mirror of
git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-09-18 22:14:16 +00:00

Our current TKIP code races against itself on TX since we can process multiple packets at the same time on different ACs, but they all share the TX context for TKIP. This can lead to bad IVs etc. Also, the crypto offload helper code just obtains the P1K/P2K from the cache, and can update it as well, but there's no guarantee that packets are really processed in order. To fix these issues, first introduce a spinlock that will protect the IV16/IV32 values in the TX context. This first step makes sure that we don't assign the same IV multiple times or get confused in other ways. Secondly, change the way the P1K cache works. I add a field "p1k_iv32" that stores the value of the IV32 when the P1K was last recomputed, and if different from the last time, then a new P1K is recomputed. This can cause the P1K computation to flip back and forth if packets are processed out of order. All this also happens under the new spinlock. Finally, because there are argument differences, split up the ieee80211_get_tkip_key() API into ieee80211_get_tkip_p1k() and ieee80211_get_tkip_p2k() and give them the correct arguments. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
35 lines
917 B
C
35 lines
917 B
C
/*
|
|
* Copyright 2002-2004, Instant802 Networks, Inc.
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 as
|
|
* published by the Free Software Foundation.
|
|
*/
|
|
|
|
#ifndef TKIP_H
|
|
#define TKIP_H
|
|
|
|
#include <linux/types.h>
|
|
#include <linux/crypto.h>
|
|
#include "key.h"
|
|
|
|
u8 *ieee80211_tkip_add_iv(u8 *pos, struct ieee80211_key *key);
|
|
|
|
int ieee80211_tkip_encrypt_data(struct crypto_cipher *tfm,
|
|
struct ieee80211_key *key,
|
|
struct sk_buff *skb,
|
|
u8 *payload, size_t payload_len);
|
|
|
|
enum {
|
|
TKIP_DECRYPT_OK = 0,
|
|
TKIP_DECRYPT_NO_EXT_IV = -1,
|
|
TKIP_DECRYPT_INVALID_KEYIDX = -2,
|
|
TKIP_DECRYPT_REPLAY = -3,
|
|
};
|
|
int ieee80211_tkip_decrypt_data(struct crypto_cipher *tfm,
|
|
struct ieee80211_key *key,
|
|
u8 *payload, size_t payload_len, u8 *ta,
|
|
u8 *ra, int only_iv, int queue,
|
|
u32 *out_iv32, u16 *out_iv16);
|
|
|
|
#endif /* TKIP_H */
|