Page MenuHomeFreeBSD
Differential D3596

net80211: get rid of tx_phase1_done flag (ieee80211_crypto_tkip.c)
ClosedPublic
Actions

Authored by avos on Sep 7 2015, 10:16 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 22, 7:41 AM
Unknown Object (File)
Fri, Nov 22, 7:41 AM
Unknown Object (File)
Fri, Nov 22, 7:41 AM
Unknown Object (File)
Fri, Nov 22, 7:17 AM
Unknown Object (File)
Fri, Nov 15, 4:11 AM
Unknown Object (File)
Fri, Nov 8, 11:22 PM
Unknown Object (File)
Oct 22 2024, 5:40 AM
Unknown Object (File)
Sep 24 2024, 7:16 PM
View All 64 Files
Subscribers
imp

Details

Reviewers
adrian
Commits
rS288525: net80211: get rid of tx_phase1_done flag (ieee80211_crypto_tkip.c).

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

avos updated this revision to Diff 8572.Sep 7 2015, 10:16 PM
avos retitled this revision from to net80211: get rid of tx_phase1_done flag (ieee80211_crypto_tkip.c).
avos updated this object.
avos edited the test plan for this revision. (Show Details)
avos added a reviewer: adrian.
avos set the repository for this revision to rS FreeBSD src repository - subversion.
Herald added a subscriber: imp. · View Herald TranscriptSep 7 2015, 10:16 PM
avos added a child revision: D3638: net80211: add new method for ieee80211_cipher (ic_setiv).Sep 11 2015, 9:20 PM
adrian edited edge metadata.Oct 2 2015, 2:41 AM

ok, I'm now testing this in AP and STA modes. I'll commit it shortly.

adrian added a comment.Oct 2 2015, 6:54 AM

ok, let's leave this patch out for now. From what I've read, it looks like the whole tx_phase_1 / rx_phase_1 bits are the verbose implementation of the TKIP specification and Sam went for making it clear rather than making it concise/efficient.

adrian added a comment.Oct 2 2015, 3:16 PM

here's an example of why I'd like to leave the crypto code alone: everyone gets it slightly wrong:

eg overnight with an AP that's using CCMP for sta keys and TKIP for group keys:

Oct 1 23:46:55 gertrude dhclient: New IP Address (wlan0): 10.0.0.41
Oct 1 23:46:55 gertrude dhclient: New Subnet Mask (wlan0): 255.255.255.0
Oct 1 23:46:55 gertrude dhclient: New Broadcast Address (wlan0): 10.0.0.255
Oct 1 23:46:55 gertrude dhclient: New Routers (wlan0): 10.0.0.1
Oct 2 00:38:09 gertrude kernel: wlan0: ieee80211_crypto_newkey: cipher 1 flags 0x6 keyix 2
Oct 2 00:38:09 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for cipher TKIP, falling back to s/w
Oct 2 00:38:09 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for TKIP MIC, falling back to s/w
Oct 2 00:38:09 gertrude kernel: wlan0: ieee80211_crypto_setkey: TKIP keyix 2 flags 0x1f6 mac ff:ff:ff:ff:ff:ff rsc 256 tsc 0 len 16
Oct 2 00:38:50 gertrude kernel: wlan0: [0c:f8:93:eb:84:e0] TKIP replay detected tid 16 <rsc 256, csc 256, keyix 2 rxkeyix 65535>
Oct 2 01:38:10 gertrude kernel: wlan0: ieee80211_crypto_newkey: cipher 1 flags 0x6 keyix 1
Oct 2 01:38:10 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for cipher TKIP, falling back to s/w
Oct 2 01:38:10 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for TKIP MIC, falling back to s/w
Oct 2 01:38:10 gertrude kernel: wlan0: ieee80211_crypto_setkey: TKIP keyix 1 flags 0x1f6 mac ff:ff:ff:ff:ff:ff rsc 256 tsc 0 len 16
Oct 2 01:38:44 gertrude kernel: wlan0: [0c:f8:93:eb:84:e0] TKIP replay detected tid 16 <rsc 256, csc 256, keyix 1 rxkeyix 65535>
Oct 2 02:38:11 gertrude kernel: wlan0: ieee80211_crypto_newkey: cipher 1 flags 0x6 keyix 2
Oct 2 02:38:11 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for cipher TKIP, falling back to s/w
Oct 2 02:38:11 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for TKIP MIC, falling back to s/w
Oct 2 02:38:11 gertrude kernel: wlan0: ieee80211_crypto_setkey: TKIP keyix 2 flags 0x1f6 mac ff:ff:ff:ff:ff:ff rsc 256 tsc 0 len 16
Oct 2 02:38:38 gertrude kernel: wlan0: [0c:f8:93:eb:84:e0] TKIP replay detected tid 16 <rsc 256, csc 256, keyix 2 rxkeyix 65535>
Oct 2 03:38:12 gertrude kernel: wlan0: ieee80211_crypto_newkey: cipher 1 flags 0x6 keyix 1
Oct 2 03:38:12 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for cipher TKIP, falling back to s/w
Oct 2 03:38:12 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for TKIP MIC, falling back to s/w
Oct 2 03:38:12 gertrude kernel: wlan0: ieee80211_crypto_setkey: TKIP keyix 1 flags 0x1f6 mac ff:ff:ff:ff:ff:ff rsc 256 tsc 0 len 16
Oct 2 03:38:32 gertrude kernel: wlan0: [0c:f8:93:eb:84:e0] TKIP replay detected tid 16 <rsc 256, csc 256, keyix 1 rxkeyix 65535>
Oct 2 04:38:13 gertrude kernel: wlan0: ieee80211_crypto_newkey: cipher 1 flags 0x6 keyix 2
Oct 2 04:38:13 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for cipher TKIP, falling back to s/w
Oct 2 04:38:13 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for TKIP MIC, falling back to s/w
Oct 2 04:38:13 gertrude kernel: wlan0: ieee80211_crypto_setkey: TKIP keyix 2 flags 0x1f6 mac ff:ff:ff:ff:ff:ff rsc 256 tsc 0 len 16
Oct 2 04:38:26 gertrude kernel: wlan0: [0c:f8:93:eb:84:e0] TKIP replay detected tid 16 <rsc 256, csc 256, keyix 2 rxkeyix 65535>
Oct 2 05:38:14 gertrude kernel: wlan0: ieee80211_crypto_newkey: cipher 1 flags 0x6 keyix 1
Oct 2 05:38:14 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for cipher TKIP, falling back to s/w
Oct 2 05:38:14 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for TKIP MIC, falling back to s/w
Oct 2 05:38:14 gertrude kernel: wlan0: ieee80211_crypto_setkey: TKIP keyix 1 flags 0x1f6 mac ff:ff:ff:ff:ff:ff rsc 256 tsc 0 len 16
Oct 2 05:38:20 gertrude kernel: wlan0: [0c:f8:93:eb:84:e0] TKIP replay detected tid 16 <rsc 256, csc 256, keyix 1 rxkeyix 65535>
Oct 2 06:38:15 gertrude kernel: wlan0: ieee80211_crypto_newkey: cipher 1 flags 0x6 keyix 2
Oct 2 06:38:15 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for cipher TKIP, falling back to s/w
Oct 2 06:38:15 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for TKIP MIC, falling back to s/w
Oct 2 06:38:15 gertrude kernel: wlan0: ieee80211_crypto_setkey: TKIP keyix 2 flags 0x1f6 mac ff:ff:ff:ff:ff:ff rsc 256 tsc 0 len 16
Oct 2 06:39:16 gertrude kernel: wlan0: [0c:f8:93:eb:84:e0] TKIP replay detected tid 16 <rsc 256, csc 256, keyix 2 rxkeyix 65535>
Oct 2 07:38:16 gertrude kernel: wlan0: ieee80211_crypto_newkey: cipher 1 flags 0x6 keyix 1
Oct 2 07:38:16 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for cipher TKIP, falling back to s/w
Oct 2 07:38:16 gertrude kernel: wlan0: ieee80211_crypto_newkey: no h/w support for TKIP MIC, falling back to s/w
Oct 2 07:38:16 gertrude kernel: wlan0: ieee80211_crypto_setkey: TKIP keyix 1 flags 0x1f6 mac ff:ff:ff:ff:ff:ff rsc 256 tsc 0 len 16
Oct 2 07:39:10 gertrude kernel: wlan0: [0c:f8:93:eb:84:e0] TKIP replay detected tid 16 <rsc 256, csc 256, keyix 1 rxkeyix 65535>

avos added a comment.Oct 2 2015, 9:26 PM
In D3596#77844, @adrian wrote:

ok, let's leave this patch out for now. From what I've read, it looks like the whole tx_phase_1 / rx_phase_1 bits are the verbose implementation of the TKIP specification and Sam went for making it clear rather than making it concise/efficient.

If I will keep it - and just will move keytsc upper instead - then this issue will be solved?

adrian added a comment.Oct 2 2015, 11:14 PM

Note: that's with 'wlandebug +crypto'

adrian added a comment.Oct 2 2015, 11:22 PM

another thing - setkey explicitly reset the keytsc to 1; but your patch no longer does it. It changes the behaviour of setkey().

So should we modify setkey() to set keytsc=0 ? What change will that make in behaviour?

Closed by commit rS288525: net80211: get rid of tx_phase1_done flag (ieee80211_crypto_tkip.c). (authored by adrian). · Explain WhyOct 3 2015, 12:03 AM
This revision was automatically updated to reflect the committed changes.
avos added a comment.Oct 3 2015, 2:31 AM
In D3596#78129, @adrian wrote:

Note: that's with 'wlandebug +crypto'

Yes, I have used 'wlandebug -i wlan<n> crypto+auth+assoc' here (with no results).

In D3596#78130, @adrian wrote:

another thing - setkey explicitly reset the keytsc to 1; but your patch no longer does it. It changes the behaviour of setkey().

So should we modify setkey() to set keytsc=0 ? What change will that make in behaviour?

It is already set in ieee80211_ioctl_setkey():
...
wk->wk_keytsc = 0; /* new key, reset */
...
if (!ieee80211_crypto_setkey(vap, wk))

error = EIO;

(probably, yes - it will look more consistent)

Revision Contents
Changeset List

PathSize
head/
sys/
net80211/
18 lines

Diff 9076

View Options

head/sys/net80211/ieee80211_crypto_tkip.c

Loading...