diff options
| author | Emmanuel Grumbach <emmanuel.grumbach@intel.com> | 2008-04-17 19:03:36 -0400 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2008-05-07 15:02:11 -0400 |
| commit | 3ec47732a0be038f15a0b8d852a4e4ff9c5b0196 (patch) | |
| tree | 2cb45a6582df77a571554850152256df611ce094 /drivers/net/wireless/iwlwifi/iwl4965-base.c | |
| parent | c6adbd2158fee972adcc6232de5e2ef375f1f782 (diff) | |
iwlwifi: HW crypto acceleration fixes
This patch fixes several issues in security:
1) the uCode doesn't know about TKIP-MMIC failure, if uCode set
RX_RES_STATUS_BAD_ICV_MIC, it means ICV failure: drop the packet silently.
2) do not allocate room in the key table of the uCode is the set_key call
is a replacement of an old key
3) check the keyidx of the key in the uCode before removing it upon
disable_key call
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'drivers/net/wireless/iwlwifi/iwl4965-base.c')
| -rw-r--r-- | drivers/net/wireless/iwlwifi/iwl4965-base.c | 41 |
1 files changed, 1 insertions, 40 deletions
diff --git a/drivers/net/wireless/iwlwifi/iwl4965-base.c b/drivers/net/wireless/iwlwifi/iwl4965-base.c index e43ea5377d8e..50f12a6133e8 100644 --- a/drivers/net/wireless/iwlwifi/iwl4965-base.c +++ b/drivers/net/wireless/iwlwifi/iwl4965-base.c | |||
| @@ -2456,45 +2456,6 @@ void iwl4965_radio_kill_sw(struct iwl_priv *priv, int disable_radio) | |||
| 2456 | return; | 2456 | return; |
| 2457 | } | 2457 | } |
| 2458 | 2458 | ||
| 2459 | void iwl4965_set_decrypted_flag(struct iwl_priv *priv, struct sk_buff *skb, | ||
| 2460 | u32 decrypt_res, struct ieee80211_rx_status *stats) | ||
| 2461 | { | ||
| 2462 | u16 fc = | ||
| 2463 | le16_to_cpu(((struct ieee80211_hdr *)skb->data)->frame_control); | ||
| 2464 | |||
| 2465 | if (priv->active_rxon.filter_flags & RXON_FILTER_DIS_DECRYPT_MSK) | ||
| 2466 | return; | ||
| 2467 | |||
| 2468 | if (!(fc & IEEE80211_FCTL_PROTECTED)) | ||
| 2469 | return; | ||
| 2470 | |||
| 2471 | IWL_DEBUG_RX("decrypt_res:0x%x\n", decrypt_res); | ||
| 2472 | switch (decrypt_res & RX_RES_STATUS_SEC_TYPE_MSK) { | ||
| 2473 | case RX_RES_STATUS_SEC_TYPE_TKIP: | ||
| 2474 | /* The uCode has got a bad phase 1 Key, pushes the packet. | ||
| 2475 | * Decryption will be done in SW. */ | ||
| 2476 | if ((decrypt_res & RX_RES_STATUS_DECRYPT_TYPE_MSK) == | ||
| 2477 | RX_RES_STATUS_BAD_KEY_TTAK) | ||
| 2478 | break; | ||
| 2479 | |||
| 2480 | if ((decrypt_res & RX_RES_STATUS_DECRYPT_TYPE_MSK) == | ||
| 2481 | RX_RES_STATUS_BAD_ICV_MIC) | ||
| 2482 | stats->flag |= RX_FLAG_MMIC_ERROR; | ||
| 2483 | case RX_RES_STATUS_SEC_TYPE_WEP: | ||
| 2484 | case RX_RES_STATUS_SEC_TYPE_CCMP: | ||
| 2485 | if ((decrypt_res & RX_RES_STATUS_DECRYPT_TYPE_MSK) == | ||
| 2486 | RX_RES_STATUS_DECRYPT_OK) { | ||
| 2487 | IWL_DEBUG_RX("hw decrypt successfully!!!\n"); | ||
| 2488 | stats->flag |= RX_FLAG_DECRYPTED; | ||
| 2489 | } | ||
| 2490 | break; | ||
| 2491 | |||
| 2492 | default: | ||
| 2493 | break; | ||
| 2494 | } | ||
| 2495 | } | ||
| 2496 | |||
| 2497 | |||
| 2498 | #define IWL_PACKET_RETRY_TIME HZ | 2459 | #define IWL_PACKET_RETRY_TIME HZ |
| 2499 | 2460 | ||
| 2500 | int iwl4965_is_duplicate_packet(struct iwl_priv *priv, struct ieee80211_hdr *header) | 2461 | int iwl4965_is_duplicate_packet(struct iwl_priv *priv, struct ieee80211_hdr *header) |
| @@ -6861,7 +6822,7 @@ static int iwl4965_mac_set_key(struct ieee80211_hw *hw, enum set_key_cmd cmd, | |||
| 6861 | if (is_default_wep_key) | 6822 | if (is_default_wep_key) |
| 6862 | ret = iwl_remove_default_wep_key(priv, key); | 6823 | ret = iwl_remove_default_wep_key(priv, key); |
| 6863 | else | 6824 | else |
| 6864 | ret = iwl_remove_dynamic_key(priv, sta_id); | 6825 | ret = iwl_remove_dynamic_key(priv, key, sta_id); |
| 6865 | 6826 | ||
| 6866 | IWL_DEBUG_MAC80211("disable hwcrypto key\n"); | 6827 | IWL_DEBUG_MAC80211("disable hwcrypto key\n"); |
| 6867 | break; | 6828 | break; |