diff options
| author | Damien Bergamini <damien@cvs.openbsd.org> | 2008-09-27 15:16:10 +0000 |
|---|---|---|
| committer | Damien Bergamini <damien@cvs.openbsd.org> | 2008-09-27 15:16:10 +0000 |
| commit | b065efd30adfe94123c1b52f0767f407ce44033b (patch) | |
| tree | 03b134eef33bed19b360c566708dc791c3141240 /sys/net80211/ieee80211_ioctl.h | |
| parent | 5f302c06db0af70022a22dff119bab0838242f86 (diff) | |
Initial implementation of PMKSA caching and pre-authentication.
This will be required for future WPA-Enterprise support (802.1X).
Add ieee80211_needs_auth() function (not implemented yet) to
notify the userland 802.1X PACP machine when an 802.1X port
becomes enabled (that is after successfull 802.11 Open System
authentication).
Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the
PACP state machine can kick the 802.11 key state machine and
install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw).
This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC
for data integrity, and AES Key Wrap for data protection of EAPOL-Key
frames. An OpenBSD AP will always advertise this capability and an
OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based
ones if both are supported by an AP.
Diffstat (limited to 'sys/net80211/ieee80211_ioctl.h')
| -rw-r--r-- | sys/net80211/ieee80211_ioctl.h | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/sys/net80211/ieee80211_ioctl.h b/sys/net80211/ieee80211_ioctl.h index 9f15c0fa7e6..bee876d2436 100644 --- a/sys/net80211/ieee80211_ioctl.h +++ b/sys/net80211/ieee80211_ioctl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_ioctl.h,v 1.13 2008/08/12 16:51:39 damien Exp $ */ +/* $OpenBSD: ieee80211_ioctl.h,v 1.14 2008/09/27 15:16:09 damien Exp $ */ /* $NetBSD: ieee80211_ioctl.h,v 1.7 2004/04/30 22:51:04 dyoung Exp $ */ /*- @@ -227,6 +227,21 @@ struct ieee80211_wmmparams { #define SIOCS80211WMMPARMS _IOW('i', 249, struct ieee80211_wmmparams) #define SIOCG80211WMMPARMS _IOWR('i', 250, struct ieee80211_wmmparams) +struct ieee80211_keyavail { + char i_name[IFNAMSIZ]; /* if_name, e.g. "wi0" */ + u_int8_t i_macaddr[IEEE80211_ADDR_LEN]; + u_int8_t i_key[32]; + u_int32_t i_lifetime; +}; + +struct ieee80211_keyrun { + char i_name[IFNAMSIZ]; /* if_name, e.g. "wi0" */ + u_int8_t i_macaddr[IEEE80211_ADDR_LEN]; +}; + +#define SIOCS80211KEYAVAIL _IOW('i', 251, struct ieee80211_keyavail) +#define SIOCS80211KEYRUN _IOW('i', 252, struct ieee80211_keyrun) + /* scan request (will block) */ #define IEEE80211_SCAN_TIMEOUT 30 /* timeout in seconds */ |