TKIP, Fragmentation, and TSC
Last Post: August 9, 2008:
-
Hi All,
As IEEE 802.11-2007 (page 166 part b) states:
"If needed, IEEE Std 802.11 fragments the MSDU with MIC into one or more MPDUs. TKIP assigns
a monotonically increasing TSC value to each MPDU, taking care that all the MPDUs generated
from the same MSDU have the same value of extended IV"
And on page 168 states:
"TSC5 is the most significant octet of the TSC, and TSC0 is the least significant. Octets TSC0 and TSC1
form the IV sequence number and are used with the TKIP Phase 2 key mixing. Octets TSC2?¡é?€?¡°TSC5 are used
in the TKIP Phase 1 key hashing and are in the Extended IV field. When the lower 16-bit sequence number rolls over (0xFFFF--->0x0000), the extended IV value, i.e., the upper 32 bits of the entire 48-bit TSC, shall be incremented by 1. "
Consider the situation that the lower 16-bit sequence number will exhaust after two next frames and we have a MSDU which should break down to three MPDUs. First MPDU has a unique TSC number. Following that the second MPDU has a unique TSC number (previous TSC number +1) with the same value of extended IV but on third MPDU the 16-bit sequence number will be exhausted and according IEEE 802.11-2007 the extended value shall be incremented by 1. So it is opposite of the first paragraph indicating that all the MPDUs generated from the same MSDU have the same value of extended IV.
I will appreciate if someone could help me on this subject.
- 1