From patchwork Sun Feb 14 23:32:25 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Benoit PAPILLAULT X-Patchwork-Id: 79331 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter.kernel.org (8.14.3/8.14.3) with ESMTP id o1ENWcnX030191 for ; Sun, 14 Feb 2010 23:32:38 GMT Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752943Ab0BNXch (ORCPT ); Sun, 14 Feb 2010 18:32:37 -0500 Received: from smtp1-g21.free.fr ([212.27.42.1]:39950 "EHLO smtp1-g21.free.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752684Ab0BNXch (ORCPT ); Sun, 14 Feb 2010 18:32:37 -0500 Received: from smtp1-g21.free.fr (localhost [127.0.0.1]) by smtp1-g21.free.fr (Postfix) with ESMTP id 0ADB79400ED; Mon, 15 Feb 2010 00:32:29 +0100 (CET) Received: from xian.sabine-et-benoit.com (ns.popipo.fr [88.163.232.53]) by smtp1-g21.free.fr (Postfix) with ESMTP id 1B0E69400B3; Mon, 15 Feb 2010 00:32:27 +0100 (CET) Received: by xian.sabine-et-benoit.com (Postfix, from userid 1000) id B1C0E701A8; Mon, 15 Feb 2010 00:32:26 +0100 (CET) From: Benoit Papillault To: johannes@sipsolutions.net Cc: linux-wireless@vger.kernel.org, Benoit Papillault Subject: [PATCH 1/2] mac80211: Ignore replay for IBSS interfaces Date: Mon, 15 Feb 2010 00:32:25 +0100 Message-Id: <1266190346-2247-1-git-send-email-benoit.papillault@free.fr> X-Mailer: git-send-email 1.5.6.5 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Greylist: IP, sender and recipient auto-whitelisted, not delayed by milter-greylist-4.2.3 (demeter.kernel.org [140.211.167.41]); Sun, 14 Feb 2010 23:32:39 +0000 (UTC) diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c index 7ef491e..f7e0062 100644 --- a/net/mac80211/tkip.c +++ b/net/mac80211/tkip.c @@ -234,6 +234,7 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm, u8 rc4key[16], keyid, *pos = payload; int res; const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY]; + bool tkip_decrypt_replay = 0; if (payload_len < 12) return -1; @@ -271,7 +272,7 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm, iv32, iv16, key->u.tkip.rx[queue].iv32, key->u.tkip.rx[queue].iv16); #endif - return TKIP_DECRYPT_REPLAY; + tkip_decrypt_replay = 1; } if (only_iv) { @@ -338,5 +339,8 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm, *out_iv16 = iv16; } + if (tkip_decrypt_replay) + return TKIP_DECRYPT_REPLAY; + return res; } diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c index f4971cd..da1186d 100644 --- a/net/mac80211/wpa.c +++ b/net/mac80211/wpa.c @@ -242,7 +242,9 @@ ieee80211_crypto_tkip_decrypt(struct ieee80211_rx_data *rx) hdr->addr1, hwaccel, rx->queue, &rx->tkip_iv32, &rx->tkip_iv16); - if (res != TKIP_DECRYPT_OK || wpa_test) + if ((res != TKIP_DECRYPT_OK || wpa_test) && + !(res == TKIP_DECRYPT_REPLAY && + rx->sdata->vif.type != NL80211_IFTYPE_ADHOC)) return RX_DROP_UNUSABLE; /* Trim ICV */ @@ -453,7 +455,8 @@ ieee80211_crypto_ccmp_decrypt(struct ieee80211_rx_data *rx) ccmp_hdr2pn(pn, skb->data + hdrlen); - if (memcmp(pn, key->u.ccmp.rx_pn[rx->queue], CCMP_PN_LEN) <= 0) { + if ((memcmp(pn, key->u.ccmp.rx_pn[rx->queue], CCMP_PN_LEN) <= 0) && + (rx->sdata->vif.type != NL80211_IFTYPE_ADHOC)) { key->u.ccmp.replays++; return RX_DROP_UNUSABLE; } @@ -576,7 +579,8 @@ ieee80211_crypto_aes_cmac_decrypt(struct ieee80211_rx_data *rx) bip_ipn_swap(ipn, mmie->sequence_number); - if (memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) { + if ((memcmp(ipn, key->u.aes_cmac.rx_pn, 6) <= 0) && + (rx->sdata->vif.type != NL80211_IFTYPE_ADHOC)) { key->u.aes_cmac.replays++; return RX_DROP_UNUSABLE; }