mac80211: fix TKIP races, make API easier to use

Our current TKIP code races against itself on TX since we can process multiple packets at the same time on different ACs, but they all share the TX context for TKIP. This can lead to bad IVs etc. Also, the crypto offload helper code just obtains the P1K/P2K from the cache, and can update it as well, but there's no guarantee that packets are really processed in order. To fix these issues, first introduce a spinlock that will protect the IV16/IV32 values in the TX context. This first step makes sure that we don't assign the same IV multiple times or get confused in other ways. Secondly, change the way the P1K cache works. I add a field "p1k_iv32" that stores the value of the IV32 when the P1K was last recomputed, and if different from the last time, then a new P1K is recomputed. This can cause the P1K computation to flip back and forth if packets are processed out of order. All this also happens under the new spinlock. Finally, because there are argument differences, split up the ieee80211_get_tkip_key() API into ieee80211_get_tkip_p1k() and ieee80211_get_tkip_p2k() and give them the correct arguments. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
author: Johannes Berg <johannes.berg@intel.com> 2011-07-07 16:28:01 -0400
committer: John W. Linville <linville@tuxdriver.com> 2011-07-08 11:11:19 -0400
commit: 523b02ea23b175dd3e46e3daf1bc9354376640a3 (patch)
tree: a11f69f05cdfb457a42b2866e33e73937c35ec1e /net/mac80211/wpa.c
parent: 397915c30731340ee3f348d1be597b22467acbdf (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
index d91c1a26630d..4ded2ae48a5f 100644
--- a/net/mac80211/wpa.c
+++ b/net/mac80211/wpa.c
@@ -171,6 +171,7 @@ static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
        struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
        struct ieee80211_key *key = tx->key;
        struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
+        unsigned long flags;
        unsigned int hdrlen;
        int len, tail;
        u8 *pos;
@@ -198,11 +199,12 @@ static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
        pos += hdrlen;
        /* Increase IV for the frame */
+        spin_lock_irqsave(&key->u.tkip.txlock, flags);
        key->u.tkip.tx.iv16++;
        if (key->u.tkip.tx.iv16 == 0)
                key->u.tkip.tx.iv32++;
+        pos = ieee80211_tkip_add_iv(pos, key);
-        pos = ieee80211_tkip_add_iv(pos, key, key->u.tkip.tx.iv16);
+        spin_unlock_irqrestore(&key->u.tkip.txlock, flags);
        /* hwaccel - with software IV */
        if (info->control.hw_key)
@@ -211,9 +213,8 @@ static int tkip_encrypt_skb(struct ieee80211_tx_data *tx, struct sk_buff *skb)
        /* Add room for ICV */
        skb_put(skb, TKIP_ICV_LEN);
-        hdr = (struct ieee80211_hdr *) skb->data;
        return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,
-                                           key, pos, len, hdr->addr2);
+                                           key, skb, pos, len);
 }
author	Johannes Berg <johannes.berg@intel.com>	2011-07-07 16:28:01 -0400
committer	John W. Linville <linville@tuxdriver.com>	2011-07-08 11:11:19 -0400
commit	523b02ea23b175dd3e46e3daf1bc9354376640a3 (patch)
tree	a11f69f05cdfb457a42b2866e33e73937c35ec1e /net/mac80211/wpa.c
parent	397915c30731340ee3f348d1be597b22467acbdf (diff)

diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c index d91c1a26630d..4ded2ae48a5f 100644 --- a/net/mac80211/wpa.c +++ b/net/mac80211/wpa.c
@@ -171,6 +171,7 @@ static int tkip_encrypt_skb(struct ieee80211_tx_data tx, struct sk_buff skb)
171	struct ieee80211_hdr hdr = (struct ieee80211_hdr ) skb->data;	171	struct ieee80211_hdr hdr = (struct ieee80211_hdr ) skb->data;
172	struct ieee80211_key *key = tx->key;	172	struct ieee80211_key *key = tx->key;
173	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);	173	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
		174	unsigned long flags;
174	unsigned int hdrlen;	175	unsigned int hdrlen;
175	int len, tail;	176	int len, tail;
176	u8 *pos;	177	u8 *pos;
@@ -198,11 +199,12 @@ static int tkip_encrypt_skb(struct ieee80211_tx_data tx, struct sk_buff skb)
198	pos += hdrlen;	199	pos += hdrlen;
199		200
200	/* Increase IV for the frame */	201	/* Increase IV for the frame */
		202	spin_lock_irqsave(&key->u.tkip.txlock, flags);
201	key->u.tkip.tx.iv16++;	203	key->u.tkip.tx.iv16++;
202	if (key->u.tkip.tx.iv16 == 0)	204	if (key->u.tkip.tx.iv16 == 0)
203	key->u.tkip.tx.iv32++;	205	key->u.tkip.tx.iv32++;
204		206	pos = ieee80211_tkip_add_iv(pos, key);
205	pos = ieee80211_tkip_add_iv(pos, key, key->u.tkip.tx.iv16);	207	spin_unlock_irqrestore(&key->u.tkip.txlock, flags);
206		208
207	/* hwaccel - with software IV */	209	/* hwaccel - with software IV */
208	if (info->control.hw_key)	210	if (info->control.hw_key)
@@ -211,9 +213,8 @@ static int tkip_encrypt_skb(struct ieee80211_tx_data tx, struct sk_buff skb)
211	/* Add room for ICV */	213	/* Add room for ICV */
212	skb_put(skb, TKIP_ICV_LEN);	214	skb_put(skb, TKIP_ICV_LEN);
213		215
214	hdr = (struct ieee80211_hdr *) skb->data;
215	return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,	216	return ieee80211_tkip_encrypt_data(tx->local->wep_tx_tfm,
216	key, pos, len, hdr->addr2);	217	key, skb, pos, len);
217	}	218	}
218		219
219		220