diff options
| author | Stefan Sperling <stsp@cvs.openbsd.org> | 2017-03-01 19:28:49 +0000 |
|---|---|---|
| committer | Stefan Sperling <stsp@cvs.openbsd.org> | 2017-03-01 19:28:49 +0000 |
| commit | 353445e9d181c65f16069e38930d0964f992c014 (patch) | |
| tree | a5ffd5aee5d6ef87538497749ded4bc12d8f8610 /sys/net80211/ieee80211_node.h | |
| parent | 7e044a6343adf75c483b0708d64d940806878eb5 (diff) | |
Fix a bug allowing a man-in-the-middle attack against WPA wireless clients.
A malicious AP could trick clients into connecting to the malicious AP
instead of the desired AP. All frames would then be sent in the clear.
This problem was found and reported by Mathy Vanhoef who also provided
an initial patch which we improved together.
Diffstat (limited to 'sys/net80211/ieee80211_node.h')
| -rw-r--r-- | sys/net80211/ieee80211_node.h | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/sys/net80211/ieee80211_node.h b/sys/net80211/ieee80211_node.h index 0be94e5a03c..d1b6067e255 100644 --- a/sys/net80211/ieee80211_node.h +++ b/sys/net80211/ieee80211_node.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_node.h,v 1.65 2017/02/02 16:47:53 stsp Exp $ */ +/* $OpenBSD: ieee80211_node.h,v 1.66 2017/03/01 19:28:48 stsp Exp $ */ /* $NetBSD: ieee80211_node.h,v 1.9 2004/04/30 22:57:32 dyoung Exp $ */ /*- @@ -99,6 +99,14 @@ enum { RSNA_KEYERROR }; +/* Supplicant state machine: 4-Way Handshake (not documented in standard) */ +enum { + RSNA_SUPP_INITIALIZE, /* not expecting any messages */ + RSNA_SUPP_PTKSTART, /* awaiting handshake message 1 */ + RSNA_SUPP_PTKNEGOTIATING, /* got message 1 and derived PTK */ + RNSA_SUPP_PTKDONE /* got message 3 and authenticated AP */ +}; + struct ieee80211_rxinfo { u_int32_t rxi_flags; u_int32_t rxi_tstamp; @@ -208,6 +216,7 @@ struct ieee80211_node { /* RSN */ struct timeout ni_eapol_to; u_int ni_rsn_state; + u_int ni_rsn_supp_state; u_int ni_rsn_gstate; u_int ni_rsn_retries; u_int ni_rsnprotos; |