Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp4160410pxk; Tue, 22 Sep 2020 11:48:47 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxop04cpqDtGIiS41WB0sz1wotAmMrQJ1zwCr6CrVCO7q/7wi2YUjQ+Ae5Qabq6zATDCmWl X-Received: by 2002:a17:907:20d0:: with SMTP id qq16mr6142049ejb.65.1600800527188; Tue, 22 Sep 2020 11:48:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600800527; cv=none; d=google.com; s=arc-20160816; b=YNqay1nRMaslDAtHAcpmSnlvNmHgFi/dgmSN16szFTXjFklMEN0xiSd9ldJwJLalvT EDlecj/mTsis/uhVHPDy/TYuwpTT2oSvDtQEk0CofqxPXBUANc7Zj/9dmeOJDMSV9XEf 8TZwFoRhH+tecE5FgcyJt78og70ROSte5/js6Ndvf5dbccev/3jbBh5j+lTbyyqrNi/U HCeZ3oCh7PuhbcQ/vU2xaOwe/Go8YDpJlbmgm2zUHqYOoHE3VvRRCo/XsgF+d/O/HapW cwAg16Npp+hdHNEiNTVKIgIfyPbRNV93Qpfr4zKEn+2z/i+1lQUijCh0W2Fy5fjdcmcT I6ug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:references:cc :to:subject:dkim-signature:from; bh=AUSuDF+3CjZ7DAY6YNjsMMQnM/mqL/I/MjS6Voo6FB4=; b=YFj2+91Y5ywQlM+72lDsJmH0hFfmxvn3cNgAbyYqexO7wArbl6iXz/q3YOULB9e6gt pTSX/RYO9mlf2chyR7hYOK3G6KlYooaSRhhXswasXItyjao+FmNS8NJzJpcjkCY4xS6i i0W21ebmSvk60D90FVlfRAGGh2MBWbCiefSs48c7ex9IarQ01ZY1AjLfJgTfnObls7bs V93UhT5x7KCm7MUJeTrUSMk3zyEGZEyn85hP6MTwBRdza0qz/8EwAihlcBWdVJtU+p60 NpJUgNqzI9YLMhPkamtqKwXWAFKdAJDoLKp8C4JFtUBB5xUpsBSvtXYjkmzniOHlgfj/ H+5A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@wetzel-home.de header.s=wetzel-home header.b=XGmuMRFG; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=wetzel-home.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f4si11918555edj.307.2020.09.22.11.48.06; Tue, 22 Sep 2020 11:48:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@wetzel-home.de header.s=wetzel-home header.b=XGmuMRFG; spf=pass (google.com: domain of linux-wireless-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=wetzel-home.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726652AbgIVSph (ORCPT + 99 others); Tue, 22 Sep 2020 14:45:37 -0400 Received: from 2.mo174.mail-out.ovh.net ([178.33.110.43]:41491 "EHLO 2.mo174.mail-out.ovh.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726573AbgIVSpe (ORCPT ); Tue, 22 Sep 2020 14:45:34 -0400 Received: from mxplan8.mail.ovh.net (unknown [10.109.146.129]) by mo174.mail-out.ovh.net (Postfix) with ESMTPS id 08C4A44F2B26; Tue, 22 Sep 2020 20:45:30 +0200 (CEST) Received: from awhome.eu (37.59.142.105) by mxplan8.mail.ovh.net (172.16.2.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2044.4; Tue, 22 Sep 2020 20:45:30 +0200 Authentication-Results: garm.ovh; auth=pass (GARM-105G00684d37a1e-bfa2-4b27-a5be-75639e02e191, 4C3E3D8FEB463474C42C0B9415162D5E591AC1A3) smtp.auth=postmaster@awhome.eu From: Alexander Wetzel DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wetzel-home.de; s=wetzel-home; t=1600800329; bh=D2O/29a+2Ir93722aA1JuMzU1wFGsj/YUTfeTXhvuoI=; h=From:Subject:To:Cc:References:Date:In-Reply-To; b=XGmuMRFGTt/VOuo86KgZ+2VNhbs3HIm625wkkvHexHB68Yvvt9hIsyTOZhUuuChKA NznDlRrPoFzftBOoDpr6Mbf6NN5LAMk63L8zgfGEfkgpo/2VT/6snV//GJAEmzBXRN 5t016tMreNnaV1ms/5phMfoYxggnJA7iIK6Telsw= Subject: Re: [PATCH] iwlwifi: add NL80211_EXT_FEATURE_CAN_REPLACE_PTK0 support To: Johannes Berg , "linux-wireless@vger.kernel.org" Cc: "luciano.coelho@intel.com" , "emmanuel.grumbach@intel.com" , "linuxwifi@intel.com" References: <20200918171301.6942-1-alexander@wetzel-home.de> Message-ID: Date: Tue, 22 Sep 2020 20:45:26 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset="utf-8"; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Ovh-Tracer-GUID: 9f3fffd8-5ab9-49d3-9832-5236c24847a2 X-Ovh-Tracer-Id: 5064860732984401059 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: -100 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedujedrudeggdduvdelucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuqfggjfdpvefjgfevmfevgfenuceurghilhhouhhtmecuhedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhephffuvfhfkffffgggjggtgfesthekredttdefjeenucfhrhhomheptehlvgigrghnuggvrhcuhggvthiivghluceorghlvgigrghnuggvrhesfigvthiivghlqdhhohhmvgdruggvqeenucggtffrrghtthgvrhhnpefhueekgfdvieetveehvdelgefgveeufffgvdeuteeufeduieehkefhlefgteegtdenucfkpheptddrtddrtddrtddpfeejrdehledrudegvddruddtheenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdqohhuthdphhgvlhhopehmgihplhgrnhekrdhmrghilhdrohhvhhdrnhgvthdpihhnvghtpedtrddtrddtrddtpdhmrghilhhfrhhomheprghlvgigrghnuggvrhesfigvthiivghlqdhhohhmvgdruggvpdhrtghpthhtoheplhhinhhugidqfihirhgvlhgvshhssehvghgvrhdrkhgvrhhnvghlrdhorhhg Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org Am 20.09.20 um 08:37 schrieb Alexander Wetzel: > > >> > >> +        /* GCMP and 256 bit CCMP keys the key can't be copied into the > >> +         * MPDU struct ieee80211_tx_info. We therefore must flush the > >> +         * queues to ensure there are no MPDUs left which are > referring > >> +         * to the outgoing key. > >> +         */ > >> +        if (key->flags & IEEE80211_KEY_FLAG_PAIRWISE && > >> +            (key->cipher == WLAN_CIPHER_SUITE_GCMP || > >> +             key->cipher == WLAN_CIPHER_SUITE_GCMP_256 || > >> +             key->cipher == WLAN_CIPHER_SUITE_CCMP_256)) { > >> +            ieee80211_stop_queues(hw); > >> +            iwl_mvm_mac_flush(hw, vif, 0, true); > >> +            ieee80211_wake_queues(hw); > >> +        } > > > > Shouldn't the wake be after installing the new key? Otherwise new frames > > can race and be there again? > > mac80211 is taking care of that and has already stopped queuing new > MPDUs which would use the key by setting KEY_FLAG_TAINTED on it. So for > a PTK0 rekey we are fine, mac80211 won't queue frames with the key under > deletion. > Ok, forget this patch, the mvm part is pointless. The maximum we have to do is pausing the queues when we delete a key, no flush required at all... I'll look into that again and send an updated version: The hw_key and the keyid is set (again) when we dequeue. So we either get a valid key or ieee80211_tx_dequeue() drops the MPDU itself. Therefore it's irrelevant if we lookup the key from a table or store it in the MPDU info struct. Now we may still have a race within the driver but simply pausing dequeuing during key deletion should do the trick. > But I think we should start setting KEY_FLAG_TAINTED for *any* PTK > deletion to make sure we are not sending out MPDUs with a zero key or > something like that. This is a special kind of a rekey case we missed so > far but should be trival cover that, too. > > That is then basically taking care about the generic Kr00k vulnerability >  some months ago. > > Now I'm not aware of we have any mitigations in the code for that but > when we set KEY_FLAG_TAINTED for key deletions any driver which is able > to rekey PTK0 correctly can't be affected by Kr00k any longer. > Looked at the current code and turns out we have at least two mitigations for that now: 1) commit ce2e1ca70307 "(mac80211: Check port authorization in the ieee80211_tx_dequeue() case)" and 2) commit a0761a301746 "(mac80211: drop data frames without key on encrypted links)" > I'll look into that in the next days and prepare a patch for mac8011 to > discuss that. I've the patch basically ready, but there are already the two mitigations mentioned above in place. The only thing the new patch seems to improves is deleting an active PTK key without de-authentication which seems to have no valid use cases. And it makes KEY_FLAG_TAINTED more logical by also stopping Tx for an outgoing key and not only when we replace it. I'll probably still send it as an RFC patch to sort out if we still want that or not. Alexander