1. 05 2月, 2014 2 次提交
  2. 07 1月, 2014 1 次提交
  3. 26 11月, 2013 1 次提交
  4. 11 10月, 2013 1 次提交
  5. 17 5月, 2013 1 次提交
  6. 15 2月, 2013 1 次提交
  7. 05 12月, 2012 1 次提交
  8. 16 10月, 2012 1 次提交
  9. 01 10月, 2012 1 次提交
    • J
      mac80211: Fix FC masking in BIP AAD generation · 33766368
      Jouni Malinen 提交于
      The bits used in the mask were off-by-one and ended up masking PwrMgt,
      MoreData, Protected fields instead of Retry, PwrMgt, MoreData. Fix this
      and to mask the correct fields. While doing so, convert the code to mask
      the full FC using IEEE80211_FCTL_* defines similarly to how CCMP AAD is
      built.
      
      Since BIP is used only with broadcast/multicast management frames, the
      Retry field is always 0 in these frames. The Protected field is also
      zero to maintain backwards compatibility. As such, the incorrect mask
      here does not really cause any problems for valid frames. In theory, an
      invalid BIP frame with Retry or Protected field set to 1 could be
      rejected because of BIP validation. However, no such frame should show
      up with standard compliant implementations, so this does not cause
      problems in normal BIP use.
      Signed-off-by: NJouni Malinen <j@w1.fi>
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      33766368
  10. 17 5月, 2012 2 次提交
  11. 14 3月, 2012 1 次提交
  12. 17 1月, 2012 1 次提交
  13. 12 1月, 2012 1 次提交
  14. 22 11月, 2011 1 次提交
  15. 12 11月, 2011 1 次提交
  16. 09 11月, 2011 1 次提交
  17. 12 10月, 2011 1 次提交
  18. 08 7月, 2011 6 次提交
    • J
      mac80211: simplify RX PN/IV handling · 9e26297a
      Johannes Berg 提交于
      The current rx->queue value is slightly confusing.
      It is set to 16 on non-QoS frames, including data,
      and then used for sequence number and PN/IV checks.
      Until recently, we had a TKIP IV checking bug that
      had been introduced in 2008 to fix a seqno issue.
      Before that, we always used TID 0 for checking the
      PN or IV on non-QoS packets.
      
      Go back to the old status for PN/IV checks using
      the TID 0 counter for non-QoS by splitting up the
      rx->queue value into "seqno_idx" and "security_idx"
      in order to avoid confusion in the future. They
      each have special rules on the value used for non-
      QoS data frames.
      
      Since the handling is now unified, also revert the
      special TKIP handling from my patch
      "mac80211: fix TKIP replay vulnerability".
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      9e26297a
    • J
      mac80211: use AES_BLOCK_SIZE · 0cd20a27
      Johannes Berg 提交于
      mac80211 has a defnition of AES_BLOCK_SIZE and
      multiple definitions of AES_BLOCK_LEN. Remove
      them all and use crypto/aes.h.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      0cd20a27
    • J
      mac80211: fix CMAC races · 75396ae6
      Johannes Berg 提交于
      Just like TKIP and CCMP, CMAC has the PN race.
      It might not actually be possible to hit it now
      since there aren't multiple ACs for management
      frames, but fix it anyway.
      
      Also move scratch buffers onto the stack.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      75396ae6
    • J
      mac80211: fix CCMP races · aba83a0b
      Johannes Berg 提交于
      Since we can process multiple packets at the
      same time for different ACs, but the PN is
      allocated from a single counter, we need to
      use an atomic value there. Use atomic64_t to
      make this cheaper on 64-bit platforms, other
      platforms will support this through software
      emulation, see lib/atomic64.c.
      
      We also need to use an on-stack scratch buf
      so that multiple packets won't corrupt each
      others scratch buffers.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      aba83a0b
    • J
      mac80211: fix TKIP races, make API easier to use · 523b02ea
      Johannes Berg 提交于
      Our current TKIP code races against itself on TX
      since we can process multiple packets at the same
      time on different ACs, but they all share the TX
      context for TKIP. This can lead to bad IVs etc.
      
      Also, the crypto offload helper code just obtains
      the P1K/P2K from the cache, and can update it as
      well, but there's no guarantee that packets are
      really processed in order.
      
      To fix these issues, first introduce a spinlock
      that will protect the IV16/IV32 values in the TX
      context. This first step makes sure that we don't
      assign the same IV multiple times or get confused
      in other ways.
      
      Secondly, change the way the P1K cache works. I
      add a field "p1k_iv32" that stores the value of
      the IV32 when the P1K was last recomputed, and
      if different from the last time, then a new P1K
      is recomputed. This can cause the P1K computation
      to flip back and forth if packets are processed
      out of order. All this also happens under the new
      spinlock.
      
      Finally, because there are argument differences,
      split up the ieee80211_get_tkip_key() API into
      ieee80211_get_tkip_p1k() and ieee80211_get_tkip_p2k()
      and give them the correct arguments.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      523b02ea
    • J
      mac80211: fix TKIP replay vulnerability · 34459512
      Johannes Berg 提交于
      Unlike CCMP, the presence or absence of the QoS
      field doesn't change the encryption, only the
      TID is used. When no QoS field is present, zero
      is used as the TID value. This means that it is
      possible for an attacker to take a QoS packet
      with TID 0 and replay it as a non-QoS packet.
      
      Unfortunately, mac80211 uses different IVs for
      checking the validity of the packet's TKIP IV
      when it checks TID 0 and when it checks non-QoS
      packets. This means it is vulnerable to this
      replay attack.
      
      To fix this, use the same replay counter for
      TID 0 and non-QoS packets by overriding the
      rx->queue value to 0 if it is 16 (non-QoS).
      
      This is a minimal fix for now. I caused this
      issue in
      
      commit 1411f9b5
      Author: Johannes Berg <johannes@sipsolutions.net>
      Date:   Thu Jul 10 10:11:02 2008 +0200
      
          mac80211: fix RX sequence number check
      
      while fixing a sequence number issue (there,
      a separate counter needs to be used).
      
      Cc: stable@kernel.org
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      34459512
  19. 28 6月, 2011 1 次提交
  20. 03 5月, 2011 1 次提交
  21. 04 2月, 2011 2 次提交
    • J
      mac80211: Add testing functionality for TKIP · 681d1190
      Jouni Malinen 提交于
      TKIP countermeasures depend on devices being able to detect Michael
      MIC failures on received frames and for stations to report errors to
      the AP. In order to test that behavior, it is useful to be able to
      send out TKIP frames with incorrect Michael MIC. This testing behavior
      has minimal effect on the TX path, so it can be added to mac80211 for
      convenient use.
      
      The interface for using this functionality is a file in mac80211
      netdev debugfs (tkip_mic_test). Writing a MAC address to the file
      makes mac80211 generate a dummy data frame that will be sent out using
      invalid Michael MIC value. In AP mode, the address needs to be for one
      of the associated stations or ff:ff:ff:ff:ff:ff to use a broadcast
      frame. In station mode, the address can be anything, e.g., the current
      BSSID. It should be noted that this functionality works correctly only
      when associated and using TKIP.
      Signed-off-by: NJouni Malinen <jouni.malinen@atheros.com>
      Acked-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      681d1190
    • J
      mac80211: Remove obsolete TKIP flexibility · 747d753d
      Jouni Malinen 提交于
      The TKIP implementation was originally prepared to be a bit more
      flexible in the way Michael MIC TX/RX keys are configured. However, we
      are now taking care of the TX/RX MIC key swapping in user space, so
      this code will not be needed. Similarly, there were some remaining WPA
      testing code that won't be used in their current form. Remove the
      unneeded extra complexity.
      Signed-off-by: NJouni Malinen <jouni.malinen@atheros.com>
      Reviewed-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      747d753d
  22. 28 9月, 2010 1 次提交
    • J
      mac80211: move packet flags into packet · 554891e6
      Johannes Berg 提交于
      commit 8c0c709e
      Author: Johannes Berg <johannes@sipsolutions.net>
      Date:   Wed Nov 25 17:46:15 2009 +0100
      
          mac80211: move cmntr flag out of rx flags
      
      moved the CMNTR flag into the skb RX flags for
      some aggregation cleanups, but this was wrong
      since the optimisation this flag tried to make
      requires that it is kept across the processing
      of multiple interfaces -- which isn't true for
      flags in the skb. The patch not only broke the
      optimisation, it also introduced a bug: under
      some (common!) circumstances the flag will be
      set on an already freed skb!
      
      However, investigating this in more detail, I
      found that most of the flags that we set should
      be per packet, _except_ for this one, due to
      a-MPDU processing. Additionally, the flags used
      for processing (currently just this one) need
      to be reset before processing a new packet.
      
      Since we haven't actually seen bugs reported as
      a result of the wrong flags handling (which is
      not too surprising -- the only real bug case I
      can come up with is an a-MSDU contained in an
      a-MPDU), I'll make a different fix for rc.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      554891e6
  23. 17 8月, 2010 2 次提交
  24. 09 7月, 2010 1 次提交
    • J
      mac80211: remove wep dependency · 3473187d
      John W. Linville 提交于
      The current mac80211 code assumes that WEP is always available.  If WEP
      fails to initialize, ieee80211_register_hw will always fail.
      
      In some cases (e.g. FIPS certification), the cryptography used by WEP is
      unavailable.  However, in such cases there is no good reason why CCMP
      encryption (or even no link level encryption) cannot be used.  So, this
      patch removes mac80211's assumption that WEP (and TKIP) will always be
      available for use.
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      3473187d
  25. 16 6月, 2010 1 次提交
  26. 30 3月, 2010 1 次提交
    • T
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking... · 5a0e3ad6
      Tejun Heo 提交于
      include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
      
      percpu.h is included by sched.h and module.h and thus ends up being
      included when building most .c files.  percpu.h includes slab.h which
      in turn includes gfp.h making everything defined by the two files
      universally available and complicating inclusion dependencies.
      
      percpu.h -> slab.h dependency is about to be removed.  Prepare for
      this change by updating users of gfp and slab facilities include those
      headers directly instead of assuming availability.  As this conversion
      needs to touch large number of source files, the following script is
      used as the basis of conversion.
      
        http://userweb.kernel.org/~tj/misc/slabh-sweep.py
      
      The script does the followings.
      
      * Scan files for gfp and slab usages and update includes such that
        only the necessary includes are there.  ie. if only gfp is used,
        gfp.h, if slab is used, slab.h.
      
      * When the script inserts a new include, it looks at the include
        blocks and try to put the new include such that its order conforms
        to its surrounding.  It's put in the include block which contains
        core kernel includes, in the same order that the rest are ordered -
        alphabetical, Christmas tree, rev-Xmas-tree or at the end if there
        doesn't seem to be any matching order.
      
      * If the script can't find a place to put a new include (mostly
        because the file doesn't have fitting include block), it prints out
        an error message indicating which .h file needs to be added to the
        file.
      
      The conversion was done in the following steps.
      
      1. The initial automatic conversion of all .c files updated slightly
         over 4000 files, deleting around 700 includes and adding ~480 gfp.h
         and ~3000 slab.h inclusions.  The script emitted errors for ~400
         files.
      
      2. Each error was manually checked.  Some didn't need the inclusion,
         some needed manual addition while adding it to implementation .h or
         embedding .c file was more appropriate for others.  This step added
         inclusions to around 150 files.
      
      3. The script was run again and the output was compared to the edits
         from #2 to make sure no file was left behind.
      
      4. Several build tests were done and a couple of problems were fixed.
         e.g. lib/decompress_*.c used malloc/free() wrappers around slab
         APIs requiring slab.h to be added manually.
      
      5. The script was run on all .h files but without automatically
         editing them as sprinkling gfp.h and slab.h inclusions around .h
         files could easily lead to inclusion dependency hell.  Most gfp.h
         inclusion directives were ignored as stuff from gfp.h was usually
         wildly available and often used in preprocessor macros.  Each
         slab.h inclusion directive was examined and added manually as
         necessary.
      
      6. percpu.h was updated not to include slab.h.
      
      7. Build test were done on the following configurations and failures
         were fixed.  CONFIG_GCOV_KERNEL was turned off for all tests (as my
         distributed build env didn't work with gcov compiles) and a few
         more options had to be turned off depending on archs to make things
         build (like ipr on powerpc/64 which failed due to missing writeq).
      
         * x86 and x86_64 UP and SMP allmodconfig and a custom test config.
         * powerpc and powerpc64 SMP allmodconfig
         * sparc and sparc64 SMP allmodconfig
         * ia64 SMP allmodconfig
         * s390 SMP allmodconfig
         * alpha SMP allmodconfig
         * um on x86_64 SMP allmodconfig
      
      8. percpu.h modifications were reverted so that it could be applied as
         a separate patch and serve as bisection point.
      
      Given the fact that I had only a couple of failures from tests on step
      6, I'm fairly confident about the coverage of this conversion patch.
      If there is a breakage, it's likely to be something in one of the arch
      headers which should be easily discoverable easily on most builds of
      the specific arch.
      Signed-off-by: NTejun Heo <tj@kernel.org>
      Guess-its-ok-by: NChristoph Lameter <cl@linux-foundation.org>
      Cc: Ingo Molnar <mingo@redhat.com>
      Cc: Lee Schermerhorn <Lee.Schermerhorn@hp.com>
      5a0e3ad6
  27. 20 1月, 2010 1 次提交
    • J
      mac80211: move control.hw_key assignment · 813d7669
      Johannes Berg 提交于
      When mac80211 asks a driver to encrypt a frame, it
      must assign the control.hw_key pointer for it to
      know which key to use etc. Currently, mac80211 does
      this whenever it would software-encrypt a frame.
      
      Change the logic of this code to assign the hw_key
      pointer when selecting the key, and later check it
      when deciding whether to encrypt the frame or let
      it be encrypted by the hardware. This allows us to
      later simply skip the encryption function since it
      no longer modifies the TX control.
      Signed-off-by: NJohannes Berg <johannes@sipsolutions.net>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      813d7669
  28. 19 11月, 2009 1 次提交
  29. 11 7月, 2009 1 次提交
  30. 23 4月, 2009 1 次提交
    • J
      nl80211: Add Michael MIC failure event · a3b8b056
      Jouni Malinen 提交于
      Define a new nl80211 event, NL80211_CMD_MICHAEL_MIC_FAILURE, to be
      used to notify user space about locally detected Michael MIC failures.
      This matches with the MLME-MICHAELMICFAILURE.indication() primitive.
      
      Since we do not actually have TSC in the skb anymore when
      mac80211_ev_michael_mic_failure() is called, that function is changed
      to take in the TSC as an optional parameter instead of as a
      requirement to include the TSC after the hdr field (which we did not
      really follow). For now, TSC is not included in the events from
      mac80211, but it could be added at some point.
      Signed-off-by: NJouni Malinen <j@w1.fi>
      Signed-off-by: NJohn W. Linville <linville@tuxdriver.com>
      a3b8b056
  31. 28 3月, 2009 1 次提交