From: John Crispin Date: Mon, 3 Feb 2020 12:28:12 +0000 (+0100) Subject: mac80211: fix 11w when using encapsulation offloading X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=3c706b973b51ed45e4c0f40642cfb650dfc804d7;p=openwrt%2Fstaging%2Fblogic.git mac80211: fix 11w when using encapsulation offloading The 802.11 encapsulation returned early when setting up the keys in case offloading was enabled. This causes ieee802.11w to not work anymore. Fix this by moving the check for offloading into the switch/case construct and allowing CCMP/GCMP keys. With this patch applied ieee80211w works again when enabling offloading. Fixes: 50ff477a8639 ("mac80211: add 802.11 encapsulation offloading support") Reported-by: Maharaja Kennadyrajan Signed-off-by: John Crispin Link: https://lore.kernel.org/r/20200203122812.18993-1-john@phrozen.org Signed-off-by: Johannes Berg --- diff --git a/net/mac80211/key.c b/net/mac80211/key.c index 9a3a6b95fa27..54934eff4ac1 100644 --- a/net/mac80211/key.c +++ b/net/mac80211/key.c @@ -210,10 +210,6 @@ static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key) key->conf.keyidx, sta ? sta->sta.addr : bcast_addr, ret); - /* cannot do software crypto with encapsulation offload */ - if (sdata->hw_80211_encap) - return -EINVAL; - out_unsupported: switch (key->conf.cipher) { case WLAN_CIPHER_SUITE_WEP40: @@ -221,12 +217,20 @@ static int ieee80211_key_enable_hw_accel(struct ieee80211_key *key) case WLAN_CIPHER_SUITE_TKIP: case WLAN_CIPHER_SUITE_CCMP: case WLAN_CIPHER_SUITE_CCMP_256: + case WLAN_CIPHER_SUITE_GCMP: + case WLAN_CIPHER_SUITE_GCMP_256: + /* We cannot do software crypto of data frames with + * encapsulation offload enabled. However for 802.11w to + * function properly we need cmac/gmac keys. + */ + if (sdata->hw_80211_encap) + return -EINVAL; + /* Fall through */ + case WLAN_CIPHER_SUITE_AES_CMAC: case WLAN_CIPHER_SUITE_BIP_CMAC_256: case WLAN_CIPHER_SUITE_BIP_GMAC_128: case WLAN_CIPHER_SUITE_BIP_GMAC_256: - case WLAN_CIPHER_SUITE_GCMP: - case WLAN_CIPHER_SUITE_GCMP_256: /* all of these we can do in software - if driver can */ if (ret == 1) return 0;