Search Linux Wireless

RE: [PATCH] mac80211: Handle race condition in replay handling

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Jouni,

Some more additional information:

In our solution,
1. Decryption happens in FW. 
2. Reordering and replay detection happen in MAC.

-----Original Message-----
From: Amit SHAKYA 
Sent: Monday, May 21, 2012 6:13 PM
To: 'Jouni Malinen'
Cc: John W. Linville; linux-wireless (linux-wireless@xxxxxxxxxxxxxxx); Johannes Berg (johannes@xxxxxxxxxxxxxxxx)
Subject: RE: [PATCH] mac80211: Handle race condition in replay handling

Hi Jouni,

My comments inline [AS]:

-----Original Message-----
From: Jouni Malinen [mailto:j@xxxxx] 
Sent: Friday, May 18, 2012 7:10 PM
To: Amit SHAKYA
Cc: John W. Linville; linux-wireless (linux-wireless@xxxxxxxxxxxxxxx); Johannes Berg (johannes@xxxxxxxxxxxxxxxx)
Subject: Re: [PATCH] mac80211: Handle race condition in replay handling

On Thu, May 17, 2012 at 11:40:16AM +0200, Amit SHAKYA wrote:
> Added fix for the issue where the Rx throughput use to get stuck,
> with unicast key rotation feature enabled in the Cisco AP.
> The issue is that due to race condition during EAPOL key
> handshake and packet reception, the PN gets reset at MAC, while
> it still receives previous PN range packets for a while from AP.

How would that happen? I would assume the previous PN range is still
used with the old key and as such, the PN updates should not be accepted
for the new key.

[AS] What I mean here is that the during the period when the EAPOL is
received by supplicant till new key is applied (PN reset) at FW, there is
some delay. During which, due to ongoing high throughput, some packets are
received which are decrypted by FW with old key and had been handed
over to host driver but not yet delivered to MAC or are in transit from
FW to the host driver to be finally delivered to MAC. They have been
decrypted successfully by the FW using the old key during this phase
but not yet received by MAC.

> At MAC, there is a memcpy of the PN from the received PN
> and as a result the maintained PN is overwritten with the
> previous PN sequence value after being reset at the time, new
> key is plumbed by supplicant.
> 
> As a result, when this change in sequence number happens, the
> replay detection handling in MAC gets triggered, causing the
> traffic to stops for some while till PN re-match, with the
> one last updated at MAC.
> 
> The fix takes care of selectively updating the Rx PN during
> this transition phase.

This sounds incorrect.. I don't really like the idea of adding the extra
hack here and the additional memcmp() calls either.

Would you be able to provide more detailed description on how the PN
values are used based on the key (old/new) and how the PN value for the
new key gets updated based on the old range?

[AS] In the race condition scenario, i.e. new key updated at MAC and
MAC receiving packets from driver, __ieee80211_key_replace function is invoked
to apply the new keys. It replaces the key entry in sta->ptk to the new key
entry (PN reset to 0). Note the sta is connected all this while and just the
PTK is renewed.
However due to race condition mentioned above, it is still receiving old PN
packets from driver. At this point of time on receiving old PN packets, 
ieee80211_rx_h_decrypt will just dereference the new key entry from
rx->sta->ptk and store it in rx->key.


Refer code
	if (rx->sta)
		sta_ptk = rcu_dereference(rx->sta->ptk);

...
	if (!is_multicast_ether_addr(hdr->addr1) && sta_ptk) {
		rx->key = sta_ptk;


Now within ieee80211_crypto_ccmp_decrypt function, this key is dereferenced and
used for key replay detection as well as the received PN is also updated in it.
 	memcpy(key->u.ccmp.rx_pn[queue], pn, CCMP_PN_LEN);

This triggers the issue wherein the PN gets updated with the old PN and mentioned
issue happens.

Hope this explains. 
Please let me know, in case more details are required.

-- 
Jouni Malinen                                            PGP id EFC895FA
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Wireless Personal Area Network]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Hiking]     [MIPS Linux]     [ARM Linux]     [Linux RAID]

  Powered by Linux