Hi, I'm not a WPA expert and security expert, Could you explain why the patch sent by Alexander Wetzel break the security properties of this code? The Alexander's patch is in attachment. Thanks for your help. > -----Message d'origine----- > De : linux-wireless-owner@xxxxxxxxxxxxxxx [mailto:linux-wireless- > owner@xxxxxxxxxxxxxxx] De la part de voncken > Envoyé : mardi 29 décembre 2015 16:24 > À : 'Emmanuel Grumbach' > Cc : 'linux-wireless'; 'Johannes Berg' > Objet : RE: Mac80211 : Wpa rekeying issue > > > -----Message d'origine----- > > De : Emmanuel Grumbach [mailto:egrumbach@xxxxxxxxx] Envoyé : mardi 29 > > décembre 2015 15:20 À : Cedric VONCKEN Cc : linux-wireless Objet : Re: > > Mac80211 : Wpa rekeying issue > > > > On Tue, Dec 29, 2015 at 3:01 PM, Cedric VONCKEN > > <cedric.voncken@xxxxxxxxx> > > wrote: > > > Hi, > > > > > > My test plateform is: > > > 2 equipements > > > Both equipment used compat version 2015-07-21 from openwrt. > > > Both equipment used security WPA2 > > > > > > The equipment #1 is an AP. > > > The Group rekey interval is set to 3601s > > > The Pair rekey interval set to 50s (I reduced this value to > > > show the issue often) > > > The Master rekey interval is set to 86400 s. > > > > > > The equipment #2 is a sta+wds > > > > > > I used a 5GHz channel to have a free channel (without other AP) I > > > connected a computer on each equipment. > > > > > > To reproduce the issue: > > > I ran iperf udp@50Mbps from computer connected to the AP to > > > the computer connected to the sta. After several WPA2 rekeying, > > > iperf server side didn't received any frame. > > > > > > I investigated in the driver. All packets are dropped in sta side, > > > because the function ieee80211_crypto_ccmp_decrypt return > > > Rx_DROP_UNUSABLE. This function return this code because the test > > > if(memcmp(pn,key->u.ccmp.rx_pn[queue],IEEE8021_CCMP_PN_LEN) <=0) > > > return true. > > > > > > Have you any idea to fix this issue? > > > > > > > I don't remember exactly what we had, but you may look at > > http://permalink.gmane.org/gmane.linux.kernel.wireless.general/137742 > > Thanks for the link, I think I'm in the same situation. > > How can I fix this issue? > > Because the patch sent by Alexander Wetzel was rejected by Johannes (for > security reason), and if I disable the hw crypto I will have performance > issue. > > > -- > To unsubscribe from this list: send the line "unsubscribe linux-wireless" > in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info > at http://vger.kernel.org/majordomo-info.html
Attachment:
fix1.patch
Description: Binary data
