| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
|
| |
|
|
|
| |
Now all there TPK handshake messages are sent in similar functions
and are easier to find from the source code.
|
| |
|
|
|
|
| |
This allows the same code path to be used for both protected and
unprotected configurations to limit need for duplicated code in
both the driver and wpa_supplicant.
|
| |
|
|
|
|
|
|
| |
This adds code for validating that the same Key Lifetime is used
throughout TPK handshake and enables TPK lifetime expiration and
renewal/teardown. These part seem to be working, but the actual
handling of TDLS Setup Confirm and renewal are not fully
functional yet.
|
| |
|
|
|
|
|
| |
tdls_testing bits:
bit 3 = use short TPK lifetime (301 seconds)
bit 4 = use wrong TPK lifetime in TDLS Setup Response
bit 5 = use wrong TPK lifetime in TDLS Setup Confirm
|
| |
|
|
|
| |
Since the TDLS links are allowed only to STAs that are in the same
BSS with us, clear all peer data whenever the BSS may have changed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These special test cases can be configured at run time with "wpa_cli
tdls_testing <value>" where <value> is an integer (either as a decimal
or as a hex value with 0x prefix) bitmap of special features with
following bits available at this point:
bit 0 = long frame (add dummy subelement to make FTIE very long)
bit 1 = use alternative RSN IE (different RSN capab value and no extra
replay counters)
bit 2 = send incorrect BSSID in Link Identifier of TDLS Setup Request
(e.g., 1 = long FTIE, 2 = different RSN IE, 3 = both of those)
This is disabled by default and can be enabled for the build by
adding the following line to .config:
CFLAGS += -DCONFIG_TDLS_TESTING
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This converts number of debugging messages to use wpa_msg() in order
to allow the interface name to be shown with the messages.
A new function, wpa_dbg(), is introduced to allow
CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is
otherwise identical with wpa_msg(), but it gets compiled out if stdout
debugging is disabled.
|
| | |
|
| |
|
|
|
|
|
|
| |
Previously, both NULL and ff:ff:ff:ff:ff:ff addr were used in various
places to indicate default/broadcast keys. Make this more consistent
and useful by defining NULL to mean default key (i.e., used both for
unicast and broadcast) and ff:ff:ff:ff:ff:ff to indicate broadcast
key (i.e., used only with broadcast).
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a new wrapper, random_get_bytes(), that is currently
defined to use os_get_random() as is. The places using
random_get_bytes() depend on the returned value being strong random
number, i.e., something that is infeasible for external device to
figure out. These values are used either directly as a key or as
nonces/challenges that are used as input for key derivation or
authentication.
The remaining direct uses of os_get_random() do not need as strong
random numbers to function correctly.
|
| |
|
|
|
|
| |
There is no point in maintaining two almost identical versions
of this parser. Move WPA IE parser into wpa_common.c similarly
to what was already the case with RSN IE parse.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Commit c5b26e33c1829c62c3b5872865ca202f6c42436e broke the processing
of the candidate list entries when an old entry was either removed or
reused. The entry needs to be removed from the list to avoid leaving
pointers to freed memory.
http://bugs.gentoo.org/show_bug.cgi?id=330085
http://w1.fi/bugz/show_bug.cgi?id=372
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 83935317a78fb4157eb6e5134527b9311dbf7b8c added forced
disconnection in case of 4-way handshake failures. However, it should
not have changed the case where the supplicant is requesting fallback
to full EAP authentication if the PMKID in EAPOL-Key message 1/4 is
not know. This case needs to send an EAPOL-Start frame instead of
EAPOL-Key message 2/4.
This works around a problem with APs that try to force PMKSA caching
even when the client does not include PMKID in (re)association request
frame to request it. [Bug 355]
|
| |
|
|
|
|
| |
There are no subdirectories in any of these directories or plans
for adding ones. As such, there is no point in running the loop
that does not do anything and can cause problems with some shells.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
IEEE Std 802.11r-2008 requires that the message 2 includes FTIE and
MDIE from the AP's (Re)Association Response frame in the Key Data
field.
|
| |
|
|
|
|
|
|
| |
Instead of parsing the IEs in the callers, use the already existing
parser in wpa_ft.c to handle MDIE and FTIE from initial MD association
response. In addition, this provides more complete access to association
response IEs to FT code which will be needed to fix FT 4-way handshake
message 2/4.
|
| | |
|
| | |
|
| |
|
|
|
| |
This field needs to be copied from the scan results for the AP
per IEEE Std 802.11r-2008, 11A.4.2.
|
| |
|
|
|
|
|
| |
This sets the FT Capability and Policy field in the MDIE to the values
received from the target AP (if available). This fixes the MDIE contents
during FT Protocol, but the correct value may not yet be used in initial
mobility domain association.
|
| |
|
|
| |
This is a mandatory subelement per IEEE Std 802.11r-2008, 11A.8.4.
|
| | |
|
| |
|
|
|
| |
The Key Info field was changed from 1-octet field to 2-octet field
in 802.11r/D7.0, but that had not been updated in the implementation.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
IEEE Std 802.11r-2008, 11A.4.2 describes FT initial mobility domain
association in an RSN to include PMKR1Name in the PMKID-List field
in RSN IE in messages 2/4 and 3/4. This makes the RSN IE not be
bitwise identical with the values used in Beacon, Probe Response,
(Re)association Request frames.
The previous versions of wpa_supplicant and hostapd did not add the
PMKR1Name value in EAPOL-Key frame and did not accept it if added
(due to bitwise comparison of RSN IEs). This commit fixes the
implementation to be compliant with the standard by adding the
PMKR1Name value into EAPOL-Key messages during FT 4-Way Handshake and
by verifying that the received value matches with the value derived
locally.
This breaks interoperability with previous wpa_supplicant/hostapd
versions.
|
| |
|
|
| |
This drops PTK and PMK without notifying the AP.
|
| | |
|
| |
|
|
|
| |
This fixed FT-over-DS to end up in Authorized state when the EAPOL
PAE state machine re-enters AUTHENTICATED.
|
| |
|
|
|
|
| |
This can be used with FT-over-DS where FT Action frame exchange
triggers transition to State 2 (authenticated) without Authentication
frame exchange.
|
| |
|
|
|
|
|
| |
If the PTK configuration prior to association fails, allow reassociation
attempt to continue and configure PTK after association. This is a
workaround for drivers that do not allow PTK to be configured before
association (e.g., current cfg80211/mac80211).
|
| |
|
|
|
|
| |
This avoids potential use of uninitialized stack memory when printing
out peer address based on SMK error message that does not include the
MAC address.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.
|
| |
|
|
|
|
|
|
|
|
| |
This makes it clearer which files are including header from src/common.
Some of these cases should probably be cleaned up in the future not to
do that.
In addition, src/common/nl80211_copy.h and wireless_copy.h were moved
into src/drivers since they are only used by driver wrappers and do not
need to live in src/common.
|
| |
|
|
|
|
| |
This avoids passing the raw scan results into the RSN code and by
doing so, removes the only dependency on src/drivers from the
src/rsn_supp code (or from any src subdirectory for that matter).
|
| |
|
|
|
| |
Clean up definitions to reduce need to include header files from the
hostapd directory into files under the src subdirectories.
|
| | |
|
| |
|
|
| |
This can now fail, e.g., if trying to use TKIP in FIPS mode.
|
| | |
|
