From nobody Mon Jun 26 12:29:38 2023 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QqRxG4bnyz4kSkT; Mon, 26 Jun 2023 12:29:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QqRxG4BSwz46x7; Mon, 26 Jun 2023 12:29:38 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687782578; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Jy8n+XmFsuYsmNMnOFOo5CwDqgTq22twiZGXItMGVZc=; b=OgKI7lu/7CKZtDV/uaTfiYOLiq6pbNB4mPhA9LyZ5hfPQMlyYwJG9Mly8KxqGYi4TTWQid 2jye0qfJarhNlz4oclPAB4IM/Tu/JSRvHvRxzdycYOGuu/PUvNpMnB5FSc9256Fm+bdPfI MJZK1JnlfrwkpR1H8VM9RonCC46vWMA1vuuCT+tkDdu8MqG/ArV3Mw9ub8GT9BT92pwNEK yUWpZoom70/QP4ILoeV/nm57vAEBll+PwijOwARhP2IqoMB+fLDDdNPkXCxegPMTL6Zrj8 yPs1qm+2iZZAK6VgU9CCGEqnBKgeC45mLshMZ9XvCcViOwsNR2qepJDJiLbblQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1687782578; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Jy8n+XmFsuYsmNMnOFOo5CwDqgTq22twiZGXItMGVZc=; b=dbzRG355w9KipGRcZ7e35HNkh3CpEx9/G979Jj+OpoIXCI1ZLqvJM7bbysijIERy45qDmp mbbIWJgsNFeQBhdGXrPbU+9jSxA+oKmCdOrjLxHjXGeLg1Kt6FPduZookuod63QCElYQOO uGbZzXuEzPRHXG/uxKLruHWdwUXbF5SUvVik9Wsix4u9J61xjrwnzCuJzP+4o2o3apIc0p KVBHJfEm2quvRk2HK49kw+RS+EzMuilPYfYoD91fJaj8x3JmoBJjreigrABGMtZcpXm0Zb LE+n8lIO/+0Hk9qSFBRTMnoIYEz1SqG2nmEzE7aPcAXYwgWu/tn8DWD/4D2M0A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1687782578; a=rsa-sha256; cv=none; b=GNwbfHyt9s0MPsyJxoVi26ojHg/Qtk8CFv044nbZPz+0lVCIYs6Fjlht7suRw/ScJPJzGv 3eWSbrfRzfsNOE7E/4JHbbccNvk1lS5W9vs6aA29vKjNCY9k5fdgvCMcZ26qyM5UD2xfkp iN+6YRkKIFJoo+GbELisli46gHZMWHfUGYwk3mcTRti0R8V1/kTwt5G8ErlYwwtPczzHoI nqy1CfCa3WLehLPC54I2Q1+3f6UY2tZyWMNYmXvFrMJVtIkegKiFy/44AtpLig19zgEROq N4z8bCKLn+AgUzdKh5TmSScQiGgZJs9HZjEmjksHBQ3xRuXBDzLXS3apEh7zAw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QqRxG3H5vz194W; Mon, 26 Jun 2023 12:29:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 35QCTcJd017509; Mon, 26 Jun 2023 12:29:38 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 35QCTcVk017507; Mon, 26 Jun 2023 12:29:38 GMT (envelope-from git) Date: Mon, 26 Jun 2023 12:29:38 GMT Message-Id: <202306261229.35QCTcVk017507@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: "Bjoern A. Zeeb" Subject: git: 84d538470bce - stable/12 - net80211: fail for unicast traffic without unicast key List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: bz X-Git-Repository: src X-Git-Refname: refs/heads/stable/12 X-Git-Reftype: branch X-Git-Commit: 84d538470bced9b1a45064c7845c92551a15e3e1 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/12 has been updated by bz: URL: https://cgit.FreeBSD.org/src/commit/?id=84d538470bced9b1a45064c7845c92551a15e3e1 commit 84d538470bced9b1a45064c7845c92551a15e3e1 Author: domienschepers AuthorDate: 2022-11-10 00:00:00 +0000 Commit: Bjoern A. Zeeb CommitDate: 2023-06-26 12:28:52 +0000 net80211: fail for unicast traffic without unicast key Falling back to the multicast key may cause unicast traffic to leak. Instead fail when no key is found. For more information see the 'Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues' paper. [ I updated the commit message to reference the paper and the code comment to record historic behaviour as discussed in private email. ] (cherry picked from commit 61605e0ae5d8f34b89b8e71e393f3006f511e86a) --- sys/net80211/ieee80211_crypto.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/sys/net80211/ieee80211_crypto.c b/sys/net80211/ieee80211_crypto.c index d565b3511170..0e605bf13a43 100644 --- a/sys/net80211/ieee80211_crypto.c +++ b/sys/net80211/ieee80211_crypto.c @@ -560,13 +560,17 @@ ieee80211_crypto_get_txkey(struct ieee80211_node *ni, struct mbuf *m) /* * Multicast traffic always uses the multicast key. - * Otherwise if a unicast key is set we use that and - * it is always key index 0. When no unicast key is - * set we fall back to the default transmit key. + * + * Historically we would fall back to the default + * transmit key if there was no unicast key. This + * behaviour was documented up to IEEE Std 802.11-2016, + * 12.9.2.2 Per-MSDU/Per-A-MSDU Tx pseudocode, in the + * 'else' case but is no longer in later versions of + * the standard. Additionally falling back to the + * group key for unicast was a security risk. */ wh = mtod(m, struct ieee80211_frame *); - if (IEEE80211_IS_MULTICAST(wh->i_addr1) || - IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) { + if (IEEE80211_IS_MULTICAST(wh->i_addr1)) { if (vap->iv_def_txkey == IEEE80211_KEYIX_NONE) { IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_CRYPTO, wh->i_addr1, @@ -578,6 +582,8 @@ ieee80211_crypto_get_txkey(struct ieee80211_node *ni, struct mbuf *m) return &vap->iv_nw_keys[vap->iv_def_txkey]; } + if (IEEE80211_KEY_UNDEFINED(&ni->ni_ucastkey)) + return NULL; return &ni->ni_ucastkey; }