Age | Commit message (Collapse) | Author |
|
ok damien@, put it ok deraadt@
|
|
Even no bit was set we copied the full 225bytes bitmaks into the beacon.
Found the hard way with acx(4) by mglocker@ and myself.
OK mglocker@ damien@
|
|
|
|
a station is using WPA1 or RSN descriptors.
make sure that a station that advertises WPA1 capability in an IE
uses the WPA1 EAPOL-Key descriptor type and not the RSN one.
fix construction of EAPOL-Key frames for WPA1.
i can now successfuly complete a 4-way and group-key handshake
with both a WPA1 and a WPA2 access point.
add some TKIP encapsulation code (no SW crypto yet).
ok deraadt@
|
|
(for instance if they don't support HW crypto).
|
|
passing the frame to the handlers.
|
|
i only converted ieee80211_recv_rsn_group_msg1() in my previous commit.
|
|
can handle multiple ciphers (the key to use is determined automatically
by these functions based on the frame's destination address).
add ieee80211_ccmp_encrypt() and ieee80211_ccmp_decrypt().
those two functions only do encapsulation/decapsulation of CCMP frames
for now (they don't do SW crypto). they will help to test things with
drivers that can do HW crypto.
add a ni_pairwise_key field to struct ieee80211_node to actually install
the pairwise transient key.
install the GTK in ic_nw_keys[].
|
|
|
|
change ieee80211_recv_eapol() so that it is called without the
ethernet header striped.
|
|
|
|
RSN uses a GTK KDE while WPA1 stores the GTK in the EAPOL-Key frame
data field (encrypted) and uses some bits in the info field.
split ieee80211_recv_group_msg1() in two separate functions.
|
|
4-way handshake to ieee80211_send_4way_msg2().
|
|
fix a test for ni_replaycnt_ok while i'm here.
|
|
TKIP sequence counter (TKIP) or the PN (packet number, CCMP).
|
|
when using WPA-PSK).
add a ni_replaycnt_ok flag to struct ieee80211_node to mark the replay
counter as valid. the replay counter is marked valid only when message
3 of the 4-way handshake is received since message 1 contains no MIC.
|
|
|
|
so use that too and remove a check in ieee80211_recv_eapol().
WPA1 stores the group key id into bits 4-5 of the EAPOL-Key frame info
field and uses bit 6 to indicate if the key is Rx/Tx or Rx only.
remove a check in ieee80211_eapol_key_decrypt() because WPA1 encrypts
the payload of message 1 of the group-key handshake without setting the
encrypted bit in the info field.
|
|
this simplifies ieee80211_eapol_key_mic() and ieee80211_eapol_key_check_mic()
quite a bit.
set the EAPOL-Key body length before computing the MIC since the MIC is
computed with the 802.1X header too.
add a missing htons() while i'm here.
|
|
it is set in message 3.
|
|
|
|
the 4-way and group-key handshake.
the state machine is still missing though so this is not used
anywhere yet.
|
|
add a 64-bit replay counter for sending EAPOL-Key request frames.
add a ic_recv_eapol callback to process EAPOL frames.
drivers can redefine this callback but net80211 will implement it.
|
|
states. those fields will be put in a separate structure (ieee80211_rsna)
in a future cleanup phase to save some space.
add a ni_port_valid field to manage PAE state.
in pre-RSNA networks, this field will be set to 1 after a successful
open authentication. in RSNA networks, this field will be set to 1
after a successful 4-way handshake.
|
|
and a 64-bit receive sequence counter (for group keys).
add a ieee80211_cipher_keylen() function to retrieve the key length
in bytes used by a specific cipher.
account for 802.1X header size when computing the Key MIC.
some cleanup in comments and variable names while i'm here.
|
|
Remove a double definition.
Add definitions for Key Data Encapsulations.
|
|
|
|
fix ieee80211_eapol_key_encrypt() so that we don't add more padding
bytes than necessary in the case of AES Key Wrap encryption.
|
|
we won't support PeerKey handshake in a first time.
|
|
|
|
EAPOL-Key Data fields.
|
|
in an RSNA, each STA must maintain a 256-bit global key counter that
must be initialized to a random value (see 8.5.7).
|
|
prepend 802.1X header.
use byte-arrays to prevent access to unaligned fields.
|
|
explicitly use ovbcopy() even if our kernel memcpy() supports
overlapping buffers.
|
|
this will be used to encrypt/decrypt EAPOL-Key frames payload.
|
|
one that can be used with other ciphers than WEP.
|
|
|
|
add a parameter to ieee80211_decap() to handle different 802.11
header sizes.
cleanup and clarify ieee80211_classify().
|
|
ieee80211_get_cts_to_self() if mbuf allocation fails.
|
|
|
|
structure until the frame has been fully validated.
|
|
the rx buffer.
|
|
some cleanup while i'm here.
|
|
deauth associating stations with bad RSN IEs.
cleanup parsing of vendor-specific IEs.
|
|
still very ugly but hopefully correct.
|
|
it has been #if 0'd since 3.9 and we have never supported this mode (no
ifconfig option etc...).
|
|
the spec says that "APs ignore the Privacy subfield within received
Association and Reassociation Request managements frames".
if the IEEE80211_CAPINFO_ESS bit is not set, reply with the correct status
code (IEEE80211_STATUS_CAPINFO instead of IEEE80211_STATUS_BASIC_RATE).
indent things a bit while i'm here.
|
|
|
|
fixes my 1.36 commit (the bit should not be set for non-AP STA
only in Probe Responses and Beacons).
|
|
remove two comments that were misplaced while I'm here (addr4 is always
located after the i_seq field, not at the end of the header).
|