diff options
| author | Johannes Berg <johannes.berg@intel.com> | 2011-07-07 16:28:01 -0400 |
|---|---|---|
| committer | John W. Linville <linville@tuxdriver.com> | 2011-07-08 11:11:19 -0400 |
| commit | 523b02ea23b175dd3e46e3daf1bc9354376640a3 (patch) | |
| tree | a11f69f05cdfb457a42b2866e33e73937c35ec1e /net/mac80211/tkip.c | |
| parent | 397915c30731340ee3f348d1be597b22467acbdf (diff) | |
mac80211: fix TKIP races, make API easier to use
Our current TKIP code races against itself on TX
since we can process multiple packets at the same
time on different ACs, but they all share the TX
context for TKIP. This can lead to bad IVs etc.
Also, the crypto offload helper code just obtains
the P1K/P2K from the cache, and can update it as
well, but there's no guarantee that packets are
really processed in order.
To fix these issues, first introduce a spinlock
that will protect the IV16/IV32 values in the TX
context. This first step makes sure that we don't
assign the same IV multiple times or get confused
in other ways.
Secondly, change the way the P1K cache works. I
add a field "p1k_iv32" that stores the value of
the IV32 when the P1K was last recomputed, and
if different from the last time, then a new P1K
is recomputed. This can cause the P1K computation
to flip back and forth if packets are processed
out of order. All this also happens under the new
spinlock.
Finally, because there are argument differences,
split up the ieee80211_get_tkip_key() API into
ieee80211_get_tkip_p1k() and ieee80211_get_tkip_p2k()
and give them the correct arguments.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211/tkip.c')
| -rw-r--r-- | net/mac80211/tkip.c | 111 |
1 files changed, 60 insertions, 51 deletions
diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c index 757e4eb2baf7..de570b38460f 100644 --- a/net/mac80211/tkip.c +++ b/net/mac80211/tkip.c | |||
| @@ -101,6 +101,7 @@ static void tkip_mixing_phase1(const u8 *tk, struct tkip_ctx *ctx, | |||
| 101 | p1k[4] += tkipS(p1k[3] ^ get_unaligned_le16(tk + 0 + j)) + i; | 101 | p1k[4] += tkipS(p1k[3] ^ get_unaligned_le16(tk + 0 + j)) + i; |
| 102 | } | 102 | } |
| 103 | ctx->state = TKIP_STATE_PHASE1_DONE; | 103 | ctx->state = TKIP_STATE_PHASE1_DONE; |
| 104 | ctx->p1k_iv32 = tsc_IV32; | ||
| 104 | } | 105 | } |
| 105 | 106 | ||
| 106 | static void tkip_mixing_phase2(const u8 *tk, struct tkip_ctx *ctx, | 107 | static void tkip_mixing_phase2(const u8 *tk, struct tkip_ctx *ctx, |
| @@ -140,60 +141,72 @@ static void tkip_mixing_phase2(const u8 *tk, struct tkip_ctx *ctx, | |||
| 140 | /* Add TKIP IV and Ext. IV at @pos. @iv0, @iv1, and @iv2 are the first octets | 141 | /* Add TKIP IV and Ext. IV at @pos. @iv0, @iv1, and @iv2 are the first octets |
| 141 | * of the IV. Returns pointer to the octet following IVs (i.e., beginning of | 142 | * of the IV. Returns pointer to the octet following IVs (i.e., beginning of |
| 142 | * the packet payload). */ | 143 | * the packet payload). */ |
| 143 | u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key, u16 iv16) | 144 | u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key) |
| 144 | { | 145 | { |
| 145 | pos = write_tkip_iv(pos, iv16); | 146 | lockdep_assert_held(&key->u.tkip.txlock); |
| 147 | |||
| 148 | pos = write_tkip_iv(pos, key->u.tkip.tx.iv16); | ||
| 146 | *pos++ = (key->conf.keyidx << 6) | (1 << 5) /* Ext IV */; | 149 | *pos++ = (key->conf.keyidx << 6) | (1 << 5) /* Ext IV */; |
| 147 | put_unaligned_le32(key->u.tkip.tx.iv32, pos); | 150 | put_unaligned_le32(key->u.tkip.tx.iv32, pos); |
| 148 | return pos + 4; | 151 | return pos + 4; |
| 149 | } | 152 | } |
| 150 | 153 | ||
| 151 | void ieee80211_get_tkip_key(struct ieee80211_key_conf *keyconf, | 154 | static void ieee80211_compute_tkip_p1k(struct ieee80211_key *key, u32 iv32) |
| 152 | struct sk_buff *skb, enum ieee80211_tkip_key_type type, | 155 | { |
| 153 | u8 *outkey) | 156 | struct ieee80211_sub_if_data *sdata = key->sdata; |
| 157 | struct tkip_ctx *ctx = &key->u.tkip.tx; | ||
| 158 | const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY]; | ||
| 159 | |||
| 160 | lockdep_assert_held(&key->u.tkip.txlock); | ||
| 161 | |||
| 162 | /* | ||
| 163 | * Update the P1K when the IV32 is different from the value it | ||
| 164 | * had when we last computed it (or when not initialised yet). | ||
| 165 | * This might flip-flop back and forth if packets are processed | ||
| 166 | * out-of-order due to the different ACs, but then we have to | ||
| 167 | * just compute the P1K more often. | ||
| 168 | */ | ||
| 169 | if (ctx->p1k_iv32 != iv32 || ctx->state == TKIP_STATE_NOT_INIT) | ||
| 170 | tkip_mixing_phase1(tk, ctx, sdata->vif.addr, iv32); | ||
| 171 | } | ||
| 172 | |||
| 173 | void ieee80211_get_tkip_p1k(struct ieee80211_key_conf *keyconf, | ||
| 174 | struct sk_buff *skb, u16 *p1k) | ||
| 154 | { | 175 | { |
| 155 | struct ieee80211_key *key = (struct ieee80211_key *) | 176 | struct ieee80211_key *key = (struct ieee80211_key *) |
| 156 | container_of(keyconf, struct ieee80211_key, conf); | 177 | container_of(keyconf, struct ieee80211_key, conf); |
| 178 | struct tkip_ctx *ctx = &key->u.tkip.tx; | ||
| 157 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; | 179 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; |
| 158 | u8 *data; | 180 | const u8 *data = (u8 *)hdr + ieee80211_hdrlen(hdr->frame_control); |
| 159 | const u8 *tk; | 181 | u32 iv32 = get_unaligned_le32(&data[4]); |
| 160 | struct tkip_ctx *ctx; | 182 | unsigned long flags; |
| 161 | u16 iv16; | 183 | |
| 162 | u32 iv32; | 184 | spin_lock_irqsave(&key->u.tkip.txlock, flags); |
| 163 | 185 | ieee80211_compute_tkip_p1k(key, iv32); | |
| 164 | data = (u8 *)hdr + ieee80211_hdrlen(hdr->frame_control); | 186 | memcpy(p1k, ctx->p1k, sizeof(ctx->p1k)); |
| 165 | iv16 = data[2] | (data[0] << 8); | 187 | spin_unlock_irqrestore(&key->u.tkip.txlock, flags); |
| 166 | iv32 = get_unaligned_le32(&data[4]); | 188 | } |
| 167 | 189 | EXPORT_SYMBOL(ieee80211_get_tkip_p1k); | |
| 168 | tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY]; | ||
| 169 | ctx = &key->u.tkip.tx; | ||
| 170 | |||
| 171 | #ifdef CONFIG_MAC80211_TKIP_DEBUG | ||
| 172 | printk(KERN_DEBUG "TKIP encrypt: iv16 = 0x%04x, iv32 = 0x%08x\n", | ||
| 173 | iv16, iv32); | ||
| 174 | |||
| 175 | if (iv32 != ctx->iv32) { | ||
| 176 | printk(KERN_DEBUG "skb: iv32 = 0x%08x key: iv32 = 0x%08x\n", | ||
| 177 | iv32, ctx->iv32); | ||
| 178 | printk(KERN_DEBUG "Wrap around of iv16 in the middle of a " | ||
| 179 | "fragmented packet\n"); | ||
| 180 | } | ||
| 181 | #endif | ||
| 182 | |||
| 183 | /* Update the p1k only when the iv16 in the packet wraps around, this | ||
| 184 | * might occur after the wrap around of iv16 in the key in case of | ||
| 185 | * fragmented packets. */ | ||
| 186 | if (iv16 == 0 || ctx->state == TKIP_STATE_NOT_INIT) | ||
| 187 | tkip_mixing_phase1(tk, ctx, hdr->addr2, iv32); | ||
| 188 | |||
| 189 | if (type == IEEE80211_TKIP_P1_KEY) { | ||
| 190 | memcpy(outkey, ctx->p1k, sizeof(u16) * 5); | ||
| 191 | return; | ||
| 192 | } | ||
| 193 | 190 | ||
| 194 | tkip_mixing_phase2(tk, ctx, iv16, outkey); | 191 | void ieee80211_get_tkip_p2k(struct ieee80211_key_conf *keyconf, |
| 192 | struct sk_buff *skb, u8 *p2k) | ||
| 193 | { | ||
| 194 | struct ieee80211_key *key = (struct ieee80211_key *) | ||
| 195 | container_of(keyconf, struct ieee80211_key, conf); | ||
| 196 | const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY]; | ||
| 197 | struct tkip_ctx *ctx = &key->u.tkip.tx; | ||
| 198 | struct ieee80211_hdr *hdr = (struct ieee80211_hdr *)skb->data; | ||
| 199 | const u8 *data = (u8 *)hdr + ieee80211_hdrlen(hdr->frame_control); | ||
| 200 | u32 iv32 = get_unaligned_le32(&data[4]); | ||
| 201 | u16 iv16 = data[2] | (data[0] << 8); | ||
| 202 | unsigned long flags; | ||
| 203 | |||
| 204 | spin_lock_irqsave(&key->u.tkip.txlock, flags); | ||
| 205 | ieee80211_compute_tkip_p1k(key, iv32); | ||
| 206 | tkip_mixing_phase2(tk, ctx, iv16, p2k); | ||
| 207 | spin_unlock_irqrestore(&key->u.tkip.txlock, flags); | ||
| 195 | } | 208 | } |
| 196 | EXPORT_SYMBOL(ieee80211_get_tkip_key); | 209 | EXPORT_SYMBOL(ieee80211_get_tkip_p2k); |
| 197 | 210 | ||
| 198 | /* | 211 | /* |
| 199 | * Encrypt packet payload with TKIP using @key. @pos is a pointer to the | 212 | * Encrypt packet payload with TKIP using @key. @pos is a pointer to the |
| @@ -204,19 +217,15 @@ EXPORT_SYMBOL(ieee80211_get_tkip_key); | |||
| 204 | */ | 217 | */ |
| 205 | int ieee80211_tkip_encrypt_data(struct crypto_cipher *tfm, | 218 | int ieee80211_tkip_encrypt_data(struct crypto_cipher *tfm, |
| 206 | struct ieee80211_key *key, | 219 | struct ieee80211_key *key, |
| 207 | u8 *pos, size_t payload_len, u8 *ta) | 220 | struct sk_buff *skb, |
| 221 | u8 *payload, size_t payload_len) | ||
| 208 | { | 222 | { |
| 209 | u8 rc4key[16]; | 223 | u8 rc4key[16]; |
| 210 | struct tkip_ctx *ctx = &key->u.tkip.tx; | ||
| 211 | const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY]; | ||
| 212 | |||
| 213 | /* Calculate per-packet key */ | ||
| 214 | if (ctx->iv16 == 0 || ctx->state == TKIP_STATE_NOT_INIT) | ||
| 215 | tkip_mixing_phase1(tk, ctx, ta, ctx->iv32); | ||
| 216 | 224 | ||
| 217 | tkip_mixing_phase2(tk, ctx, ctx->iv16, rc4key); | 225 | ieee80211_get_tkip_p2k(&key->conf, skb, rc4key); |
| 218 | 226 | ||
| 219 | return ieee80211_wep_encrypt_data(tfm, rc4key, 16, pos, payload_len); | 227 | return ieee80211_wep_encrypt_data(tfm, rc4key, 16, |
| 228 | payload, payload_len); | ||
| 220 | } | 229 | } |
| 221 | 230 | ||
| 222 | /* Decrypt packet payload with TKIP using @key. @pos is a pointer to the | 231 | /* Decrypt packet payload with TKIP using @key. @pos is a pointer to the |