Re: [PATCH] mac80211 : fix a race with update_tkip_key

public inbox for linux-wireless@vger.kernel.org
 help / color / mirror / Atom feed

From: gregor kowski <gregor.kowski@gmail.com>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: linux-wireless@vger.kernel.org
Subject: Re: [PATCH] mac80211 : fix a race with update_tkip_key
Date: Fri, 12 Jun 2009 22:41:33 +0200	[thread overview]
Message-ID: <83a869cd0906121341k3b58b80fvefdb74c2fca9449d@mail.gmail.com> (raw)
In-Reply-To: <1244750836.29447.5.camel@johannes.local>

[-- Attachment #1: Type: text/plain, Size: 390 bytes --]

Here is a patch that should fix all issue :
The mac80211 tkip code won't call update_tkip_key, if some rx packets
get received without KEY_FLAG_UPLOADED_TO_HARDWARE. This can happen on
first packet because the hardware key stuff is called asynchronously with
todo workqueue.

This patch workaround that by always calling once update_tkip_key if
the packet wasn't decrypted by the hardware.

[-- Attachment #2: tkip_corev2.diff --]
[-- Type: text/x-diff, Size: 3756 bytes --]

The mac80211 tkip code won't call update_tkip_key, if some rx packets
get received without KEY_FLAG_UPLOADED_TO_HARDWARE. This can happen on
first packet because the hardware key stuff is called asynchronously with 
todo workqueue.

This patch workaround that by always calling once update_tkip_key if
the packet wasn't decrypted by the hardware.

Signed-off-by: Gregor Kowski <gregor.kowski@gmail.com>
Index: linux-2.6/net/mac80211/tkip.c
===================================================================
--- linux-2.6.orig/net/mac80211/tkip.c	2009-06-10 20:12:32.000000000 +0000
+++ linux-2.6/net/mac80211/tkip.c	2009-06-12 20:31:35.000000000 +0000
@@ -19,6 +19,12 @@
 
 #define PHASE1_LOOP_COUNT 8
 
+enum {
+	INITIALIZED_NONE,
+	INITIALIZED_PHASE1,
+	INITIALIZED_UPDATE_KEY,
+};
+
 /*
  * 2-byte by 2-byte subset of the full AES S-box table; second part of this
  * table is identical to first part but byte-swapped
@@ -99,7 +105,7 @@
 		p1k[3] += tkipS(p1k[2] ^ get_unaligned_le16(tk + 12 + j));
 		p1k[4] += tkipS(p1k[3] ^ get_unaligned_le16(tk + 0 + j)) + i;
 	}
-	ctx->initialized = 1;
+	ctx->initialized = INITIALIZED_PHASE1;
 }
 
 static void tkip_mixing_phase2(const u8 *tk, struct tkip_ctx *ctx,
@@ -182,7 +188,7 @@
 	/* Update the p1k only when the iv16 in the packet wraps around, this
 	 * might occur after the wrap around of iv16 in the key in case of
 	 * fragmented packets. */
-	if (iv16 == 0 || !ctx->initialized)
+	if (iv16 == 0 || ctx->initialized == INITIALIZED_NONE)
 		tkip_mixing_phase1(tk, ctx, hdr->addr2, iv32);
 
 	if (type == IEEE80211_TKIP_P1_KEY) {
@@ -208,7 +214,7 @@
 	const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY];
 
 	/* Calculate per-packet key */
-	if (ctx->iv16 == 0 || !ctx->initialized)
+	if (ctx->iv16 == 0 || ctx->initialized == INITIALIZED_NONE)
 		tkip_mixing_phase1(tk, ctx, ta, ctx->iv32);
 
 	tkip_mixing_phase2(tk, ctx, ctx->iv16, rc4key);
@@ -258,7 +264,7 @@
 	if ((keyid >> 6) != key->conf.keyidx)
 		return TKIP_DECRYPT_INVALID_KEYIDX;
 
-	if (key->u.tkip.rx[queue].initialized &&
+	if (key->u.tkip.rx[queue].initialized != INITIALIZED_NONE &&
 	    (iv32 < key->u.tkip.rx[queue].iv32 ||
 	     (iv32 == key->u.tkip.rx[queue].iv32 &&
 	      iv16 <= key->u.tkip.rx[queue].iv16))) {
@@ -274,11 +280,11 @@
 
 	if (only_iv) {
 		res = TKIP_DECRYPT_OK;
-		key->u.tkip.rx[queue].initialized = 1;
+		key->u.tkip.rx[queue].initialized = INITIALIZED_UPDATE_KEY;
 		goto done;
 	}
 
-	if (!key->u.tkip.rx[queue].initialized ||
+	if (key->u.tkip.rx[queue].initialized == INITIALIZED_NONE ||
 	    key->u.tkip.rx[queue].iv32 != iv32) {
 		/* IV16 wrapped around - perform TKIP phase 1 */
 		tkip_mixing_phase1(tk, &key->u.tkip.rx[queue], ta, iv32);
@@ -298,19 +304,21 @@
 			printk("\n");
 		}
 #endif
-		if (key->local->ops->update_tkip_key &&
-			key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE) {
-			u8 bcast[ETH_ALEN] =
-				{0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
-			u8 *sta_addr = key->sta->sta.addr;
-
-			if (is_multicast_ether_addr(ra))
-				sta_addr = bcast;
-
-			key->local->ops->update_tkip_key(
-				local_to_hw(key->local), &key->conf,
-				sta_addr, iv32, key->u.tkip.rx[queue].p1k);
-		}
+	}
+	if (key->local->ops->update_tkip_key &&
+	    key->flags & KEY_FLAG_UPLOADED_TO_HARDWARE &&
+	    key->u.tkip.rx[queue].initialized != INITIALIZED_UPDATE_KEY) {
+		u8 bcast[ETH_ALEN] =
+			{0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
+		u8 *sta_addr = key->sta->sta.addr;
+
+		if (is_multicast_ether_addr(ra))
+			sta_addr = bcast;
+
+		key->local->ops->update_tkip_key(
+			local_to_hw(key->local), &key->conf,
+			sta_addr, iv32, key->u.tkip.rx[queue].p1k);
+		key->u.tkip.rx[queue].initialized = INITIALIZED_UPDATE_KEY;
 	}
 
 	tkip_mixing_phase2(tk, &key->u.tkip.rx[queue], iv16, rc4key);

next prev parent reply	other threads:[~2009-06-12 20:41 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <83a869cd0906071445i13a5398y5e94ea3d91123c3b@mail.gmail.com>
2009-06-07 21:49 ` [PATCH] mac80211 : fix a race with update_tkip_key gregor kowski
2009-06-08  6:29   ` Johannes Berg
2009-06-08 17:51     ` gregor kowski
2009-06-09 14:02       ` Johannes Berg
2009-06-09 17:48         ` gregor kowski
2009-06-09 17:52           ` Johannes Berg
2009-06-10 19:42             ` gregor kowski
2009-06-10 22:17               ` gregor kowski
2009-06-11 20:11                 ` Johannes Berg
2009-06-11 20:07               ` Johannes Berg
2009-06-12 20:41                 ` gregor kowski [this message]
2009-06-12 20:47                   ` Johannes Berg
2009-06-19 19:33                     ` gregor kowski
2009-06-19 19:37                       ` gregor kowski
2009-06-21  9:21                         ` Johannes Berg
2009-06-22 20:48                           ` gregor kowski
2009-08-21 22:13 gregor kowski
2009-08-22  7:45 ` Johannes Berg
2009-11-07 18:10   ` gregor kowski
2009-11-07 19:22     ` Johannes Berg
2009-11-16 21:53       ` gregor kowski
2009-11-16 21:56         ` Johannes Berg
2009-12-07 21:05           ` gregor kowski
2009-12-07 21:06           ` gregor kowski
2009-12-09 22:21             ` gregor kowski
2009-12-09 22:25               ` gregor kowski
2009-12-28 16:46                 ` gregor kowski
2009-12-28 17:23                   ` John W. Linville

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=83a869cd0906121341k3b58b80fvefdb74c2fca9449d@mail.gmail.com \
    --to=gregor.kowski@gmail.com \
    --cc=johannes@sipsolutions.net \
    --cc=linux-wireless@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox