• Johannes Berg's avatar
    mac80211: fix TKIP races, make API easier to use · 523b02ea
    Johannes Berg authored
    Our current TKIP code races against itself on TX
    since we can process multiple packets at the same
    time on different ACs, but they all share the TX
    context for TKIP. This can lead to bad IVs etc.
    
    Also, the crypto offload helper code just obtains
    the P1K/P2K from the cache, and can update it as
    well, but there's no guarantee that packets are
    really processed in order.
    
    To fix these issues, first introduce a spinlock
    that will protect the IV16/IV32 values in the TX
    context. This first step makes sure that we don't
    assign the same IV multiple times or get confused
    in other ways.
    
    Secondly, change the way the P1K cache works. I
    add a field "p1k_iv32" that stores the value of
    the IV32 when the P1K was last recomputed, and
    if different from the last time, then a new P1K
    is recomputed. This can cause the P1K computation
    to flip back and forth if packets are processed
    out of order. All this also happens under the new
    spinlock.
    
    Finally, because there are argument differences,
    split up the ieee80211_get_tkip_key() API into
    ieee80211_get_tkip_p1k() and ieee80211_get_tkip_p2k()
    and give them the correct arguments.
    Signed-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
    Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
    523b02ea
wpa.c 15.3 KB