diff options
| author | Jouni Malinen <jouni.malinen@atheros.com> | 2008-12-18 07:33:00 -0500 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2008-12-19 15:23:53 -0500 |
| commit | be2864cfff2fe4b599b46f03cce1e7689e05c60c (patch) | |
| tree | 2d25940ee9e8af06be7f903c8265722d81b07148 | |
| parent | ea6121328885640c137b0a8830f67ca6c386a24a (diff) | |
ath9k: Fixed RX decryption status reporting
The RX code in ath9k uses sc_keymap to figure out whether a default
key was used. However, the default key entries in sc_keymap were
always set and as such, frames could have been claimed to be decrypted
by hardware when they were not. This can cause problems especially
with TKIP since mac80211 is validating the Michael MIC in the frame
and this will result in MIC failure and potentially TKIP
countermeasures if the frame was not decrypted correctly.
Change key cache slot allocation to mark only the keys that really
have been used in sc_keymap to avoid the issue. The key cache slot
selection routines are now internally avoiding the slots that may be
needed for TKIP group keys.
Signed-off-by: Jouni Malinen <jouni.malinen@atheros.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
| -rw-r--r-- | drivers/net/wireless/ath9k/main.c | 26 |
1 files changed, 12 insertions, 14 deletions
diff --git a/drivers/net/wireless/ath9k/main.c b/drivers/net/wireless/ath9k/main.c index b44736782abd..191eec50dc75 100644 --- a/drivers/net/wireless/ath9k/main.c +++ b/drivers/net/wireless/ath9k/main.c | |||
| @@ -776,6 +776,18 @@ static int ath_reserve_key_cache_slot(struct ath_softc *sc) | |||
| 776 | 776 | ||
| 777 | /* No partially used TKIP slots, pick any available slot */ | 777 | /* No partially used TKIP slots, pick any available slot */ |
| 778 | for (i = IEEE80211_WEP_NKID; i < sc->sc_keymax; i++) { | 778 | for (i = IEEE80211_WEP_NKID; i < sc->sc_keymax; i++) { |
| 779 | /* Do not allow slots that could be needed for TKIP group keys | ||
| 780 | * to be used. This limitation could be removed if we know that | ||
| 781 | * TKIP will not be used. */ | ||
| 782 | if (i >= 64 && i < 64 + IEEE80211_WEP_NKID) | ||
| 783 | continue; | ||
| 784 | if (sc->sc_splitmic) { | ||
| 785 | if (i >= 32 && i < 32 + IEEE80211_WEP_NKID) | ||
| 786 | continue; | ||
| 787 | if (i >= 64 + 32 && i < 64 + 32 + IEEE80211_WEP_NKID) | ||
| 788 | continue; | ||
| 789 | } | ||
| 790 | |||
| 779 | if (!test_bit(i, sc->sc_keymap)) | 791 | if (!test_bit(i, sc->sc_keymap)) |
| 780 | return i; /* Found a free slot for a key */ | 792 | return i; /* Found a free slot for a key */ |
| 781 | } | 793 | } |
| @@ -1361,20 +1373,6 @@ static int ath_init(u16 devid, struct ath_softc *sc) | |||
| 1361 | */ | 1373 | */ |
| 1362 | for (i = 0; i < sc->sc_keymax; i++) | 1374 | for (i = 0; i < sc->sc_keymax; i++) |
| 1363 | ath9k_hw_keyreset(ah, (u16) i); | 1375 | ath9k_hw_keyreset(ah, (u16) i); |
| 1364 | /* | ||
| 1365 | * Mark key cache slots associated with global keys | ||
| 1366 | * as in use. If we knew TKIP was not to be used we | ||
| 1367 | * could leave the +32, +64, and +32+64 slots free. | ||
| 1368 | */ | ||
| 1369 | for (i = 0; i < IEEE80211_WEP_NKID; i++) { | ||
| 1370 | set_bit(i, sc->sc_keymap); | ||
| 1371 | set_bit(i + 64, sc->sc_keymap); | ||
| 1372 | if (ath9k_hw_getcapability(ah, ATH9K_CAP_TKIP_SPLIT, | ||
| 1373 | 0, NULL)) { | ||
| 1374 | set_bit(i + 32, sc->sc_keymap); | ||
| 1375 | set_bit(i + 32 + 64, sc->sc_keymap); | ||
| 1376 | } | ||
| 1377 | } | ||
| 1378 | 1376 | ||
| 1379 | /* Collect the channel list using the default country code */ | 1377 | /* Collect the channel list using the default country code */ |
| 1380 | 1378 | ||