diff options
author | Johannes Berg <johannes@sipsolutions.net> | 2007-09-26 15:19:45 +0200 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-10 16:53:16 -0700 |
commit | 50741ae05a4742cae99361f57d84b5f8d33822a4 (patch) | |
tree | e655586b7d22a9504aaad7aa79401e8ff1c71770 /net/mac80211/tkip.c | |
parent | fb1c1cd6c5a8988b14c5c6c0dfe55542df3a34c6 (diff) | |
download | kernel-crypto-50741ae05a4742cae99361f57d84b5f8d33822a4.tar.gz kernel-crypto-50741ae05a4742cae99361f57d84b5f8d33822a4.tar.xz kernel-crypto-50741ae05a4742cae99361f57d84b5f8d33822a4.zip |
[PATCH] mac80211: fix TKIP IV update
The TKIP IV should be updated only after MMIC verification,
this patch changes it to be at that spot.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
Diffstat (limited to 'net/mac80211/tkip.c')
-rw-r--r-- | net/mac80211/tkip.c | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/net/mac80211/tkip.c b/net/mac80211/tkip.c index 5b11f14abfb..3abe194e4d5 100644 --- a/net/mac80211/tkip.c +++ b/net/mac80211/tkip.c @@ -238,7 +238,8 @@ void ieee80211_tkip_encrypt_data(struct crypto_blkcipher *tfm, int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm, struct ieee80211_key *key, u8 *payload, size_t payload_len, u8 *ta, - int only_iv, int queue) + int only_iv, int queue, + u32 *out_iv32, u16 *out_iv16) { u32 iv32; u32 iv16; @@ -332,11 +333,14 @@ int ieee80211_tkip_decrypt_data(struct crypto_blkcipher *tfm, res = ieee80211_wep_decrypt_data(tfm, rc4key, 16, pos, payload_len - 12); done: if (res == TKIP_DECRYPT_OK) { - /* FIX: these should be updated only after Michael MIC has been - * verified */ - /* Record previously received IV */ - key->u.tkip.iv32_rx[queue] = iv32; - key->u.tkip.iv16_rx[queue] = iv16; + /* + * Record previously received IV, will be copied into the + * key information after MIC verification. It is possible + * that we don't catch replays of fragments but that's ok + * because the Michael MIC verication will then fail. + */ + *out_iv32 = iv32; + *out_iv16 = iv16; } return res; |