path: root/src/ap/wpa_auth_glue.c
Commit message (Collapse)AuthorAgeFilesLines
* SAE-PK: AP functionalityJouni Malinen4 days1-0/+3
| | | | | | | | This adds AP side functionality for SAE-PK. The new sae_password configuration parameters can now be used to enable SAE-PK mode whenever SAE is enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OCV: Allow OCI channel to be overridden for testing (AP)Jouni Malinen8 days1-0/+5
| | | | | | | | | Add hostapd configuration parameters oci_freq_override_* to allow the OCI channel information to be overridden for various frames for testing purposes. This can be set in the configuration and also updated during the runtime of a BSS. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OCV: Report validation errors for EAPOL-Key messages in AP modeJouni Malinen13 days1-0/+1
| | | | | | | Add the OCV-FAILURE control interface event to notify upper layers of OCV validation issues in EAPOL-Key msg 2/4 and group 2/2. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Rename WPA_ALG_IGTK to use the correct cipher name for BIPJouni Malinen2020-05-161-1/+1
| | | | | | | | | IGTK is the key that is used a BIP cipher. WPA_ALG_IGTK was the historical name used for this enum value when only the AES-128-CMAC based BIP algorithm was supported. Rename this to match the style used with the other BIP options. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Extend RESET_PN for BIGTKJohannes Berg2020-05-161-5/+13
| | | | | | | Extend the RESET_PN command to allow resetting the BIGTK PN for testing. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* WPA auth: Convert Boolean to C99 boolJouni Malinen2020-04-241-4/+3
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Testing override for RSNXE Used subfield in FTE (AP)Jouni Malinen2020-04-161-0/+1
| | | | | | | | Allow hostapd to be requested to override the RSNXE Used subfield in FT reassociation case for testing purposes with "ft_rsnxe_used=<0/1/2>" where 0 = no override, 1 = override to 1, and 2 = override to 0. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Remove and re-add STA entry after FT protocol success with PMFJouni Malinen2020-04-041-0/+29
| | | | | | | | | | Allow STA entry to be removed and re-added to the driver with PMF is used with FT. Previously, this case resulted in cfg80211 rejecting STA entry update after successful FT protocol use if the association had not been dropped and it could not be dropped for the PMF case in handle_auth(). Signed-off-by: Jouni Malinen <j@w1.fi>
* DPP2: Allow AP to require or reject PFSJouni Malinen2020-03-281-0/+3
| | | | | | | | | | The new hostapd configuration parameter dpp_pfs can be used to specify how PFS is applied to associations. The default behavior (dpp_pfs=0) remains same as it was previously, i.e., allow the station to decide whether to use PFS. PFS use can now be required (dpp_pfs=1) or rejected (dpp_pfs=2). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Allow hostapd AP to advertise Transition Disable KDEJouni Malinen2020-03-251-0/+1
| | | | | | | | | The new hostapd configuration parameter transition_disable can now be used to configure the AP to advertise that use of a transition mode is disabled. This allows stations to automatically disable transition mode by disabling less secure network profile parameters. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* AP: Support Extended Key IDAlexander Wetzel2020-03-231-1/+12
| | | | | | | | | | | Support Extended Key ID in hostapd according to IEEE Std 802.11-2016. Extended Key ID allows to rekey pairwise keys without the otherwise unavoidable MPDU losses on a busy link. The standard is fully backward compatible, allowing an AP to serve STAs with and without Extended Key ID support in the same BSS. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
* Allow RSNE/RSNXE to be replaced in FT protocol Reassocation Response frameJouni Malinen2020-03-151-0/+18
| | | | | | | This can be used to test station side behavior for FT protocol validation steps. Signed-off-by: Jouni Malinen <j@w1.fi>
* Allow RSNE in EAPOL-Key msg 3/4 to be replaced for testing purposesJouni Malinen2020-03-071-0/+9
| | | | | | | | | | | The new hostapd configuration parameter rsne_override_eapol can now be used similarly to the previously added rsnxe_override_eapol to override (replace contents or remove) RSNE in EAPOL-Key msg 3/4. This can be used for station protocol testing to verify sufficient checks for RSNE modification between the Beacon/Probe Response frames and EAPOL-Key msg 3/4. Signed-off-by: Jouni Malinen <j@w1.fi>
* Extend hostapd rsnxe_override_eapol to allow IE removalJouni Malinen2020-03-071-0/+1
| | | | | | | | | | | | Previous implementation was determining whether the override value was set based on its length being larger than zero. Replace this with an explicit indication of whether the parameter is set to allow zero length replacement, i.e., remove of RSNXE from EAPOL-Key msg 3/4. In addition, move IE replacement into a more generic helper function to allow this to be used with other IEs as well. Signed-off-by: Jouni Malinen <j@w1.fi>
* AP: Allow PTK rekeying without Ext KeyID to be disabled as a workaroundAlexander Wetzel2020-02-231-0/+10
| | | | | | | | | | | | | | | Rekeying a pairwise key using only keyid 0 (PTK0 rekey) has many broken implementations and should be avoided when using or interacting with one. The effects can be triggered by either end of the connection and range from hardly noticeable disconnects over long connection freezes up to leaking clear text MPDUs. To allow affected users to mitigate the issues, add a new hostapd configuration option "wpa_deny_ptk0_rekey" to replace all PTK0 rekeys with disconnection. This requires the station to reassociate to get connected again and as such, can result in connectivity issues as well. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
* hostapd configuration for Beacon protectionJouni Malinen2020-02-171-0/+1
| | | | | | | Add a new hostapd configuration parameter beacon_prot=<0/1> to allow Beacon protection to be enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Special test mode sae_pwe=3 for looping with password identifierJouni Malinen2020-02-101-1/+1
| | | | | | | | | | The new sae_pwe=3 mode can be used to test non-compliant behavior with SAE Password Identifiers. This can be used to force use of hunting-and-pecking loop for PWE derivation when Password Identifier is used. This is not allowed by the standard and as such, this functionality is aimed at compliance testing. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* OWE: PTK derivation workaround in AP modeJouni Malinen2020-01-231-0/+3
| | | | | | | | | | | | | | | Initial OWE implementation used SHA256 when deriving the PTK for all OWE groups. This was supposed to change to SHA384 for group 20 and SHA512 for group 21. The new owe_ptk_workaround parameter can be used to enable workaround for interoperability with stations that use SHA256 with groups 20 and 21. By default, only the appropriate hash function is accepted. When workaround is enabled (owe_ptk_workaround=1), the appropriate hash function is tried first and if that fails, SHA256-based PTK derivation is attempted. This workaround can result in reduced security for groups 20 and 21, but is required for interoperability with older implementations. There is no impact to group 19 behavior. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Use H2E whenever Password Identifier is usedJouni Malinen2020-01-211-0/+7
| | | | | | | | | | IEEE P802.11-REVmd was modified to require H2E to be used whenever Password Identifier is used with SAE. See this document for more details of the approved changes: https://mentor.ieee.org/802.11/dcn/19/11-19-2154-02-000m-sae-anti-clogging-token.docx Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Introduce and add key_flagAlexander Wetzel2020-01-091-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add the new set_key() parameter "key_flag" to provide more specific description of what type of a key is being configured. This is needed to be able to add support for "Extended Key ID for Individually Addressed Frames" from IEEE Std 802.11-2016. In addition, this may be used to replace the set_tx boolean eventually once all the driver wrappers have moved to using the new key_flag. The following flag are defined: KEY_FLAG_MODIFY Set when an already installed key must be updated. So far the only use-case is changing RX/TX status of installed keys. Must not be set when deleting a key. KEY_FLAG_DEFAULT Set when the key is also a default key. Must not be set when deleting a key. (This is the replacement for set_tx.) KEY_FLAG_RX The key is valid for RX. Must not be set when deleting a key. KEY_FLAG_TX The key is valid for TX. Must not be set when deleting a key. KEY_FLAG_GROUP The key is a broadcast or group key. KEY_FLAG_PAIRWISE The key is a pairwise key. KEY_FLAG_PMK The key is a Pairwise Master Key (PMK). Predefined and needed flag combinations so far are: KEY_FLAG_GROUP_RX_TX WEP key not used as default key (yet). KEY_FLAG_GROUP_RX_TX_DEFAULT Default WEP or WPA-NONE key. KEY_FLAG_GROUP_RX GTK key valid for RX only. KEY_FLAG_GROUP_TX_DEFAULT GTK key valid for TX only, immediately taking over TX. KEY_FLAG_PAIRWISE_RX_TX Pairwise key immediately becoming the active pairwise key. KEY_FLAG_PAIRWISE_RX Pairwise key not yet valid for TX. (Only usable with Extended Key ID support.) KEY_FLAG_PAIRWISE_RX_TX_MODIFY Enable TX for a pairwise key installed with KEY_FLAG_PAIRWISE_RX. KEY_FLAG_RX_TX Not a valid standalone key type and can only used in combination with other flags to mark a key for RX/TX. This commit is not changing any functionality. It just adds the new key_flag to all hostapd/wpa_supplicant set_key() functions without using it, yet. Signed-off-by: Alexander Wetzel <alexander@wetzel-home.de>
* hostapd: Support VLAN offload to the driverGurumoorthi Gnanasambandhan2020-01-081-16/+26
| | | | | | | If the driver supports VLAN offload mechanism with a single netdev, use that instead of separate per-VLAN netdevs. Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
* Add vlan_id to driver set_key() operationGurumoorthi Gnanasambandhan2020-01-081-2/+2
| | | | | | | | This is in preparation for adding support to use a single WLAN netdev with VLAN operations offloaded to the driver. No functional changes are included in this commit. Signed-off-by: Gurumoorthi Gnanasambandhan <gguru@codeaurora.org>
* driver: Remove unused send_ether() driver opJouni Malinen2020-01-051-7/+1
| | | | | | | | This was used only for FT RRB sending with driver_test.c and driver_test.c was removed more than five years ago, so there is no point in continuing to maintain this driver op. Signed-off-by: Jouni Malinen <j@w1.fi>
* Allow testing override for GTK/IGTK RSC from AP to STAJouni Malinen2020-01-041-0/+16
| | | | | | | | | | | | | The new hostapd gtk_rsc_override and igtk_rsc_override configuration parameters can be used to set an override value for the RSC that the AP advertises for STAs for GTK/IGTK. The contents of those parameters is a hexdump of the RSC in little endian byte order. This functionality is available only in CONFIG_TESTING_OPTIONS=y builds. This can be used to verify that stations implement initial RSC configuration correctly for GTK/ and IGTK. Signed-off-by: Jouni Malinen <j@w1.fi>
* Make hostapd_drv_send_mlme() more genericJouni Malinen2020-01-031-1/+1
| | | | | | | | | | Merge hostapd_drv_send_mlme_csa() functionality into hostapd_drv_send_mlme() to get a single driver ops handler function for hostapd. In addition, add a new no_encrypt parameter in preparation for functionality that is needed to get rid of the separate send_frame() driver op. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Do not deliver RRB messages locally without matching FT/SSIDJouni Malinen2019-12-291-9/+15
| | | | | | | | | | For FT protocol to work, the BSSs need to be operating an FT AKM with the same SSID and mobility domain. The previous commit covered the mobility domain, this covers the other prerequisites. This reduces unnecessary load from having to allocate queued messages for interfaces that cannot have valid data. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Check mobility domain when sending RRB message to local managed BSSJinglin Wang2019-12-291-0/+4
| | | | | | | | | | | Fast BSS Transition requires related APs operating in the same mobility domain. Therefore, we can check whether the local managed BSS is operating the same mobility domain before sending multicast/unicast messages to it. This reduces unnecessary load from having to allocate queued messages for interfaces that cannot have valid data. Signed-off-by: Jinglin Wang <bryanwang@synology.com> Signed-off-by: MinHong Wang <minhongw@synology.com>
* RRB: More debug prints for local deliveryJouni Malinen2019-12-291-0/+16
| | | | | | | This makes it easier to figure out how frames are delivered directly between BSSs operated within a single hostapd process. Signed-off-by: Jouni Malinen <j@w1.fi>
* RRB: Do not reorder locally delivered messagesJouni Malinen2019-12-291-1/+1
| | | | | | | | | Add new messages to the end of the l2_oui_queue instead of inserting them at the beginning so that the dl_list_for_each_safe() iteration in hostapd_oui_deliver_later() goes through the messages in the same order they were originally queued. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Fix hostapd_wpa_auth_oui_iter() iteration for multicast packetsJinglin Wang2019-12-291-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | When using FT wildcard feature, the inter-AP protocol will send broadcast messages to discover related APs. For example, 12/6 16:24:43 FT: Send PMK-R1 pull request to remote R0KH address ff:ff:ff:ff:ff:ff 12/6 16:24:43 FT: Send out sequence number request to ff:ff:ff:ff:ff:ff If you have multiple interfaces/BSSs in a single hostapd process, hostapd_wpa_auth_oui_iter() returned 1 after the first interface was processed. Iteration in for_each_interface() will be stopped since it gets a non-zero return value from hostapd_wpa_auth_oui_iter(). Even worse, the packet will not be sent to ethernet because for_each_interface() returns non-zero value. hostapd_wpa_auth_send_oui() will then return data_len immediately. To prevent this, hostapd_wpa_auth_oui_iter() should not return 1 after any successful transmission to other interfaces, if the dst_addr of packet is a multicast address. Signed-off-by: Jinglin Wang <bryanwang@synology.com> Signed-off-by: MinHong Wang <minhongw@synology.com>
* SAE H2E: RSNXE override in EAPOL-Key msg 3/4Jouni Malinen2019-12-071-0/+8
| | | | | | | | This new hostapd configuration parameter rsnxe_override_eapol=<hexdump> can be used to override RSNXE value in EAPOL-Key msg 3/4 for testing purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* nl80211: Add STA node details in AP through QCA vendor subcommandShiva Sankar Gajula2019-10-251-2/+12
| | | | | | | | Addi STA node details in AP through QCA vendor subcommand QCA_NL80211_VENDOR_SUBCMD_ADD_STA_NODE vendor when processing FT protocol roaming. Signed-off-by: Shiva Sankar Gajula <sgajula@codeaurora.org>
* SAE: Add sae_pwe configuration parameter for hostapdJouni Malinen2019-10-151-0/+1
| | | | | | | | This parameter can be used to specify which PWE derivation mechanism(s) is enabled. This commit is only introducing the new parameter; actual use of it will be address in separate commits. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Remove CONFIG_IEEE80211W build parameterJouni Malinen2019-09-081-6/+0
| | | | | | | | | Hardcode this to be defined and remove the separate build options for PMF since this functionality is needed with large number of newer protocol extensions and is also something that should be enabled in all WPA2/WPA3 networks. Signed-off-by: Jouni Malinen <j@w1.fi>
* macsec: Do not change eapol_version for non-MACsec cases in hostapdJouni Malinen2019-06-031-0/+4
| | | | | | | | It is safer to maintain the old EAPOL version (2) in EAPOL frames that are not related to MACsec and only update the version to 3 for the MACsec specific cases. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* VLAN assignment based on used WPA/WPA2 passphrase/PSKJouni Malinen2019-02-141-2/+49
| | | | | | | | | | | | Extend wpa_psk_file to allow an optional VLAN ID to be specified with "vlanid=<VLAN ID>" prefix on the line. If VLAN ID is specified and the particular wpa_psk_file entry is used for a station, that station is bound to the specified VLAN. This can be used to operate a single WPA2-Personal BSS with multiple VLANs based on the used passphrase/PSK. This is similar to the WPA2-Enterprise case where the RADIUS server can assign stations to different VLANs. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FT: Allow STA entry to be removed/re-added with FT-over-the-DSJouni Malinen2019-01-041-0/+6
| | | | | | | | | | | | | | FT-over-the-DS has a special case where the STA entry (and as such, the TK) has not yet been configured to the driver depending on which driver interface is used. For that case, allow add-STA operation to be used (instead of set-STA). This is needed to allow mac80211-based drivers to accept the STA parameter configuration. Since this is after a new FT-over-DS exchange, a new TK has been derived after the last STA entry was added to the driver, so key reinstallation is not a concern for this case. Fixes: 0e3bd7ac684a ("hostapd: Avoid key reinstallation in FT handshake") Signed-off-by: Jouni Malinen <j@w1.fi>
* OCV: Add function to derive Tx parameters to a specific STAMathy Vanhoef2018-12-171-0/+26
| | | | | | | | | | Use the information elements that were present in the (Re)Association Request frame to derive the maximum bandwidth the AP will use to transmit frames to a specific STA. By using this approach, we don't need to query the kernel for this information, and avoid having to add a driver API for that. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* OCV: Advertise OCV capability in RSN capabilities (AP)Mathy Vanhoef2018-12-161-0/+3
| | | | | | | | Set the OCV bit in RSN capabilities (RSNE) based on AP mode configuration. Do the same for OSEN since it follows the RSNE field definitions. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* Make channel_info available to authenticatorMathy Vanhoef2018-12-161-0/+8
| | | | | | | | This adds the necessary functions and callbacks to make the channel_info driver API available to the authenticator state machine that implements the 4-way and group key handshake. This is needed for OCV. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* FT: Add set/get session_timeout callback functionsMichael Braun2018-04-061-0/+46
| | | | | | | These are needed to allow wpa_auth_ft.c to control session_timeout values for STAs. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
* FT: Add set/get identity/radius_cui callback functionsMichael Braun2018-04-061-0/+146
| | | | | | | These are needed to allow wpa_auth_ft.c to control identity/radius_cui values for STAs. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
* FT: Add set_vlan()/get_vlan() callback functionsMichael Braun2018-04-051-0/+54
| | | | | | | These are needed to allow wpa_auth_ft.c to control VLAN assignment for STAs. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
* FT: Add expiration to PMK-R0 and PMK-R1 cacheMichael Braun2018-04-051-0/+1
| | | | | | | | | | | | | | | | | | | IEEE Std 802.11-2016, indicates that the lifetime of the PMK-R0 (and PMK-R1) is bound to the lifetime of PSK or MSK from which the key was derived. This is currently stored in r0_key_lifetime, but cache entries are not actually removed. This commit uses the r0_key_lifetime configuration parameter when wpa_auth_derive_ptk_ft() is called. This may need to be extended to use the MSK lifetime, if provided by an external authentication server, with some future changes. For PSK, there is no such lifetime, but it also matters less as FT-PSK can be achieved without inter-AP communication. The expiration timeout is then passed from R0KH to R1KH. The R1KH verifies that the given timeout for sanity, it may not exceed the locally configured r1_max_key_lifetime. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
* Use correct WPA_ALG_* values to compare for enum wpa_algPurushottam Kushwaha2018-03-121-4/+4
| | | | | | | | | | enum wpa_alg was being compared with WPA_CIPHER_* values. That does not work here and strict compilers will report this as an error. Fix the comparision to use proper WPA_ALG_* values. This fixes testing capability for resetting IPN for BIP. Fixes: 16579769ff7b ("Add testing functionality for resetting PN/IPN for configured keys") Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Add option to require MFP for SAE associationsJouni Malinen2017-12-271-0/+1
| | | | | | | | | | | The new hostapd.conf parameter sae_require_pmf=<0/1> can now be used to enforce negotiation of MFP for all associations that negotiate use of SAE. This is used in cases where SAE-capable devices are known to be MFP-capable and the BSS is configured with optional MFP (ieee80211w=1) for legacy support. The non-SAE stations can connect without MFP while SAE stations are required to negotiate MFP if sae_require_mfp=1. Signed-off-by: Jouni Malinen <j@w1.fi>
* Optional AP side workaround for key reinstallation attacksJouni Malinen2017-10-161-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds a new hostapd configuration parameter wpa_disable_eapol_key_retries=1 that can be used to disable retransmission of EAPOL-Key frames that are used to install keys (EAPOL-Key message 3/4 and group message 1/2). This is similar to setting wpa_group_update_count=1 and wpa_pairwise_update_count=1, but with no impact to message 1/4 retries and with extended timeout for messages 4/4 and group message 2/2 to avoid causing issues with stations that may use aggressive power saving have very long time in replying to the EAPOL-Key messages. This option can be used to work around key reinstallation attacks on the station (supplicant) side in cases those station devices cannot be updated for some reason. By removing the retransmissions the attacker cannot cause key reinstallation with a delayed frame transmission. This is related to the station side vulnerabilities CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, and CVE-2017-13081. This workaround might cause interoperability issues and reduced robustness of key negotiation especially in environments with heavy traffic load due to the number of attempts to perform the key exchange is reduced significantly. As such, this workaround is disabled by default (unless overridden in build configuration). To enable this, set the parameter to 1. It is also possible to enable this in the build by default by adding the following to the build configuration: CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 Signed-off-by: Jouni Malinen <j@w1.fi>
* Add testing functionality for resetting PN/IPN for configured keysJouni Malinen2017-10-161-0/+31
| | | | | | | | | | | | | This can be used to test replay protection. The "RESET_PN" command in wpa_supplicant and "RESET_PN <addr>" command in hostapd resets the local counters to zero for the last configured key. For hostapd, the address parameter specifies which STA this operation is for or selects GTK ("ff:ff:ff:ff:ff:ff") or IGTK ("ff:ff:ff:ff:ff:ff IGTK"). This functionality is for testing purposes and included only in builds with CONFIG_TESTING_OPTIONS=y. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove all PeerKey functionalityJouni Malinen2017-10-151-1/+0
| | | | | | | | | | | | | | | | | | | | | | | | This was originally added to allow the IEEE 802.11 protocol to be tested, but there are no known fully functional implementations based on this nor any known deployments of PeerKey functionality. Furthermore, PeerKey design in the IEEE Std 802.11-2016 standard has already been marked as obsolete for DLS and it is being considered for complete removal in REVmd. This implementation did not really work, so it could not have been used in practice. For example, key configuration was using incorrect algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in mapping to an invalid WPA_ALG_* value for the actual driver operation. As such, the derived key could not have been successfully set for the link. Since there are bugs in this implementation and there does not seem to be any future for the PeerKey design with DLS (TDLS being the future for DLS), the best approach is to simply delete all this code to simplify the EAPOL-Key handling design and to get rid of any potential issues if these code paths were accidentially reachable. Signed-off-by: Jouni Malinen <j@w1.fi>
* OWE: PMKSA caching in AP modeJouni Malinen2017-10-091-0/+11
| | | | | | This extends OWE support in hostapd to allow PMKSA caching to be used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>