From: Michael Buesch <mb@bu3sch.de>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: John Linville <linville@tuxdriver.com>, Jiri Benc <jbenc@suse.cz>,
Michael Wu <flamingice@sourmilk.net>,
linux-wireless@vger.kernel.org
Subject: Re: [PATCH 2/3] mac80211: revamp key handling
Date: Fri, 31 Aug 2007 15:03:34 +0200 [thread overview]
Message-ID: <200708311503.35568.mb@bu3sch.de> (raw)
In-Reply-To: <1188517504.7585.17.camel@johannes.berg>
On Friday 31 August 2007, Johannes Berg wrote:
> Huh, this turned out to be buggy in b43:
>
> > @@ -2921,13 +2919,15 @@ static int b43_dev_set_key(struct ieee80
> > err = b43_key_write(dev, index, algorithm,
> > key->key, key->keylen, NULL, key);
> > } else {
> > + /*
> > + * either pairwise key or address is 00:00:00:00:00:00
> > + * for transmit-only keys
> > + */
> > err = b43_key_write(dev, -1, algorithm,
> > key->key, key->keylen, addr, key);
> > }
> > - if (err) {
> > - key->flags |= IEEE80211_KEY_FORCE_SW_ENCRYPT;
> > + if (err)
> > goto out_unlock;
> > - }
> > dev->key[key->hw_key_idx].enabled = 1;
> >
> > if (algorithm == B43_SEC_ALGO_WEP40 ||
>
> The same obviously has to be done when deleting keys. Michael, you can
> either use the patch below or rework it to use the hw_key_idx to delete
> the key.
>
> Interestingly, this way I found out that when the B43_RX_MAC_DECERR flag
> is set on a frame, then the hardware has decrypted the data with the
> wrong key and then found that the ICV isn't correct so that the data is
> completely mangled. Hence, you should simply drop the frame in that case
> instead of passing it up, mac80211 will simply again attempt to decrypt
> it and, since the frame is already decrypted with the wrong key, only
> get garbage. This could even be used to DoS a machine with little
> resources like an AP: simply send a lot of broken frames that mac80211
> will try to decrypt in software.
I am sorry. I introduced this as I didn't understand my own weird code anymore. :)
I think I'll fix this by using the hw_key_idx.
next prev parent reply other threads:[~2007-08-31 13:04 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-21 15:57 [PATCH 0/3] improve mac80211 key handling Johannes Berg
2007-08-21 15:57 ` [PATCH 1/3] mac80211: embed key conf in key, fix driver interface Johannes Berg
2007-08-21 15:57 ` [PATCH 2/3] mac80211: revamp key handling Johannes Berg
2007-08-30 23:45 ` Johannes Berg
2007-08-31 13:03 ` Michael Buesch [this message]
2007-08-31 23:40 ` Johannes Berg
2007-08-21 15:57 ` [PATCH 3/3] mac80211: add interface index to key debugfs Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200708311503.35568.mb@bu3sch.de \
--to=mb@bu3sch.de \
--cc=flamingice@sourmilk.net \
--cc=jbenc@suse.cz \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.