Gitweb:     
http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=50741ae05a4742cae99361f57d84b5f8d33822a4
Commit:     50741ae05a4742cae99361f57d84b5f8d33822a4
Parent:     fb1c1cd6c5a8988b14c5c6c0dfe55542df3a34c6
Author:     Johannes Berg <[EMAIL PROTECTED]>
AuthorDate: Wed Sep 26 15:19:45 2007 +0200
Committer:  David S. Miller <[EMAIL PROTECTED]>
CommitDate: Wed Oct 10 16:53:16 2007 -0700

    [PATCH] mac80211: fix TKIP IV update
    
    The TKIP IV should be updated only after MMIC verification,
    this patch changes it to be at that spot.
    
    Signed-off-by: Johannes Berg <[EMAIL PROTECTED]>
    Signed-off-by: John W. Linville <[EMAIL PROTECTED]>
---
 net/mac80211/ieee80211_i.h |    2 ++
 net/mac80211/tkip.c        |   16 ++++++++++------
 net/mac80211/tkip.h        |    3 ++-
 net/mac80211/wpa.c         |    8 +++++++-
 4 files changed, 21 insertions(+), 8 deletions(-)

diff --git a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h
index 636de70..32d19bb 100644
--- a/net/mac80211/ieee80211_i.h
+++ b/net/mac80211/ieee80211_i.h
@@ -153,6 +153,8 @@ struct ieee80211_txrx_data {
                        int sent_ps_buffered;
                        int queue;
                        int load;
+                       u32 tkip_iv32;
+                       u16 tkip_iv16;
                } rx;
        } u;
 };
diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c
index 5b11f14..3abe194 100644
--- a/net/mac80211/tkip.c
+++ b/net/mac80211/tkip.c
@@ -238,7 +238,8 @@ void ieee80211_tkip_encrypt_data(struct crypto_blkcipher 
*tfm,
 int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
                                struct ieee80211_key *key,
                                u8 *payload, size_t payload_len, u8 *ta,
-                               int only_iv, int queue)
+                               int only_iv, int queue,
+                               u32 *out_iv32, u16 *out_iv16)
 {
        u32 iv32;
        u32 iv16;
@@ -332,11 +333,14 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher 
*tfm,
        res = ieee80211_wep_decrypt_data(tfm, rc4key, 16, pos, payload_len - 
12);
  done:
        if (res == TKIP_DECRYPT_OK) {
-               /* FIX: these should be updated only after Michael MIC has been
-                * verified */
-               /* Record previously received IV */
-               key->u.tkip.iv32_rx[queue] = iv32;
-               key->u.tkip.iv16_rx[queue] = iv16;
+               /*
+                * Record previously received IV, will be copied into the
+                * key information after MIC verification. It is possible
+                * that we don't catch replays of fragments but that's ok
+                * because the Michael MIC verication will then fail.
+                */
+               *out_iv32 = iv32;
+               *out_iv16 = iv16;
        }
 
        return res;
diff --git a/net/mac80211/tkip.h b/net/mac80211/tkip.h
index a0d181a..73d8ef2 100644
--- a/net/mac80211/tkip.h
+++ b/net/mac80211/tkip.h
@@ -31,6 +31,7 @@ enum {
 int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm,
                                struct ieee80211_key *key,
                                u8 *payload, size_t payload_len, u8 *ta,
-                               int only_iv, int queue);
+                               int only_iv, int queue,
+                               u32 *out_iv32, u16 *out_iv16);
 
 #endif /* TKIP_H */
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index a07fd74..6695efb 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -175,6 +175,10 @@ ieee80211_rx_h_michael_mic_verify(struct 
ieee80211_txrx_data *rx)
        /* remove Michael MIC from payload */
        skb_trim(skb, skb->len - MICHAEL_MIC_LEN);
 
+       /* update IV in key information to be able to detect replays */
+       rx->key->u.tkip.iv32_rx[rx->u.rx.queue] = rx->u.rx.tkip_iv32;
+       rx->key->u.tkip.iv16_rx[rx->u.rx.queue] = rx->u.rx.tkip_iv16;
+
        return TXRX_CONTINUE;
 }
 
@@ -315,7 +319,9 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_txrx_data 
*rx)
        res = ieee80211_tkip_decrypt_data(rx->local->wep_rx_tfm,
                                          key, skb->data + hdrlen,
                                          skb->len - hdrlen, rx->sta->addr,
-                                         hwaccel, rx->u.rx.queue);
+                                         hwaccel, rx->u.rx.queue,
+                                         &rx->u.rx.tkip_iv32,
+                                         &rx->u.rx.tkip_iv16);
        if (res != TKIP_DECRYPT_OK || wpa_test) {
                printk(KERN_DEBUG "%s: TKIP decrypt failed for RX frame from "
                       "%s (res=%d)\n",
-
To unsubscribe from this list: send the line "unsubscribe git-commits-head" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to