Re: [PATCH 1/2] mac80211: Ignore replay for IBSS interfaces

Johannes Berg <johannes@xxxxxxxxxxxxxxxx> · Mon, 15 Feb 2010 10:22:42 +0100



On Mon, 2010-02-15 at 00:32 +0100, Benoit Papillault wrote:
> Using WPA-NONE, the same key is used on multiple stations. As such,
> with
> at least 3 nodes, a node will receive frames from the other 2 nodes
> and
> frames from one of those nodes will be ignored since they are being
> detected as replayed.
> 
> Note: WPA-NONE is not specified in 802.11i. Instead WPA2 should be
> used,
> but it is not currently implemented.
> 
> Signed-off-by: Benoit Papillault <benoit.papillault@xxxxxxx>
> ---
>  net/mac80211/tkip.c |    6 +++++-
>  net/mac80211/wpa.c  |   10 +++++++---
>  2 files changed, 12 insertions(+), 4 deletions(-)
> 
> diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c
> index 7ef491e..f7e0062 100644
> --- a/net/mac80211/tkip.c
> +++ b/net/mac80211/tkip.c
> @@ -234,6 +234,7 @@ int ieee80211_tkip_decrypt_data(struct
> crypto_blkcipher *tfm,
>  	u8 rc4key[16], keyid, *pos = payload;
>  	int res;
>  	const u8 *tk = &key->conf.key[NL80211_TKIP_DATA_OFFSET_ENCR_KEY];
> +	bool tkip_decrypt_replay = 0;
>  
>  	if (payload_len < 12)
>  		return -1;
> @@ -271,7 +272,7 @@ int ieee80211_tkip_decrypt_data(struct
> crypto_blkcipher *tfm,
>  		       iv32, iv16, key->u.tkip.rx[queue].iv32,
>  		       key->u.tkip.rx[queue].iv16);
>  #endif
> -		return TKIP_DECRYPT_REPLAY;
> +		tkip_decrypt_replay = 1;
>  	}
>  
>  	if (only_iv) {
> @@ -338,5 +339,8 @@ int ieee80211_tkip_decrypt_data(struct
> crypto_blkcipher *tfm,
>  		*out_iv16 = iv16;
>  	}
>  
> +	if (tkip_decrypt_replay)
> +		return TKIP_DECRYPT_REPLAY;
> +
>  	return res;
>  }
> diff --git a/net/mac80211/wpa.c b/net/mac80211/wpa.c
> index f4971cd..da1186d 100644
> --- a/net/mac80211/wpa.c
> +++ b/net/mac80211/wpa.c
> @@ -242,7 +242,9 @@ ieee80211_crypto_tkip_decrypt(struct
> ieee80211_rx_data *rx)
>  					  hdr->addr1, hwaccel, rx->queue,
>  					  &rx->tkip_iv32,
>  					  &rx->tkip_iv16);
> -	if (res != TKIP_DECRYPT_OK || wpa_test)
> +	if ((res != TKIP_DECRYPT_OK || wpa_test) &&
> +	    !(res == TKIP_DECRYPT_REPLAY &&
> +	      rx->sdata->vif.type != NL80211_IFTYPE_ADHOC))
>  		return RX_DROP_UNUSABLE;

NACK. This will clearly _break_ any proper RSN implementation. WPA-NONE
is the non-standard thing here, so requiring that somebody wanting to
implement proper RSN fix this doesn't seem right to me. And RSN
shouldn't actually be hard to implement with the events that we have now
-- it might just be a userspace thing.

johannes
Attachment:
signature.asc

Description: This is a digitally signed message part