2017-08-07 16:49:06

by Michael Skeffington

Subject: [PATCH v3] rt2x00: Fix MMIC Countermeasures

Set RX_FLAG_DECRYPTED in case of MMIC failure so that
ieee80211_rx_h_decrypt() doesnt drop the frame before getting to
ieee80211_rx_h_michael_mic_verify().

Signed-off-by: Michael Skeffington <[email protected]>

---
drivers/net/wireless/ralink/rt2x00/rt2800mmio.c | 13 +++++++++++--
drivers/net/wireless/ralink/rt2x00/rt2800usb.c | 15 ++++++++++++---
2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800mmio.c b/drivers/net/wireless/ralink/rt2x00/rt2800mmio.c
index ee5276e233fa..1123e2bed803 100644
--- a/drivers/net/wireless/ralink/rt2x00/rt2800mmio.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt2800mmio.c
@@ -136,10 +136,19 @@ void rt2800mmio_fill_rxdone(struct queue_entry *entry,
*/
rxdesc->flags |= RX_FLAG_MMIC_STRIPPED;

- if (rxdesc->cipher_status == RX_CRYPTO_SUCCESS)
+ if (rxdesc->cipher_status == RX_CRYPTO_SUCCESS) {
rxdesc->flags |= RX_FLAG_DECRYPTED;
- else if (rxdesc->cipher_status == RX_CRYPTO_FAIL_MIC)
+ } else if (rxdesc->cipher_status == RX_CRYPTO_FAIL_MIC) {
+ /*
+ * In order to check the Michael Mic, the packet must have
+ * been decrypted. Mac80211 doesnt check the MMIC failure
+ * flag to initiate MMIC countermeasures if the decoded flag
+ * has not been set.
+ */
+ rxdesc->flags |= RX_FLAG_DECRYPTED;
+
rxdesc->flags |= RX_FLAG_MMIC_ERROR;
+ }
}

if (rt2x00_get_field32(word, RXD_W3_MY_BSS))
diff --git a/drivers/net/wireless/ralink/rt2x00/rt2800usb.c b/drivers/net/wireless/ralink/rt2x00/rt2800usb.c
index 685b8e0cd67d..3e5d3a40d986 100644
--- a/drivers/net/wireless/ralink/rt2x00/rt2800usb.c
+++ b/drivers/net/wireless/ralink/rt2x00/rt2800usb.c
@@ -697,11 +697,20 @@ static void rt2800usb_fill_rxdone(struct queue_entry *entry,
* stripped it from the frame. Signal this to mac80211.
*/
rxdesc->flags |= RX_FLAG_MMIC_STRIPPED;
-
- if (rxdesc->cipher_status == RX_CRYPTO_SUCCESS)
+
+ if (rxdesc->cipher_status == RX_CRYPTO_SUCCESS) {
+ rxdesc->flags |= RX_FLAG_DECRYPTED;
+ } else if (rxdesc->cipher_status == RX_CRYPTO_FAIL_MIC) {
+ /*
+ * In order to check the Michael Mic, the packet must have
+ * been decrypted. Mac80211 doesnt check the MMIC failure
+ * flag to initiate MMIC countermeasures if the decoded flag
+ * has not been set.
+ */
rxdesc->flags |= RX_FLAG_DECRYPTED;
- else if (rxdesc->cipher_status == RX_CRYPTO_FAIL_MIC)
+
rxdesc->flags |= RX_FLAG_MMIC_ERROR;
+ }
}

if (rt2x00_get_field32(word, RXD_W0_MY_BSS))
--
2.11.0

2017-08-08 11:53:49

by Kalle Valo

Subject: Re: [v3] rt2x00: Fix MMIC Countermeasures

Michael Skeffington <[email protected]> wrote:

> Set RX_FLAG_DECRYPTED in case of MMIC failure so that
> ieee80211_rx_h_decrypt() doesnt drop the frame before getting to
> ieee80211_rx_h_michael_mic_verify().
>
> Signed-off-by: Michael Skeffington <[email protected]>
> Acked-by: Stanislaw Gruszka <[email protected]>

Patch applied to wireless-drivers-next.git, thanks.

2db3aaba0a9f rt2x00: Fix MMIC Countermeasures

--
https://patchwork.kernel.org/patch/9885839/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches

2017-08-08 06:11:05

by Stanislaw Gruszka

Subject: Re: [PATCH v3] rt2x00: Fix MMIC Countermeasures

On Mon, Aug 07, 2017 at 12:47:36PM -0400, Michael Skeffingfon wrote:
> Set RX_FLAG_DECRYPTED in case of MMIC failure so that
> ieee80211_rx_h_decrypt() doesnt drop the frame before getting to
> ieee80211_rx_h_michael_mic_verify().
>
> Signed-off-by: Michael Skeffington <[email protected]>

Acked-by: Stanislaw Gruszka <[email protected]>