On Fri, 2008-05-02 at 22:59 +0200, Ivo van Doorn wrote: > On Friday 02 May 2008, Johannes Berg wrote: > > > > > Now there you mention something. Looking at the Legacy driver, they only mention > > > ICV during the TX, but never during RX. I did find that the MMIC is appended at the > > > end of the frame, which is good, but they never do anything that looks like the > > > stripping of the ICV data... > > > So I assume it is stripped in the hardware, but no descriptor definition indicates > > > a ICV field like there is for IV and EIV. Unless.... they do have a 32bits "reserved" field > > > located directly after the IV/EIV fields.. makes one curious if that accidently contains ICV data. ;) > > > > Heh. Maybe the hardware actually does replay protection so it doesn't > > matter? > > The comments in the legacy driver indicates the IV/EIV data was provided for replay attack checking, > and I do see a lot of ReplayCounters being memcpy'ed and memcmp() in the driver. > What is missing is the intialization of those counters to anything other then 0, and > the actual usage of the IV/EIV data in the Rx descriptor. ;) Heh. Actually, yes, if the device does ICV checking then replay detection can be easily done in software w/o the ICV, but mac80211 doesn't support that. You could probably just implement it in the driver though. johannes
Attachment:
signature.asc
Description: This is a digitally signed message part
