From 792a7af405f1bcd074df2d192736f0ff71180ce6 Mon Sep 17 00:00:00 2001 From: Damien Bergamini Date: Wed, 16 Apr 2008 18:32:16 +0000 Subject: Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard. Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols. This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported. In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes. The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4) The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher wpa-psk(8) can be used to generate keys from passphrases. tested by many@ ok deraadt@ --- sys/net80211/ieee80211_node.h | 39 +++++++++++++++++++++++---------------- 1 file changed, 23 insertions(+), 16 deletions(-) (limited to 'sys/net80211/ieee80211_node.h') diff --git a/sys/net80211/ieee80211_node.h b/sys/net80211/ieee80211_node.h index f7d971a78e9..4cb40c5d397 100644 --- a/sys/net80211/ieee80211_node.h +++ b/sys/net80211/ieee80211_node.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ieee80211_node.h,v 1.25 2007/11/03 14:59:55 mglocker Exp $ */ +/* $OpenBSD: ieee80211_node.h,v 1.26 2008/04/16 18:32:15 damien Exp $ */ /* $NetBSD: ieee80211_node.h,v 1.9 2004/04/30 22:57:32 dyoung Exp $ */ /*- @@ -65,8 +65,9 @@ enum ieee80211_node_state { (__ni)->ni_state = (__state); \ } while (0) -/* RSNA Authenticator state machine (see 8.5.6). */ +/* Authenticator state machine: 4-Way Handshake (see 8.5.6.1.1) */ enum { + RSNA_INITIALIZE, RSNA_AUTHENTICATION, RSNA_AUTHENTICATION_2, RSNA_INITPMK, @@ -77,15 +78,15 @@ enum { RSNA_PTKINITNEGOTIATING, RSNA_PTKINITDONE, RSNA_DISCONNECT, - RSNA_DISCONNECTED, - RSNA_INITIALIZE, + RSNA_DISCONNECTED +}; + +/* Authenticator state machine: Group Key Handshake (see 8.5.6.1.2) */ +enum { RSNA_IDLE, RSNA_REKEYNEGOTIATING, - RSNA_KEYERROR, RSNA_REKEYESTABLISHED, - RSNA_GTK_INIT, - RSNA_SETKEYSDONE, - RSNA_SETKEYS + RSNA_KEYERROR }; /* @@ -97,6 +98,8 @@ enum { struct ieee80211_node { RB_ENTRY(ieee80211_node) ni_node; + struct ieee80211com *ni_ic; /* back-pointer */ + u_int ni_refcnt; u_int ni_scangen; /* gen# for timeout scan */ @@ -137,22 +140,25 @@ struct ieee80211_node { /* RSN */ u_int ni_rsn_state; - u_int ni_rsn_tocnt; - u_int ni_group_cipher; - enum ieee80211_cipher ni_pairwise_cipher; - u_int ni_pairwise_cipherset; - enum ieee80211_akm ni_akm; - u_int ni_akmset; + u_int ni_rsn_gstate; + u_int ni_rsn_retries; + struct timeout ni_rsn_timeout; + u_int ni_rsnprotos; + u_int ni_rsnakms; + u_int ni_rsnciphers; + enum ieee80211_cipher ni_rsngroupcipher; u_int16_t ni_rsncaps; - int ni_port_valid; - u_int8_t ni_eapol_desc; + enum ieee80211_cipher ni_rsncipher; u_int8_t ni_nonce[EAPOL_KEY_NONCE_LEN]; u_int64_t ni_replaycnt; u_int8_t ni_replaycnt_ok; + u_int64_t ni_reqreplaycnt; + u_int8_t ni_reqreplaycnt_ok; u_int8_t *ni_rsnie; struct ieee80211_key ni_pairwise_key; struct ieee80211_ptk ni_ptk; u_int8_t ni_key_count; + int ni_port_valid; /* others */ u_int16_t ni_associd; /* assoc response */ @@ -168,6 +174,7 @@ struct ieee80211_node { u_int8_t ni_flags; /* special-purpose state */ #define IEEE80211_NODE_ERP 0x01 #define IEEE80211_NODE_QOS 0x02 +#define IEEE80211_NODE_REKEY 0x04 }; RB_HEAD(ieee80211_tree, ieee80211_node); -- cgit v1.2.3