| Age | Commit message (Collapse) | Author |
|---|
|
|
|
move ieee80211_setup_rates() to ieee80211_node.c
move some prototypes from ieee80211_proto.h to ieee80211_crypto.h
|
|
|
|
- add a ieee80211_recv_action() function (will be used later)
- some cleanup, remove unused prototypes, get rid of the
IEEE80211_VERIFY_* macros
|
|
4-way handshake, regardless of what protocol the supplicant is using.
Ignore the IEs we don't care about instead of deauthenticating with a
reason code of 'RSN_DIFFERENT_IE'.
|
|
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should
work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@
ok deraadt@
|
|
ok krw@
|
|
"looks ok" markus@
|
|
- discard all EAPOL-Key frames with an unknown descriptor version.
- when receiving message 3/4 of the 4-way handshake, do not install
the PTK if the INSTALL bit is not set. this fixes 4-way handshake
with APs using group keys only.
- similarly, do not mark the 802.1X port as valid if the SECURE bit
is not set (it will be marked as valid after group key handshake).
|
|
add some RSNA authenticator state machine bits.
|
|
message 2/4 of the 4-way handshake because the authenticator must
derive the PTK first (the MIC is computed using the KCK).
Move calls to ieee80211_eapol_key_check_mic() - and as a consequence
ieee80211_eapol_key_decrypt() - directly in the
ieee80211_recv_{group,4way}_msg*() functions.
Unconstify the first parameter since checking the MIC modifies the
frame. Remove ni->ni_ptk_ok field while i'm here.
|
|
information element in a management frame.
the authenticator has to make a copy of the RSN/WPA1 IE from
(Re)Association requests so that it can be compared with the
one included in message 2/4 of the 4-way handshake.
|
|
of a management or data frame (check if the i_qos, i_ht or i_addr4
are present).
|
|
message 4 based on the EAPOL-Key frame secure bit.
the only thing that differentiate these messages is the presence of
the RSN/WPA1 IE in the EAPOL-Key frame data field.
only message 2/4 contains this IE.
|
|
Tx/Rx MIC for TKIP.
- add two functions to map a PTK and a GTK to an IEEE 802.11 key and
use them in ieee80211_input.c instead of duplicating the same code.
properly set Tx/Rx MIC in the IEEE 802.11 key in the case of TKIP.
- add ic_psk to struct ieee80211com to store the pre-shared key.
- fix setting of the SECURE bit in outgoing EAPOL-Key frames.
- when receiving msg 2 of the 4-way handshake, deauthenticate the
station if the RSN IE does not match that of the (Re)Association
request.
- before parsing an RSN or WPA IE, check that there's enough room for
the version field (2 bytes) which is mandatory.
- various tweaks while i'm here.
|
|
from damien
|
|
ok damien@, put it ok deraadt@
|
|
|
|
a station is using WPA1 or RSN descriptors.
make sure that a station that advertises WPA1 capability in an IE
uses the WPA1 EAPOL-Key descriptor type and not the RSN one.
fix construction of EAPOL-Key frames for WPA1.
i can now successfuly complete a 4-way and group-key handshake
with both a WPA1 and a WPA2 access point.
add some TKIP encapsulation code (no SW crypto yet).
ok deraadt@
|
|
(for instance if they don't support HW crypto).
|
|
passing the frame to the handlers.
|
|
i only converted ieee80211_recv_rsn_group_msg1() in my previous commit.
|
|
can handle multiple ciphers (the key to use is determined automatically
by these functions based on the frame's destination address).
add ieee80211_ccmp_encrypt() and ieee80211_ccmp_decrypt().
those two functions only do encapsulation/decapsulation of CCMP frames
for now (they don't do SW crypto). they will help to test things with
drivers that can do HW crypto.
add a ni_pairwise_key field to struct ieee80211_node to actually install
the pairwise transient key.
install the GTK in ic_nw_keys[].
|
|
|
|
change ieee80211_recv_eapol() so that it is called without the
ethernet header striped.
|
|
RSN uses a GTK KDE while WPA1 stores the GTK in the EAPOL-Key frame
data field (encrypted) and uses some bits in the info field.
split ieee80211_recv_group_msg1() in two separate functions.
|
|
4-way handshake to ieee80211_send_4way_msg2().
|
|
fix a test for ni_replaycnt_ok while i'm here.
|
|
when using WPA-PSK).
add a ni_replaycnt_ok flag to struct ieee80211_node to mark the replay
counter as valid. the replay counter is marked valid only when message
3 of the 4-way handshake is received since message 1 contains no MIC.
|
|
|
|
so use that too and remove a check in ieee80211_recv_eapol().
WPA1 stores the group key id into bits 4-5 of the EAPOL-Key frame info
field and uses bit 6 to indicate if the key is Rx/Tx or Rx only.
remove a check in ieee80211_eapol_key_decrypt() because WPA1 encrypts
the payload of message 1 of the group-key handshake without setting the
encrypted bit in the info field.
|
|
it is set in message 3.
|
|
|
|
the 4-way and group-key handshake.
the state machine is still missing though so this is not used
anywhere yet.
|
|
add a parameter to ieee80211_decap() to handle different 802.11
header sizes.
cleanup and clarify ieee80211_classify().
|
|
|
|
structure until the frame has been fully validated.
|
|
the rx buffer.
|
|
some cleanup while i'm here.
|
|
deauth associating stations with bad RSN IEs.
cleanup parsing of vendor-specific IEs.
|
|
it has been #if 0'd since 3.9 and we have never supported this mode (no
ifconfig option etc...).
|
|
the spec says that "APs ignore the Privacy subfield within received
Association and Reassociation Request managements frames".
if the IEEE80211_CAPINFO_ESS bit is not set, reply with the correct status
code (IEEE80211_STATUS_CAPINFO instead of IEEE80211_STATUS_BASIC_RATE).
indent things a bit while i'm here.
|
|
|
|
a default ieee80211_set_tim() function that drivers can override
by setting ic_set_tim.
|
|
pointed out by claudio@
|
|
to parse both WPA1 and RSN (WPA2) IEs.
rename ieee80211_parse_edca_params_common() into
ieee80211_parse_edca_params_body() while i'm here.
|
|
for consistency.
|
|
|
|
unfortunately, most APs that advertise themselves as being
802.11e capable still use the Microsoft OUI instead of the
standard IEEE 802.11 information element.
|
|
add myself to the copyright list.
|
