLAG_PAIRWISE))
|
||||
if (!pairwise)
|
||||
flags |= IWL_SEC_KEY_FLAG_MCAST_KEY;
|
||||
|
||||
switch (keyconf->cipher) {
|
||||
@ -96,12 +98,14 @@ u32 iwl_mvm_get_sec_flags(struct iwl_mvm *mvm,
|
||||
if (!sta && vif->type == NL80211_IFTYPE_STATION)
|
||||
sta = mvmvif->ap_sta;
|
||||
|
||||
/* Set the MFP flag also for an AP interface where the key is an IGTK
|
||||
* key as in such a case the station would always be NULL
|
||||
/*
|
||||
* If we are installing an iGTK (in AP or STA mode), we need to tell
|
||||
* the firmware this key will en/decrypt MGMT frames.
|
||||
* Same goes if we are installing a pairwise key for an MFP station.
|
||||
* In case we're installing a groupwise key (which is not an iGTK),
|
||||
* then, we will not use this key for MGMT frames.
|
||||
*/
|
||||
if ((!IS_ERR_OR_NULL(sta) && sta->mfp) ||
|
||||
(vif->type == NL80211_IFTYPE_AP &&
|
||||
(keyconf->keyidx == 4 || keyconf->keyidx == 5)))
|
||||
if ((!IS_ERR_OR_NULL(sta) && sta->mfp && pairwise) || igtk)
|
||||
flags |= IWL_SEC_KEY_FLAG_MFP;
|
||||
|
||||
return flags;
|
||||
|
Loading…
x
Reference in New Issue
Block a user