openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

mac80211: Use a separate CCMP PN receive counter for management frames 

When management frame protection (IEEE 802.11w) is used, we must use a
separate counter for tracking received CCMP packet number for the
management frames. The previously used NUM_RX_DATA_QUEUESth queue was
shared with data frames when QoS was not used and that can cause
problems in detecting replays incorrectly for robust management frames.
Add a new counter just for robust management frames to avoid this issue.

Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
Jouni Malinen 2010-06-11 10:27:33 -07:00 committed by John W. Linville
parent 05e48e8e43
commit 9190252c95
5 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
net/mac80211/debugfs_key.c
View File

@ -143,7 +143,7 @@ static ssize_t key_rx_spec_read(struct file *file, char __user *userbuf,
len = p - buf; len = p - buf;
break; break;
case ALG_CCMP: case ALG_CCMP:
for (i = 0; i < NUM_RX_DATA_QUEUES; i++) { for (i = 0; i < NUM_RX_DATA_QUEUES + 1; i++) {
rpn = key->u.ccmp.rx_pn[i]; rpn = key->u.ccmp.rx_pn[i];
p += scnprintf(p, sizeof(buf)+buf-p, p += scnprintf(p, sizeof(buf)+buf-p,
"%02x%02x%02x%02x%02x%02x\n", "%02x%02x%02x%02x%02x%02x\n",

2
net/mac80211/key.c
View File

@ -273,7 +273,7 @@ struct ieee80211_key *ieee80211_key_alloc(enum ieee80211_key_alg alg,
key->conf.iv_len = CCMP_HDR_LEN; key->conf.iv_len = CCMP_HDR_LEN;
key->conf.icv_len = CCMP_MIC_LEN; key->conf.icv_len = CCMP_MIC_LEN;
if (seq) { if (seq) {
for (i = 0; i < NUM_RX_DATA_QUEUES; i++) for (i = 0; i < NUM_RX_DATA_QUEUES + 1; i++)
for (j = 0; j < CCMP_PN_LEN; j++) for (j = 0; j < CCMP_PN_LEN; j++)
key->u.ccmp.rx_pn[i][j] = key->u.ccmp.rx_pn[i][j] =
seq[CCMP_PN_LEN - j - 1]; seq[CCMP_PN_LEN - j - 1];

8
net/mac80211/key.h
View File

@ -77,7 +77,13 @@ struct ieee80211_key {
} tkip; } tkip;
struct { struct {
u8 tx_pn[6]; u8 tx_pn[6];
u8 rx_pn[NUM_RX_DATA_QUEUES][6]; /*
* Last received packet number. The first
* NUM_RX_DATA_QUEUES counters are used with Data
* frames and the last counter is used with Robust
* Management frames.
*/
u8 rx_pn[NUM_RX_DATA_QUEUES + 1][6];
struct crypto_cipher *tfm; struct crypto_cipher *tfm;
u32 replays; /* dot11RSNAStatsCCMPReplays */ u32 replays; /* dot11RSNAStatsCCMPReplays */
/* scratch buffers for virt_to_page() (crypto API) */ /* scratch buffers for virt_to_page() (crypto API) */

9
net/mac80211/rx.c
View File

@ -1267,11 +1267,13 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
rx->queue, &(rx->skb)); rx->queue, &(rx->skb));
if (rx->key && rx->key->conf.alg == ALG_CCMP && if (rx->key && rx->key->conf.alg == ALG_CCMP &&
ieee80211_has_protected(fc)) { ieee80211_has_protected(fc)) {
int queue = ieee80211_is_mgmt(fc) ?
NUM_RX_DATA_QUEUES : rx->queue;
/* Store CCMP PN so that we can verify that the next /* Store CCMP PN so that we can verify that the next
* fragment has a sequential PN value. */ * fragment has a sequential PN value. */
entry->ccmp = 1; entry->ccmp = 1;
memcpy(entry->last_pn, memcpy(entry->last_pn,
rx->key->u.ccmp.rx_pn[rx->queue], rx->key->u.ccmp.rx_pn[queue],
CCMP_PN_LEN); CCMP_PN_LEN);
} }
return RX_QUEUED; return RX_QUEUED;
@ -1291,6 +1293,7 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
if (entry->ccmp) { if (entry->ccmp) {
int i; int i;
u8 pn[CCMP_PN_LEN], *rpn; u8 pn[CCMP_PN_LEN], *rpn;
int queue;
if (!rx->key || rx->key->conf.alg != ALG_CCMP) if (!rx->key || rx->key->conf.alg != ALG_CCMP)
return RX_DROP_UNUSABLE; return RX_DROP_UNUSABLE;
memcpy(pn, entry->last_pn, CCMP_PN_LEN); memcpy(pn, entry->last_pn, CCMP_PN_LEN);
@ -1299,7 +1302,9 @@ ieee80211_rx_h_defragment(struct ieee80211_rx_data *rx)
if (pn[i]) if (pn[i])
break; break;
} }
rpn = rx->key->u.ccmp.rx_pn[rx->queue]; queue = ieee80211_is_mgmt(fc) ?
NUM_RX_DATA_QUEUES : rx->queue;
rpn = rx->key->u.ccmp.rx_pn[queue];
if (memcmp(pn, rpn, CCMP_PN_LEN)) if (memcmp(pn, rpn, CCMP_PN_LEN))
return RX_DROP_UNUSABLE; return RX_DROP_UNUSABLE;
memcpy(entry->last_pn, pn, CCMP_PN_LEN); memcpy(entry->last_pn, pn, CCMP_PN_LEN);

8
net/mac80211/wpa.c
View File

@ -436,6 +436,7 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb); struct ieee80211_rx_status *status = IEEE80211_SKB_RXCB(skb);
u8 pn[CCMP_PN_LEN]; u8 pn[CCMP_PN_LEN];
int data_len; int data_len;
int queue;
hdrlen = ieee80211_hdrlen(hdr->frame_control); hdrlen = ieee80211_hdrlen(hdr->frame_control);
@ -453,7 +454,10 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
ccmp_hdr2pn(pn, skb->data + hdrlen); ccmp_hdr2pn(pn, skb->data + hdrlen);
if (memcmp(pn, key->u.ccmp.rx_pn[rx->queue], CCMP_PN_LEN) <= 0) { queue = ieee80211_is_mgmt(hdr->frame_control) ?
NUM_RX_DATA_QUEUES : rx->queue;
if (memcmp(pn, key->u.ccmp.rx_pn[queue], CCMP_PN_LEN) <= 0) {
key->u.ccmp.replays++; key->u.ccmp.replays++;
return RX_DROP_UNUSABLE; return RX_DROP_UNUSABLE;
} }
@ -470,7 +474,7 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx)
return RX_DROP_UNUSABLE; return RX_DROP_UNUSABLE;
} }
memcpy(key->u.ccmp.rx_pn[rx->queue], pn, CCMP_PN_LEN); memcpy(key->u.ccmp.rx_pn[queue], pn, CCMP_PN_LEN);
/* Remove CCMP header and MIC */ /* Remove CCMP header and MIC */
skb_trim(skb, skb->len - CCMP_MIC_LEN); skb_trim(skb, skb->len - CCMP_MIC_LEN);