summaryrefslogtreecommitdiff
path: root/sys/net80211
AgeCommit message (Collapse)Author
2007-10-08Get trunk(4) working again with 802.11 devices. Spotted by ajacoutot@.Marcus Glocker
Diff has been done in co-work with damien@, jsg@, reyk@, and claudio@. OK damien@
2007-09-18arc4random_bytes() is the preferred interface for generating nonces;Damien Miller
"looks ok" markus@
2007-09-15realy -> really in comments. Most reported on tech@ by Jung.Kenneth R Westerback
2007-09-11remove horrid casts now that SHA1Update() has been constified.Damien Bergamini
2007-09-07use new malloc M_ZERO flag + replace MALLOC with mallocDamien Bergamini
2007-08-29typo in a macro (fortunately unused): 0c00 -> 0x00Damien Bergamini
2007-08-29- use ieee80211_get_hdrlen() where appropriate.Damien Bergamini
- discard all EAPOL-Key frames with an unknown descriptor version. - when receiving message 3/4 of the 4-way handshake, do not install the PTK if the INSTALL bit is not set. this fixes 4-way handshake with APs using group keys only. - similarly, do not mark the 802.1X port as valid if the SECURE bit is not set (it will be marked as valid after group key handshake).
2007-08-27rework ieee80211_recv_4way_msg2() function.Damien Bergamini
add some RSNA authenticator state machine bits.
2007-08-27Checking the MIC early in ieee80211_recv_eapol() does not work forDamien Bergamini
message 2/4 of the 4-way handshake because the authenticator must derive the PTK first (the MIC is computed using the KCK). Move calls to ieee80211_eapol_key_check_mic() - and as a consequence ieee80211_eapol_key_decrypt() - directly in the ieee80211_recv_{group,4way}_msg*() functions. Unconstify the first parameter since checking the MIC modifies the frame. Remove ni->ni_ptk_ok field while i'm here.
2007-08-23add a new ieee80211_save_ie() function to make a copy of anDamien Bergamini
information element in a management frame. the authenticator has to make a copy of the RSN/WPA1 IE from (Re)Association requests so that it can be compared with the one included in message 2/4 of the 4-way handshake.
2007-08-23add ieee80211_get_hdrlen() to compute the size of the 802.11 headerDamien Bergamini
of a management or data frame (check if the i_qos, i_ht or i_addr4 are present).
2007-08-23the authenticator can't differentiate 4-way handshake message 2 fromDamien Bergamini
message 4 based on the EAPOL-Key frame secure bit. the only thing that differentiate these messages is the presence of the RSN/WPA1 IE in the EAPOL-Key frame data field. only message 2/4 contains this IE.
2007-08-23add pseudo-header definition for TKIP MIC computation.Damien Bergamini
2007-08-23fix ieee80211_map_ptk() for TKIP.Damien Bergamini
2007-08-22add a ieee80211_get_txkey() function to determine the key to use forDamien Bergamini
transmitting a frame to a given node. change ieee80211_encrypt() so that it now takes the key as parameter. this change is required because drivers doing hardware crypto need to know what key is being used.
2007-08-22- add k_rxmic and k_txmic fields to struct ieee80211_key to store theDamien Bergamini
Tx/Rx MIC for TKIP. - add two functions to map a PTK and a GTK to an IEEE 802.11 key and use them in ieee80211_input.c instead of duplicating the same code. properly set Tx/Rx MIC in the IEEE 802.11 key in the case of TKIP. - add ic_psk to struct ieee80211com to store the pre-shared key. - fix setting of the SECURE bit in outgoing EAPOL-Key frames. - when receiving msg 2 of the 4-way handshake, deauthenticate the station if the RSN IE does not match that of the (Re)Association request. - before parsing an RSN or WPA IE, check that there's enough room for the version field (2 bytes) which is mandatory. - various tweaks while i'm here.
2007-08-16back out part of last diff; breaks all hardware wep decryption.Theo de Raadt
from damien
2007-08-14Prevent sneaking in unencrypted packets into WEP traffic.Alexander Bluhm
ok damien@, put it ok deraadt@
2007-08-05Fix the length calculation of the TIM bitmask in ieee80211_add_tim().Claudio Jeker
Even no bit was set we copied the full 225bytes bitmaks into the beacon. Found the hard way with acx(4) by mglocker@ and myself. OK mglocker@ damien@
2007-08-03fix parsing of GTK KDE.Damien Bergamini
2007-08-03add a ni_eapol_desc field to struct ieee80211_node to know whetherDamien Bergamini
a station is using WPA1 or RSN descriptors. make sure that a station that advertises WPA1 capability in an IE uses the WPA1 EAPOL-Key descriptor type and not the RSN one. fix construction of EAPOL-Key frames for WPA1. i can now successfuly complete a 4-way and group-key handshake with both a WPA1 and a WPA2 access point. add some TKIP encapsulation code (no SW crypto yet). ok deraadt@
2007-08-01allow ic_set_key to be NULL so that drivers won't need to implement itDamien Bergamini
(for instance if they don't support HW crypto).
2007-08-01make sure the MIC field is set in group key handshake messages beforeDamien Bergamini
passing the frame to the handlers.
2007-08-01make ieee80211_recv_wpa_group_msg1() install the GTK in ic_nw_keys[] too.Damien Bergamini
i only converted ieee80211_recv_rsn_group_msg1() in my previous commit.
2007-08-01add generic ieee80211_encrypt() and ieee80211_decrypt() functions thatDamien Bergamini
can handle multiple ciphers (the key to use is determined automatically by these functions based on the frame's destination address). add ieee80211_ccmp_encrypt() and ieee80211_ccmp_decrypt(). those two functions only do encapsulation/decapsulation of CCMP frames for now (they don't do SW crypto). they will help to test things with drivers that can do HW crypto. add a ni_pairwise_key field to struct ieee80211_node to actually install the pairwise transient key. install the GTK in ic_nw_keys[].
2007-08-01unbreak.Damien Bergamini
2007-08-01check the key length field in message 3 of the 4-way handshake.Damien Bergamini
change ieee80211_recv_eapol() so that it is called without the ethernet header striped.
2007-08-01set key length field in message 1 & 3 of the 4-way handshake.Damien Bergamini
2007-08-01group key handshake message 1 is very different between RSN and WPA1.Damien Bergamini
RSN uses a GTK KDE while WPA1 stores the GTK in the EAPOL-Key frame data field (encrypted) and uses some bits in the info field. split ieee80211_recv_group_msg1() in two separate functions.
2007-08-01pass the supplicant's nonce generated on reception of message 1 of theDamien Bergamini
4-way handshake to ieee80211_send_4way_msg2().
2007-08-01in 4-way handshake messages 2 and 3, parse vendor-specific WPA1 IEs too.Damien Bergamini
fix a test for ni_replaycnt_ok while i'm here.
2007-08-01add a TSC field to the key structure. it will be used to store theDamien Bergamini
TKIP sequence counter (TKIP) or the PN (packet number, CCMP).
2007-08-01PMKID KDE is optionnal in message 1 of the 4-way handshake (at leastDamien Bergamini
when using WPA-PSK). add a ni_replaycnt_ok flag to struct ieee80211_node to mark the replay counter as valid. the replay counter is marked valid only when message 3 of the 4-way handshake is received since message 1 contains no MIC.
2007-08-01fix parsing and construction of RSN/WPA IEs.Damien Bergamini
2007-08-01all WPA implementations i have tested use EAPOL-Key frames version 1,Damien Bergamini
so use that too and remove a check in ieee80211_recv_eapol(). WPA1 stores the group key id into bits 4-5 of the EAPOL-Key frame info field and uses bit 6 to indicate if the key is Rx/Tx or Rx only. remove a check in ieee80211_eapol_key_decrypt() because WPA1 encrypts the payload of message 1 of the group-key handshake without setting the encrypted bit in the info field.
2007-08-01the EAPOL-Key MIC must be computed with the MIC bit set.Damien Bergamini
this simplifies ieee80211_eapol_key_mic() and ieee80211_eapol_key_check_mic() quite a bit. set the EAPOL-Key body length before computing the MIC since the MIC is computed with the 802.1X header too. add a missing htons() while i'm here.
2007-08-01KEYACK bit is not set for 4-way handshake messages 2 and 4.Damien Bergamini
it is set in message 3.
2007-08-01cipher suite type for CCMP is 4 not 3.Damien Bergamini
2007-07-28adds functions to parse and to build EAPOL-Key frames used inDamien Bergamini
the 4-way and group-key handshake. the state machine is still missing though so this is not used anywhere yet.
2007-07-28add callbacks that drivers must implement to install/reset keys.Damien Bergamini
add a 64-bit replay counter for sending EAPOL-Key request frames. add a ic_recv_eapol callback to process EAPOL frames. drivers can redefine this callback but net80211 will implement it.
2007-07-28add a couple of fields to the ieee80211_node structure to manage RSNDamien Bergamini
states. those fields will be put in a separate structure (ieee80211_rsna) in a future cleanup phase to save some space. add a ni_port_valid field to manage PAE state. in pre-RSNA networks, this field will be set to 1 after a successful open authentication. in RSNA networks, this field will be set to 1 after a successful 4-way handshake.
2007-07-28extend the ieee80211_key structure with a key identifier, a flags fieldDamien Bergamini
and a 64-bit receive sequence counter (for group keys). add a ieee80211_cipher_keylen() function to retrieve the key length in bytes used by a specific cipher. account for 802.1X header size when computing the Key MIC. some cleanup in comments and variable names while i'm here.
2007-07-28WPA1 uses its own (non-standard) EAPOL-Key descriptor type.Damien Bergamini
Remove a double definition. Add definitions for Key Data Encapsulations.
2007-07-24new function to check the MIC of a received EAPOL-Key frame.Damien Bergamini
2007-07-24use rc4_skip().Damien Bergamini
fix ieee80211_eapol_key_encrypt() so that we don't add more padding bytes than necessary in the case of AES Key Wrap encryption.
2007-07-24remove some unused key derivation functions.Damien Bergamini
we won't support PeerKey handshake in a first time.
2007-07-24remove arc4_ compatibility macros.Damien Bergamini
2007-07-24add functions to compute EAPOL-Key Key MIC fields and to encrypt/decryptDamien Bergamini
EAPOL-Key Data fields.
2007-07-24add ic_globalcnt to struct ieee80211com:Damien Bergamini
in an RSNA, each STA must maintain a 256-bit global key counter that must be initialized to a random value (see 8.5.7).
2007-07-24cleanup definition of struct ieee80211_eapol_key.Damien Bergamini
prepend 802.1X header. use byte-arrays to prevent access to unaligned fields.