path: root/wpa_supplicant/mesh_rsn.h
Commit message (Collapse)AuthorAgeFilesLines
* mesh: Avoid use of hardcoded cipherJouni Malinen2016-06-191-0/+3
| | | | | | | | | This moves pairwise, group, and management group ciphers to various mesh data structures to avoid having to hardcode cipher in number of places through the code. While CCMP and BIP are still the hardcoded ciphers, these are now set only in one location. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Clean up AMPE element encoding and parsingJouni Malinen2016-06-191-0/+2
| | | | | | | | | | | | | The AMPE element includes number of optional and variable length fields and those cannot really be represented by a fixed struct ieee80211_ampe_ie. Remove the optional fields from the struct and build/parse these fields separately. This is also adding support for IGTKdata that was completely missing from the previous implementation. In addition, Key RSC for MGTK is now filled in and used when configuring the RX MGTK for a peer. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Generate a separate TX IGTK if PMF is enabledJouni Malinen2016-06-191-0/+2
| | | | | | | | | | | Previous implementation was incorrectly using MGTK also as the IGTK and doing this regardless of whether PMF was enabled. IGTK needs to be a independent key and this commit does that at the local TX side. The current AMPE element construction and parsing is quite broken, so this does not get add the IGTKdata field there. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Support variable length TX MGTKJouni Malinen2016-06-191-1/+2
| | | | | | This is an initial step in supporting multiple cipher suites. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Check PMKID in AMPE Action framesBob Copeland2015-12-281-0/+1
| | | | | | | | | | | | | From IEEE Std 802.11-2012 13.3.5: If the incoming Mesh Peering Management frame is for AMPE and the Chosen PMK from the received frame contains a PMKID that does not identify a valid mesh PMKSA, the frame shall be silently discarded. We were not checking the PMKID previously, and we also weren't parsing it correctly, so fix both. Signed-off-by: Bob Copeland <me@bobcopeland.com>
* mesh: Add timer for SAE authentication in RSN meshChun-Yeow Yeoh2014-11-161-0/+1
| | | | | | | | | | | | Add timer to do SAE re-authentication with number of tries defined by MESH_AUTH_RETRY and timeout defined by MESH_AUTH_TIMEOUT. Ignoring the sending of reply message on "SAE confirm before commit" to avoid "ping-pong" issues with other mesh nodes. This is obvious when number of mesh nodes in MBSS reaching 6. Signed-off-by: Chun-Yeow Yeoh <yeohchunyeow@gmail.com> Signed-off-by: Bob Copeland <me@bobcopeland.com>
* mesh: Add mesh robust security networkThomas Pedersen2014-11-161-0/+35
This implementation provides: - Mesh SAE authentication mechanism - Key management (set/get PSK) - Cryptographic key establishment - Enhanced protection mechanisms for robust management frames Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Javier Cardona <javier@cozybit.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Thomas Pedersen <thomas@noack.us>