aboutsummaryrefslogtreecommitdiffstats
path: root/src/rsn_supp
Commit message (Collapse)AuthorAgeFilesLines
* Improved 'make install' (use BINDIR/LIBDIR, install shared objects)Daniel Mierswa2009-02-151-0/+3
| | | | (cherry picked from commit d94d4bafbb43699d323d6f6e3e404000b3f0a7b4)
* Add Key Length field into IGTK sub-element (FTIE) per 802.11w/D7.0Jouni Malinen2008-12-261-3/+9
|
* WPS: Moved mac_addr and uuid configuration into wps_contextJouni Malinen2008-11-281-1/+0
| | | | | There is no need to complicate EAPOL and EAP interfaces with WPS specific parameters now that wps_context is passed through.
* Added preliminary Wi-Fi Protected Setup (WPS) implementationJouni Malinen2008-11-231-0/+1
| | | | | | | | | | | | | This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
* Fixed canceling of PMKSA caching with driver generated RSN IEJouni Malinen2008-11-211-1/+1
| | | | | | | | | | | | | | It looks like some Windows NDIS drivers (e.g., Intel) do not clear the PMKID list even when wpa_supplicant explicitly sets the list to be empty. In such a case, the driver ends up trying to use PMKSA caching with the AP and wpa_supplicant may not have the PMK that would be needed to complete 4-way handshake. RSN processing already had some code for aborting PMKSA caching by sending EAPOL-Start. However, this was not triggered in this particular case where the driver generates the RSN IE. With this change, this case is included, too, and the failed PMKSA caching attempt is cleanly canceled and wpa_supplicant can fall back to full EAP authentication.
* Added support for enforcing frequent PTK rekeyingJouni Malinen2008-11-063-1/+20
| | | | | | | | | | | | Added a new configuration option, wpa_ptk_rekey, that can be used to enforce frequent PTK rekeying, e.g., to mitigate some attacks against TKIP deficiencies. This can be set either by the Authenticator (to initiate periodic 4-way handshake to rekey PTK) or by the Supplicant (to request Authenticator to rekey PTK). With both wpa_ptk_rekey and wpa_group_rekey (in hostapd) set to 600, TKIP keys will not be used for more than 10 minutes which may make some attacks against TKIP more difficult to implement.
* MFP + FT: Added support for sending IGTK in FTIEJouni Malinen2008-09-011-73/+146
|
* Added support for using SHA256-based stronger key derivation for WPA2Jouni Malinen2008-08-317-51/+101
| | | | | | IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new AKMPs and clean up AKMP processing with helper functions in defs.h.
* Updated MFP defines based on IEEE 802.11w/D6.0 and use new MFPC/MFPRJouni Malinen2008-08-302-2/+2
| | | | | | | This adds most of the new frame format and identifier definitions from IEEE 802.11w/D6.0. In addition, the RSN IE capability field values for MFP is replaced with the new two-bit version with MFPC (capable) and MFPR (required) processing.
* IEEE Std 802.11r-2008 has been released, so update referencesJouni Malinen2008-08-151-1/+1
|
* Fixed opportunistic key caching (OKC)Jouni Malinen2008-08-031-1/+2
| | | | | | | | | | wpa_sm_set_config() can be called even if the network block does not change. However, the previous version ended up calling pmksa_cache_notify_reconfig() every time and this cleared the network context from PMKSA cache entries. This prevented OKC from ever being used. Do not call pmksa_cache_notify_reconfig() if the network context remains unchanged to allow OKC to be used.
* Make proactive key caching working againMichael Bernhard2008-07-061-1/+2
| | | | | | | | | | | | | | | Function 'wpa_sm_set_config' used the argument 'config' as the network context which is a pointer to a local variable of the function 'wpa_supplicant_rsn_supp_set_config'. This is one reason why no proactive key was generated. This network context never matched with the network context saved in the pmksa cache entries. The structure 'rsn_supp_config' has already a member 'network_ctx' which is now filled in by this patch with 'ssid'. Signed-off-by: Michael Bernhard <michael.bernhard@bfh.ch>
* Fixed race condition between disassociation event and group key handshakeJouni Malinen2008-06-093-17/+0
| | | | | | | | | | | This avoids getting stuck in state where wpa_supplicant has canceled scans, but the driver is actually in disassociated state. The previously used code that controlled scan timeout from WPA module is not really needed anymore (and has not been needed for past four years since authentication timeout was separated from scan request timeout), so this can simply be removed to resolved the race condition. As an extra bonus, this simplifies the interface to WPA module. [Bug 261]
* Read Michael MIC keys through TK2 union instead of offset from TK1Jouni Malinen2008-06-051-2/+2
| | | | | | This gets rid of potential warnings about buffer bounds errors. The earlier code works fine, but it is not the cleanest way of using the struct wpa_ptk definition for TK1/TK2.
* Introduced new helper function is_zero_ether_addr()Jouni Malinen2008-06-032-4/+2
| | | | | Use this inline function to replace os_memcmp(addr, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0.
* FT: Use correct BSSID when deriving PTK and verifying MICJouni Malinen2008-03-122-5/+6
| | | | | | | The old version was using struct wpa_sm::bssid which is not necessarily updated to point to the correct target address when doing over-the-air FT since the address is used before the association has actually been completed.
* Delete PTK SA on (re)association if this is not part of a Fast BSSJouni Malinen2008-03-121-3/+15
| | | | | | | Transition. This fixes a potential issue where an incorrectly behaving AP could send a group key update using the old (now invalid after reassociate) PTK. This could also happen if there is a race condition between reporting received EAPOL frames and association events.
* Silence gcc 4.3.0 warnings about invalid array indexesJouni Malinen2008-03-121-2/+3
|
* Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 releaseJouni Malinen2008-02-2814-0/+6786