From: Jouni Malinen <j@w1.fi>
To: mike@hellotwist.com
Cc: Johannes Berg <johannes@sipsolutions.net>,
linux-wireless@vger.kernel.org
Subject: Re: [PATCH] mac80211: Validate michael MIC before attempting packet decode.
Date: Wed, 10 May 2017 15:24:58 +0300 [thread overview]
Message-ID: <20170510122458.GA4796@w1.fi> (raw)
In-Reply-To: <CAKXXJEzWfNrQxquCzA5dkD5=xCXWyeAC+_yBT35N1oDk-H_Buw@mail.gmail.com>
On Tue, May 09, 2017 at 02:16:31PM -0400, Michael Skeffington wrote:
> In order to allow wpa_supplicant to correctly identify a perceived WPA TKIP key
> recovery attack the michael MIC must be checked before the packet decode is
> attempted. A packet with an invalid MIC will always fail a decrypt check which
> previously was being checked first. Therefore the MIC failure bit of
> status flags
> describing the error would remain unset.
Which driver and WLAN hardware are you using? Michael MIC is encrypted,
so to be able to check that, the frame will obviously need to be
decrypted first. If that WEP decryption fails, this frame needs to be
dropped without indicating Michael MIC failure. WEP part here is
completely independent of Michael MIC.
It is possible that there is a driver that handles these steps in
hardware/firmware and if so, that driver may have a bug if you do not
see Michael MIC failures reported correctly. Anyway, as Johannes pointed
out, this part in mac80211 is in the correct sequence and that cannot be
changed since it would completely break TKIP for more or less all
software-based cases.
--
Jouni Malinen PGP id EFC895FA
next prev parent reply other threads:[~2017-05-10 12:30 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-09 18:16 [PATCH] mac80211: Validate michael MIC before attempting packet decode Michael Skeffington
2017-05-10 10:44 ` Johannes Berg
2017-05-10 12:24 ` Jouni Malinen [this message]
2017-05-11 20:22 ` Michael Skeffington
2017-05-12 8:52 ` Johannes Berg
2017-05-16 19:57 ` Michael Skeffington
2017-05-16 20:17 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170510122458.GA4796@w1.fi \
--to=j@w1.fi \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=mike@hellotwist.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).