aboutsummaryrefslogtreecommitdiffstats
path: root/src/rsn_supp/preauth.c
Commit message (Collapse)AuthorAgeFilesLines
* SAE: Only allow SAE AKMP for PMKSA caching attemptsJouni Malinen2018-04-091-3/+3
| | | | | | | | | | Explicitly check the PMKSA cache entry to have matching SAE AKMP for the case where determining whether to use PMKSA caching instead of new SAE authentication. Previously, only the network context was checked, but a single network configuration profile could be used with both WPA2-PSK and SAE, so should check the AKMP as well. Signed-off-by: Jouni Malinen <j@w1.fi>
* FILS: Add support for Cache Identifier in add/remove PMKSAVidyullatha Kanchanapally2017-04-071-1/+2
| | | | | | | | | Add support for setting and deleting PMKSA cache entries based on FILS Cache Identifer. Also additionally add support for sending PMK as part of SET_PMKSA to enable driver to derive keys in case of FILS shared key offload using PMKSA caching. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Use FILS Cache Identifier to extend PMKSA applicabilityJouni Malinen2017-02-261-1/+1
| | | | | | | | This allows PMKSA cache entries for FILS-enabled BSSs to be shared within an ESS when the BSSs advertise the same FILS Cache Identifier value. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add PMKSA-CACHE-ADDED/REMOVED events to wpa_supplicantJouni Malinen2016-12-121-1/+1
| | | | | | | These allow external program to monitor PMKSA cache updates in preparation to enable external persistent storage of PMKSA cache. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* SAE: Fix PMKID calculation for PMKSA cacheMasashi Honma2016-02-181-1/+1
| | | | | | | | The SAE PMKID is calculated with IEEE Std 802.11-2012 11.3.5.4, but the PMKID was re-calculated with 11.6.1.3 and saved into PMKSA cache. Fix this to save the PMKID calculated with 11.3.5.4 into the PMKSA cache. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Fix wpa_supplicant build with IEEE8021X_EAPOL=y and CONFIG_NO_WPA=yJouni Malinen2016-01-151-2/+2
| | | | | | | | The PMKSA caching and RSN pre-authentication components were marked as conditional on IEEE8021X_EAPOL. However, the empty wrappers are needed also in a case IEEE8021X_EAPOL is defined with CONFIG_NO_WPA. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix resource leaks on rsn_preauth_init() error pathsJouni Malinen2015-01-311-3/+16
| | | | | | | The l2_packet instances were not freed on some of the rsn_preauth_init() error paths. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add Suite B 192-bit AKMJouni Malinen2015-01-261-2/+3
| | | | | | | WPA-EAP-SUITE-B-192 can now be used to select 192-bit level Suite B into use as the key management method. Signed-off-by: Jouni Malinen <j@w1.fi>
* Check os_snprintf() result more consistently - automatic 1Jouni Malinen2014-12-081-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This converts os_snprintf() result validation cases to use os_snprintf_error() where the exact rule used in os_snprintf_error() was used. These changes were done automatically with spatch using the following semantic patch: @@ identifier E1; expression E2,E3,E4,E5,E6; statement S1; @@ ( E1 = os_snprintf(E2, E3, ...); | int E1 = os_snprintf(E2, E3, ...); | if (E5) E1 = os_snprintf(E2, E3, ...); else E1 = os_snprintf(E2, E3, ...); | if (E5) E1 = os_snprintf(E2, E3, ...); else if (E6) E1 = os_snprintf(E2, E3, ...); else E1 = 0; | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else { ... return -1; } | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else if (E6) { ... E1 = os_snprintf(E2, E3, ...); } else { ... return -1; } | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else { ... E1 = os_snprintf(E2, E3, ...); } ) ? os_free(E4); - if (E1 < 0 || \( E1 >= E3 \| (size_t) E1 >= E3 \| (unsigned int) E1 >= E3 \| E1 >= (int) E3 \)) + if (os_snprintf_error(E3, E1)) ( S1 | { ... } ) Signed-off-by: Jouni Malinen <j@w1.fi>
* Suite B: PMKID derivation for AKM 00-0F-AC:11Jouni Malinen2014-11-161-0/+1
| | | | | | | | | The new AKM uses a different mechanism of deriving the PMKID based on KCK instead of PMK. hostapd was already doing this after the KCK had been derived, but wpa_supplicant functionality needs to be moved from processing of EAPOL-Key frame 1/4 to 3/4 to have the KCK available. Signed-off-by: Jouni Malinen <j@w1.fi>
* Suite B: Add AKM 00-0F-AC:11Jouni Malinen2014-11-161-1/+2
| | | | | | | | This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The functionality itself is not yet complete, i.e., this commit only includes parts to negotiate the new AKM. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add a workaround to clanc static analyzer warningJouni Malinen2014-10-111-0/+12
| | | | | | | | dl_list_del() followed by dl_list_add() seemed to confuse clang static analyzer somehow, so explicitly check for the prev pointer to be non-NULL to avoid an incorrect warning. Signed-off-by: Jouni Malinen <j@w1.fi>
* Skip network disabling on expected EAP failureJouni Malinen2014-01-081-4/+6
| | | | | | | | | | Some EAP methods can go through a step that is expected to fail and as such, should not trigger temporary network disabling when processing EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as a special case, but similar behavior is needed for EAP-FAST with unauthenticated provisioning. Signed-hostap: Jouni Malinen <j@w1.fi>
* Remove CONFIG_NO_WPA2 build parameterJouni Malinen2013-06-071-2/+2
| | | | | | | | | | There is not much use for enabling WPA without WPA2 nowadays since most networks have been upgraded to WPA2. Furthermore, the code size savings from disabling just WPA2 are pretty small, so there is not much justification for maintaining this build option. Remove it to get rid of undesired complexity. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove the GPL notification from files contributed by Jouni MalinenJouni Malinen2012-02-111-8/+2
| | | | | | | Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
* Use PMKSA cache entries with only a single network contextJouni Malinen2012-02-041-3/+3
| | | | | | | | When looking for PMKSA cache entries to use with a new association, only accept entries created with the same network block that was used to create the cache entry. Signed-hostap: Jouni Malinen <j@w1.fi>
* Remove unnecessary include file inclusionJouni Malinen2011-11-131-1/+0
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* Fix RSN preauth candidate list clearing to avoid segfaultsDaniel Gryniewicz2010-08-141-1/+4
| | | | | | | | | | Commit c5b26e33c1829c62c3b5872865ca202f6c42436e broke the processing of the candidate list entries when an old entry was either removed or reused. The entry needs to be removed from the list to avoid leaving pointers to freed memory. http://bugs.gentoo.org/show_bug.cgi?id=330085 http://w1.fi/bugz/show_bug.cgi?id=372
* Convert RSN pre-authentication to use struct dl_listJouni Malinen2010-01-061-39/+27
|
* Remove src/common from default header file pathJouni Malinen2009-11-291-1/+1
| | | | | | | | | | This makes it clearer which files are including header from src/common. Some of these cases should probably be cleaned up in the future not to do that. In addition, src/common/nl80211_copy.h and wireless_copy.h were moved into src/drivers since they are only used by driver wrappers and do not need to live in src/common.
* Split scan processing for RSN preauthentication into partsJouni Malinen2009-11-291-39/+37
| | | | | | This avoids passing the raw scan results into the RSN code and by doing so, removes the only dependency on src/drivers from the src/rsn_supp code (or from any src subdirectory for that matter).
* Added a separate ctx pointer for wpa_msg() calls in WPA suppJouni Malinen2009-01-171-16/+16
| | | | | This is needed to allow IBSS RSN to use per-peer context while maintaining support for wpa_msg() calls to get *wpa_s as the pointer.
* WPS: Moved mac_addr and uuid configuration into wps_contextJouni Malinen2008-11-281-1/+0
| | | | | There is no need to complicate EAPOL and EAP interfaces with WPS specific parameters now that wps_context is passed through.
* Added preliminary Wi-Fi Protected Setup (WPS) implementationJouni Malinen2008-11-231-0/+1
| | | | | | | | | | | | | This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
* Added support for using SHA256-based stronger key derivation for WPA2Jouni Malinen2008-08-311-3/+5
| | | | | | IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new AKMPs and clean up AKMP processing with helper functions in defs.h.
* Introduced new helper function is_zero_ether_addr()Jouni Malinen2008-06-031-2/+1
| | | | | Use this inline function to replace os_memcmp(addr, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0.
* Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 releaseJouni Malinen2008-02-281-0/+528