Commit Graph

26 Commits

Author SHA1 Message Date
Jouni Malinen
0382097ef3 Use set_key addr to distinguish default and multicast keys
Previously, both NULL and ff:ff:ff:ff:ff:ff addr were used in various
places to indicate default/broadcast keys. Make this more consistent
and useful by defining NULL to mean default key (i.e., used both for
unicast and broadcast) and ff:ff:ff:ff:ff:ff to indicate broadcast
key (i.e., used only with broadcast).
2011-01-09 19:44:28 +02:00
Jouni Malinen
3642c4313a Annotate places depending on strong random numbers
This commit adds a new wrapper, random_get_bytes(), that is currently
defined to use os_get_random() as is. The places using
random_get_bytes() depend on the returned value being strong random
number, i.e., something that is infeasible for external device to
figure out. These values are used either directly as a key or as
nonces/challenges that are used as input for key derivation or
authentication.

The remaining direct uses of os_get_random() do not need as strong
random numbers to function correctly.
2010-11-24 01:05:20 +02:00
Jouni Malinen
55046414b1 FT: Copy MDIE and FTIE from (Re)Association Response into EAPOL-Key 2/4
IEEE Std 802.11r-2008 requires that the message 2 includes FTIE and
MDIE from the AP's (Re)Association Response frame in the Key Data
field.
2010-04-10 16:48:40 +03:00
Jouni Malinen
e7846b6859 FT: Clean up wpa_sm_set_ft_params() by using common parse
Instead of parsing the IEs in the callers, use the already existing
parser in wpa_ft.c to handle MDIE and FTIE from initial MD association
response. In addition, this provides more complete access to association
response IEs to FT code which will be needed to fix FT 4-way handshake
message 2/4.
2010-04-10 11:36:35 +03:00
Jouni Malinen
8aaf894de2 FT: Validate protect IE count in FTIE MIC Control 2010-04-09 17:08:16 +03:00
Jouni Malinen
148fb67d5e FT: Validate SNonce and ANonce values during FT Protocol in supplicant 2010-04-09 17:02:13 +03:00
Jouni Malinen
f4ec630d1b FT: Set FT Capability and Policy properly in MDIE during initial MD assoc
This field needs to be copied from the scan results for the AP
per IEEE Std 802.11r-2008, 11A.4.2.
2010-04-09 16:41:57 +03:00
Jouni Malinen
76b7981d07 FT: Copy FT Capability and Policy to MDIE from target AP
This sets the FT Capability and Policy field in the MDIE to the values
received from the target AP (if available). This fixes the MDIE contents
during FT Protocol, but the correct value may not yet be used in initial
mobility domain association.
2010-04-09 16:26:20 +03:00
Jouni Malinen
3db6531436 FT: Add R1KH-ID into FT auth seq 3rd message (Reassoc Req)
This is a mandatory subelement per IEEE Std 802.11r-2008, 11A.8.4.
2010-04-09 16:08:50 +03:00
Jouni Malinen
39eb4d0877 FT: Fix GTK subelement format in FTIE
The Key Info field was changed from 1-octet field to 2-octet field
in 802.11r/D7.0, but that had not been updated in the implementation.
2010-04-07 23:57:39 +03:00
Jouni Malinen
26e23750b9 FT: Fix FT 4-Way Handshake to include PMKR1Name in messages 2 and 3
IEEE Std 802.11r-2008, 11A.4.2 describes FT initial mobility domain
association in an RSN to include PMKR1Name in the PMKID-List field
in RSN IE in messages 2/4 and 3/4. This makes the RSN IE not be
bitwise identical with the values used in Beacon, Probe Response,
(Re)association Request frames.

The previous versions of wpa_supplicant and hostapd did not add the
PMKR1Name value in EAPOL-Key frame and did not accept it if added
(due to bitwise comparison of RSN IEs). This commit fixes the
implementation to be compliant with the standard by adding the
PMKR1Name value into EAPOL-Key messages during FT 4-Way Handshake and
by verifying that the received value matches with the value derived
locally.

This breaks interoperability with previous wpa_supplicant/hostapd
versions.
2010-04-07 21:04:13 +03:00
Jouni Malinen
2a7e7f4e4a FT: Add driver op for marking a STA authenticated
This can be used with FT-over-DS where FT Action frame exchange
triggers transition to State 2 (authenticated) without Authentication
frame exchange.
2010-03-13 18:28:15 +02:00
Jouni Malinen
86f7b62a33 FT: Add a workaround to set PTK after reassociation
If the PTK configuration prior to association fails, allow reassociation
attempt to continue and configure PTK after association. This is a
workaround for drivers that do not allow PTK to be configured before
association (e.g., current cfg80211/mac80211).
2010-03-13 17:15:38 +02:00
Jouni Malinen
719347511a Get rid of unnecessary typedefs for enums. 2009-12-26 10:35:08 +02:00
Jouni Malinen
03da66bd59 Remove src/crypto from default include path
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.
2009-11-29 23:04:43 +02:00
Jouni Malinen
90973fb2fd Remove src/common from default header file path
This makes it clearer which files are including header from src/common.
Some of these cases should probably be cleaned up in the future not to
do that.

In addition, src/common/nl80211_copy.h and wireless_copy.h were moved
into src/drivers since they are only used by driver wrappers and do not
need to live in src/common.
2009-11-29 17:51:55 +02:00
Jouni Malinen
c0a6190815 Fix SHA-256-based KDF when using CCMP as the pairwise cipher
IEEE 802.11r KDF uses key length in the derivation and as such, the PTK
length must be specified correctly. The previous version was deriving
using 512-bit PTK regardless of the negotiated cipher suite; this works
for TKIP, but not for CCMP. Update the code to use proper PTK length
based on the pairwise cipher.

This fixed PTK derivation for both IEEE 802.11r and IEEE 802.11w (when
using AKMP that specifies SHA-256-based key derivation). The fixed
version does not interoperate with the previous versions. [Bug 307]
2009-04-01 12:04:36 +03:00
Jouni Malinen
f238cf9f42 FT: Add RIC Request processing and RIC Response generation
hostapd will now go through the RIC Request and process each RDIE. Only
WMM TSPEC requests are currently supported; all other request
descriptors will be declined.

RIC Response is written by hostapd and verified by wpa_supplicant (MIC
validation). wpa_supplicant does not yet have code to notify the driver
about the resource request results.
2009-03-09 22:25:58 +02:00
Jouni Malinen
babfbf15cc FT: Add RIC Request generation and validation (but not processing)
This adds first part of FT resource request as part of Reassocition
Request frame (i.e., FT Protocol, not FT Resource Request Protocol).
wpa_supplicant can generate a test resource request when driver_test.c
is used with internal MLME code and hostapd can verify the FTIE MIC
properly with the included RIC Request.

The actual RIC Request IEs are not processed yet and hostapd does not
yet reply with RIC Response (nor would wpa_supplicant be able to
validate the FTIE MIC for a frame with RIC Response).
2009-03-09 20:45:17 +02:00
Jouni Malinen
ff89afb77b Add Key Length field into IGTK sub-element (FTIE) per 802.11w/D7.0 2008-12-26 12:49:15 +02:00
Jouni Malinen
b27f13ed28 MFP + FT: Added support for sending IGTK in FTIE 2008-09-01 11:00:59 +03:00
Jouni Malinen
0b60b0aaad Updated MFP defines based on IEEE 802.11w/D6.0 and use new MFPC/MFPR
This adds most of the new frame format and identifier definitions from IEEE
802.11w/D6.0. In addition, the RSN IE capability field values for MFP is
replaced with the new two-bit version with MFPC (capable) and MFPR
(required) processing.
2008-08-30 14:59:39 +03:00
Jouni Malinen
c1e033b0bb IEEE Std 802.11r-2008 has been released, so update references 2008-08-15 11:25:24 +03:00
Jouni Malinen
658d166297 FT: Use correct BSSID when deriving PTK and verifying MIC
The old version was using struct wpa_sm::bssid which is not necessarily
updated to point to the correct target address when doing over-the-air FT
since the address is used before the association has actually been
completed.
2008-03-12 11:20:20 +02:00
Jouni Malinen
ccfab35a6a Silence gcc 4.3.0 warnings about invalid array indexes 2008-03-12 09:33:18 +02:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00