Page MenuHomeFreeBSD

net80211: get rid of tx_phase1_done flag (ieee80211_crypto_tkip.c)
ClosedPublic

Authored by avos on Sep 7 2015, 10:16 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Nov 28, 9:10 AM
Unknown Object (File)
Nov 22 2024, 7:41 AM
Unknown Object (File)
Nov 22 2024, 7:41 AM
Unknown Object (File)
Nov 22 2024, 7:41 AM
Unknown Object (File)
Nov 22 2024, 7:17 AM
Unknown Object (File)
Nov 15 2024, 4:11 AM
Unknown Object (File)
Nov 8 2024, 11:22 PM
Unknown Object (File)
Oct 22 2024, 5:40 AM
Subscribers

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

avos retitled this revision from to net80211: get rid of tx_phase1_done flag (ieee80211_crypto_tkip.c).
avos updated this object.
avos edited the test plan for this revision. (Show Details)
avos added a reviewer: adrian.
avos set the repository for this revision to rS FreeBSD src repository - subversion.

ok, I'm now testing this in AP and STA modes. I'll commit it shortly.

ok, let's leave this patch out for now. From what I've read, it looks like the whole tx_phase_1 / rx_phase_1 bits are the verbose implementation of the TKIP specification and Sam went for making it clear rather than making it concise/efficient.

here's an example of why I'd like to leave the crypto code alone: everyone gets it slightly wrong:

eg overnight with an AP that's using CCMP for sta keys and TKIP for group keys:

Oct 1 23:46:55 gertrude dhclient: New IP Address (wlan0): 10.0.0.41
Oct 1 23:46:55 gertrude dhclient: New Subnet Mask (wlan0): 255.255.255.0
Oct 1 23:46:55 gertrude dhclient: New Broadcast Address (wlan0): 10.0.0.255
Oct 1 23:46:55 gertrude dhclient: New Routers (wlan0): 10.0.0.1
Oct 2 00:38:09 gertrude kernel: wlan0: ieee80211_crypto_newkey: cipher 1 flags 0x6 keyix 2
Oct 2 00:38:09 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for cipher TKIP, falling back to s/w
Oct 2 00:38:09 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for TKIP MIC, falling back to s/w
Oct 2 00:38:09 gertrude kernel: wlan0: ieee80211_crypto_setkey: TKIP keyix 2 flags 0x1f6 mac ff:ff:ff:ff:ff:ff rsc 256 tsc 0 len 16
Oct 2 00:38:50 gertrude kernel: wlan0: [0c:f8:93:eb:84:e0] TKIP replay detected tid 16 <rsc 256, csc 256, keyix 2 rxkeyix 65535>
Oct 2 01:38:10 gertrude kernel: wlan0: ieee80211_crypto_newkey: cipher 1 flags 0x6 keyix 1
Oct 2 01:38:10 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for cipher TKIP, falling back to s/w
Oct 2 01:38:10 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for TKIP MIC, falling back to s/w
Oct 2 01:38:10 gertrude kernel: wlan0: ieee80211_crypto_setkey: TKIP keyix 1 flags 0x1f6 mac ff:ff:ff:ff:ff:ff rsc 256 tsc 0 len 16
Oct 2 01:38:44 gertrude kernel: wlan0: [0c:f8:93:eb:84:e0] TKIP replay detected tid 16 <rsc 256, csc 256, keyix 1 rxkeyix 65535>
Oct 2 02:38:11 gertrude kernel: wlan0: ieee80211_crypto_newkey: cipher 1 flags 0x6 keyix 2
Oct 2 02:38:11 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for cipher TKIP, falling back to s/w
Oct 2 02:38:11 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for TKIP MIC, falling back to s/w
Oct 2 02:38:11 gertrude kernel: wlan0: ieee80211_crypto_setkey: TKIP keyix 2 flags 0x1f6 mac ff:ff:ff:ff:ff:ff rsc 256 tsc 0 len 16
Oct 2 02:38:38 gertrude kernel: wlan0: [0c:f8:93:eb:84:e0] TKIP replay detected tid 16 <rsc 256, csc 256, keyix 2 rxkeyix 65535>
Oct 2 03:38:12 gertrude kernel: wlan0: ieee80211_crypto_newkey: cipher 1 flags 0x6 keyix 1
Oct 2 03:38:12 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for cipher TKIP, falling back to s/w
Oct 2 03:38:12 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for TKIP MIC, falling back to s/w
Oct 2 03:38:12 gertrude kernel: wlan0: ieee80211_crypto_setkey: TKIP keyix 1 flags 0x1f6 mac ff:ff:ff:ff:ff:ff rsc 256 tsc 0 len 16
Oct 2 03:38:32 gertrude kernel: wlan0: [0c:f8:93:eb:84:e0] TKIP replay detected tid 16 <rsc 256, csc 256, keyix 1 rxkeyix 65535>
Oct 2 04:38:13 gertrude kernel: wlan0: ieee80211_crypto_newkey: cipher 1 flags 0x6 keyix 2
Oct 2 04:38:13 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for cipher TKIP, falling back to s/w
Oct 2 04:38:13 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for TKIP MIC, falling back to s/w
Oct 2 04:38:13 gertrude kernel: wlan0: ieee80211_crypto_setkey: TKIP keyix 2 flags 0x1f6 mac ff:ff:ff:ff:ff:ff rsc 256 tsc 0 len 16
Oct 2 04:38:26 gertrude kernel: wlan0: [0c:f8:93:eb:84:e0] TKIP replay detected tid 16 <rsc 256, csc 256, keyix 2 rxkeyix 65535>
Oct 2 05:38:14 gertrude kernel: wlan0: ieee80211_crypto_newkey: cipher 1 flags 0x6 keyix 1
Oct 2 05:38:14 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for cipher TKIP, falling back to s/w
Oct 2 05:38:14 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for TKIP MIC, falling back to s/w
Oct 2 05:38:14 gertrude kernel: wlan0: ieee80211_crypto_setkey: TKIP keyix 1 flags 0x1f6 mac ff:ff:ff:ff:ff:ff rsc 256 tsc 0 len 16
Oct 2 05:38:20 gertrude kernel: wlan0: [0c:f8:93:eb:84:e0] TKIP replay detected tid 16 <rsc 256, csc 256, keyix 1 rxkeyix 65535>
Oct 2 06:38:15 gertrude kernel: wlan0: ieee80211_crypto_newkey: cipher 1 flags 0x6 keyix 2
Oct 2 06:38:15 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for cipher TKIP, falling back to s/w
Oct 2 06:38:15 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for TKIP MIC, falling back to s/w
Oct 2 06:38:15 gertrude kernel: wlan0: ieee80211_crypto_setkey: TKIP keyix 2 flags 0x1f6 mac ff:ff:ff:ff:ff:ff rsc 256 tsc 0 len 16
Oct 2 06:39:16 gertrude kernel: wlan0: [0c:f8:93:eb:84:e0] TKIP replay detected tid 16 <rsc 256, csc 256, keyix 2 rxkeyix 65535>
Oct 2 07:38:16 gertrude kernel: wlan0: ieee80211_crypto_newkey: cipher 1 flags 0x6 keyix 1
Oct 2 07:38:16 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for cipher TKIP, falling back to s/w
Oct 2 07:38:16 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for TKIP MIC, falling back to s/w
Oct 2 07:38:16 gertrude kernel: wlan0: ieee80211_crypto_setkey: TKIP keyix 1 flags 0x1f6 mac ff:ff:ff:ff:ff:ff rsc 256 tsc 0 len 16
Oct 2 07:39:10 gertrude kernel: wlan0: [0c:f8:93:eb:84:e0] TKIP replay detected tid 16 <rsc 256, csc 256, keyix 1 rxkeyix 65535>

In D3596#77844, @adrian wrote:

ok, let's leave this patch out for now. From what I've read, it looks like the whole tx_phase_1 / rx_phase_1 bits are the verbose implementation of the TKIP specification and Sam went for making it clear rather than making it concise/efficient.

If I will keep it - and just will move keytsc upper instead - then this issue will be solved?

Note: that's with 'wlandebug +crypto'

another thing - setkey explicitly reset the keytsc to 1; but your patch no longer does it. It changes the behaviour of setkey().

So should we modify setkey() to set keytsc=0 ? What change will that make in behaviour?

This revision was automatically updated to reflect the committed changes.
In D3596#78129, @adrian wrote:

Note: that's with 'wlandebug +crypto'

Yes, I have used 'wlandebug -i wlan<n> crypto+auth+assoc' here (with no results).

In D3596#78130, @adrian wrote:

another thing - setkey explicitly reset the keytsc to 1; but your patch no longer does it. It changes the behaviour of setkey().

So should we modify setkey() to set keytsc=0 ? What change will that make in behaviour?

It is already set in ieee80211_ioctl_setkey():
...
wk->wk_keytsc = 0; /* new key, reset */
...
if (!ieee80211_crypto_setkey(vap, wk))

error = EIO;

(probably, yes - it will look more consistent)