65835e0d5f
Refresh all patches. The removed patches were integrated upstream. This contains fixes for CVE-2020-3702 1. These patches (ath, ath9k, mac80211) were included in kernel versions since 4.14.245 and 4.19.205. They fix security vulnerability CVE-2020-3702 [1] similar to KrØØk, which was found by ESET [2]. Thank you Josef Schlehofer for reporting this problem. [1] https://nvd.nist.gov/vuln/detail/CVE-2020-3702 [2] https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/ Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
75 lines
2.8 KiB
Diff
75 lines
2.8 KiB
Diff
From: Rohan Dutta <drohan@codeaurora.org>
|
|
Date: Tue, 27 Oct 2020 12:09:10 +0200
|
|
Subject: [PATCH] cfg80211: Add support to configure SAE PWE value to drivers
|
|
|
|
Add support to configure SAE PWE preference from userspace to drivers in
|
|
both AP and STA modes. This is needed for cases where the driver takes
|
|
care of Authentication frame processing (SME in the driver) so that
|
|
correct enforcement of the acceptable PWE derivation mechanism can be
|
|
performed.
|
|
|
|
The userspace applications can pass the sae_pwe value using the
|
|
NL80211_ATTR_SAE_PWE attribute in the NL80211_CMD_CONNECT and
|
|
NL80211_CMD_START_AP commands to the driver. This allows selection
|
|
between the hunting-and-pecking loop and hash-to-element options for PWE
|
|
derivation. For backwards compatibility, this new attribute is optional
|
|
and if not included, the driver is notified of the value being
|
|
unspecified.
|
|
|
|
Signed-off-by: Rohan Dutta <drohan@codeaurora.org>
|
|
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
|
|
Link: https://lore.kernel.org/r/20201027100910.22283-1-jouni@codeaurora.org
|
|
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
---
|
|
|
|
--- a/include/net/cfg80211.h
|
|
+++ b/include/net/cfg80211.h
|
|
@@ -1009,6 +1009,14 @@ struct survey_info {
|
|
* @sae_pwd: password for SAE authentication (for devices supporting SAE
|
|
* offload)
|
|
* @sae_pwd_len: length of SAE password (for devices supporting SAE offload)
|
|
+ * @sae_pwe: The mechanisms allowed for SAE PWE derivation
|
|
+ * NL80211_SAE_PWE_UNSPECIFIED: Not-specified, used to indicate userspace
|
|
+ * did not specify any preference. The driver should follow its
|
|
+ * internal policy in such a scenario.
|
|
+ * NL80211_SAE_PWE_HUNT_AND_PECK: Allow hunting-and-pecking loop only
|
|
+ * NL80211_SAE_PWE_HASH_TO_ELEMENT: Allow hash-to-element only
|
|
+ * NL80211_SAE_PWE_BOTH: Allow either hunting-and-pecking loop
|
|
+ * or hash-to-element
|
|
*/
|
|
struct cfg80211_crypto_settings {
|
|
u32 wpa_versions;
|
|
@@ -1027,6 +1035,7 @@ struct cfg80211_crypto_settings {
|
|
const u8 *psk;
|
|
const u8 *sae_pwd;
|
|
u8 sae_pwd_len;
|
|
+ enum nl80211_sae_pwe_mechanism sae_pwe;
|
|
};
|
|
|
|
/**
|
|
--- a/net/wireless/nl80211.c
|
|
+++ b/net/wireless/nl80211.c
|
|
@@ -736,6 +736,9 @@ static const struct nla_policy nl80211_p
|
|
NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
|
|
[NL80211_ATTR_S1G_CAPABILITY_MASK] =
|
|
NLA_POLICY_EXACT_LEN(IEEE80211_S1G_CAPABILITY_LEN),
|
|
+ [NL80211_ATTR_SAE_PWE] =
|
|
+ NLA_POLICY_RANGE(NLA_U8, NL80211_SAE_PWE_HUNT_AND_PECK,
|
|
+ NL80211_SAE_PWE_BOTH),
|
|
[NL80211_ATTR_RECONNECT_REQUESTED] = { .type = NLA_REJECT },
|
|
};
|
|
|
|
@@ -9763,6 +9766,12 @@ static int nl80211_crypto_settings(struc
|
|
nla_len(info->attrs[NL80211_ATTR_SAE_PASSWORD]);
|
|
}
|
|
|
|
+ if (info->attrs[NL80211_ATTR_SAE_PWE])
|
|
+ settings->sae_pwe =
|
|
+ nla_get_u8(info->attrs[NL80211_ATTR_SAE_PWE]);
|
|
+ else
|
|
+ settings->sae_pwe = NL80211_SAE_PWE_UNSPECIFIED;
|
|
+
|
|
return 0;
|
|
}
|
|
|