path: root/src/ap/wpa_auth_ft.c
Commit message (Collapse)AuthorAgeFilesLines
* FT: Fix sm->assoc_resp_ftie storing on the AP sideJouni Malinen2015-12-091-5/+5
| | | | | | | | | | The FTIE from (Re)Association Response frame was copied before calculating the MIC. This resulted in incorrect value being used when comparing the EAPOL-Key msg 2/4 value in case PTK rekeying was used after FT protocol run. Fix this by storing the element after the MIC field has been filled in. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FT: Fix WMM TSPEC validation in driver-based AP MLME caseJouni Malinen2015-04-221-10/+11
| | | | | | | | | | | | | | | | | | Commit 88b32a99d30894b2d6bb391371c442fc117edbab ('FT: Add FT AP support for drivers that manage MLME internally') added an alternative way of processing the WMM TSPEC from RIC. However, that change did not seem to include the same checks for WMM TSPEC element length that were used in the original implementation for MLME-in-hostapd case. Fix this by sharing the older implementation of copying the WMM TSPEC from RIC for both cases. It looks like the destination buffer for the response is sufficiently long for the fixed length copy, but it may have been possible to trigger a read beyond the end of the FTIE by about 50 bytes. Though, that seems to be within the buffer received for RX buffer in the case that uses this driver-based AP MLME design for FT. Signed-off-by: Jouni Malinen <j@w1.fi>
* Preparations for variable length KCK and KEKJouni Malinen2015-01-261-27/+25
| | | | | | | | This modifies struct wpa_ptk to allow the length of KCK and KEK to be stored. This is needed to allow longer keys to be used, e.g., with Suite B 192-bit level. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Make aes_wrap() call easier to analyzeJouni Malinen2014-12-061-1/+7
| | | | | | | | Using aes_wrap() to initialize a data structure seemed to be too much for some static analyzers to understand. Make it obvious that the target is not just the single struct member. (CID 68111) Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Make aes_unwrap() calls easier to analyzeJouni Malinen2014-12-061-12/+26
| | | | | | | | | | Using aes_unwrap() to initialize a data structure seemed to be too much for some static analyzers to understand. Make it obvious that the target is initialized and that the target is not just the single struct member. In addition, clean up the design to avoid removal of const with a typecast. (CID 68112, CID 68134, CID 68135, CID 68136) Signed-off-by: Jouni Malinen <j@w1.fi>
* AES: Extend key wrap design to support longer AES keysJouni Malinen2014-10-071-8/+14
| | | | | | | | | | | This adds kek_len argument to aes_wrap() and aes_unwrap() functions and allows AES to be initialized with 192 and 256 bit KEK in addition to the previously supported 128 bit KEK. The test vectors in test-aes.c are extended to cover all the test vectors from RFC 3394. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Debug print extra response dataJouni Malinen2014-07-021-0/+5
| | | | | | | This shows any extra data from FT response and also avoids a static analyzer warning on dead increment. Signed-off-by: Jouni Malinen <j@w1.fi>
* RSN authenticator: Use os_memcmp_const() for hash/password comparisonsJouni Malinen2014-07-021-16/+19
| | | | | | | | | This makes the implementation less likely to provide useful timing information to potential attackers from comparisons of information received from a remote device and private material known only by the authorized devices. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Fix GTK rekeying after FT protocolJouni Malinen2014-06-011-0/+1
| | | | | | | | | | Move to PTKINITDONE state and mark PTK valid after successful completion of FT protocol. This allows the AP/Authenticator to start GTK rekeying when FT protocol is used. Previously, the station using FT protocol did not get the new GTK which would break delivery of group addressed frames. Signed-off-by: Jouni Malinen <j@w1.fi>
* FT: Add support for postponing FT responseJouni Malinen2014-03-231-45/+141
| | | | | | | | | | If the PMK-R1 needs to be pulled for the R0KH, the previous implementation ended up rejecting the over-the-air authentication and over-the-DS action frame unnecessarily while waiting for the RRB response. Improve this by postponing the Authentication/Action frame response until the pull response is received. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix whitespace styleJouni Malinen2013-12-291-3/+3
| | | | | | | Commit 88b32a99d30894b2d6bb391371c442fc117edbab added couple of lines with incorrect indentation. Signed-hostap: Jouni Malinen <j@w1.fi>
* Enable FT with SAEJouni Malinen2013-12-291-2/+1
| | | | | | | | It was already possible to configure hostapd and wpa_supplicant to use FT-SAE for the key management, but number of places were missing proper AKM checks to allow FT to be used with the new AKM. Signed-hostap: Jouni Malinen <j@w1.fi>
* FT RRB: Clear pad field to avoid sending out uninitialized dataJouni Malinen2013-08-241-0/+3
| | | | | | | | | The pad field in the RRB messages is unused, but it should be initialized to avoid sending out arbitrary data from stack. This was also generating number of valgrind complaints about uninitialized memory accesses in local FT tests. Signed-hostap: Jouni Malinen <j@w1.fi>
* FT RRB: Fix a memory leak on error pathJouni Malinen2013-05-181-1/+3
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* FT RRB: Validate os_malloc() return value before using itJouni Malinen2013-04-271-0/+4
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* Extra validation to keep static analyzers happyJouni Malinen2013-01-121-1/+1
| | | | | | | | Use of two variables to track bounds checking seems to be a bit too much for some static analyzers, so add an extra condition for buffer padding to avoid incorrect warnings. Signed-hostap: Jouni Malinen <j@w1.fi>
* Move WPA cipher information into a shared locationJouni Malinen2012-08-301-10/+3
| | | | | | | | | Try to share most of the cipher information like key and RSC lengths and suite selector conversions, etc. in wpa_common.c to avoid having similar code throughout the WPA implementation for handling cipher specific behavior. Signed-hostap: Jouni Malinen <j@w1.fi>
* Add support for using GCMP cipher from IEEE 802.11adJouni Malinen2012-08-291-1/+4
| | | | | | | | | | | | | | | | This allows both hostapd and wpa_supplicant to be used to derive and configure keys for GCMP. This is quite similar to CCMP key configuration, but a different cipher suite and somewhat different rules are used in cipher selection. It should be noted that GCMP is not included in default parameters at least for now, so explicit pairwise/group configuration is needed to enable it. This may change in the future to allow GCMP to be selected automatically in cases where CCMP could have been used. This commit does not included changes to WPS or P2P to allow GCMP to be used. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* FT: Add FT AP support for drivers that manage MLME internallyShan Palanisamy2012-08-011-5/+50
| | | | Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove the GPL notification from files contributed by Jouni MalinenJouni Malinen2012-02-111-8/+2
| | | | | | | Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
* Remove unnecessary include file inclusionJouni Malinen2011-11-131-1/+0
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* FT: Share IE parser implementation for Authenticator and SupplicantJouni Malinen2011-07-161-159/+0
| | | | | These are almost identical, so there is no point in using separate implementations.
* FT: Fix the calculation of MIC Control field in FTIEHong Wu2011-07-161-1/+1
| | | | | | | | Reassociation Request/Response frame validation need to count all IEs in the RIC. In addition, TIE is not protected, so it should not be included in the count. Signed-off-by: Hong Wu <hong.wu@dspg.com>
* FT: Make FT-over-DS configurable (hostapd.conf ft_over_ds=0/1)Shan Palanisamy2011-03-061-1/+3
* Annotate places depending on strong random numbersJouni Malinen2010-11-231-2/+3
| | | | | | | | | | | | | This commit adds a new wrapper, random_get_bytes(), that is currently defined to use os_get_random() as is. The places using random_get_bytes() depend on the returned value being strong random number, i.e., something that is infeasible for external device to figure out. These values are used either directly as a key or as nonces/challenges that are used as input for key derivation or authentication. The remaining direct uses of os_get_random() do not need as strong random numbers to function correctly.
* FT: Send RRB data directly when managed by same hostapd processJouni Malinen2010-07-261-0/+1
| | | | | | This makes it easier (and a bit faster) to handle multiple local radios with FT. There is no need to depend on l2_packet in that case since the frame can be delivered as a direct function call.
* FT: Fix RRB messages to use correct endiannessJouni Malinen2010-07-181-2/+2
| | | | | | | The pairwise cipher field is supposed to be little endian, but the message building functions did not swap the bytes on big endian hosts while the message processing functions did. Fix this by using little endian byte order in both places.
* FT: Validate MDIE and FTIE in FT 4-way handshake message 2/4Jouni Malinen2010-04-101-0/+5
* FT: Add FTIE, TIE[ReassocDeadline], TIE[KeyLifetime] to EAPOL-Key 3/4Jouni Malinen2010-04-101-5/+5
| | | | | These are mandatory IEs to be included in the FT 4-Way Handshake Message 3.
* FT: Validate FTIE fields in Reassociation RequestJouni Malinen2010-04-091-0/+58
| | | | | | ANonce, SNonce, R0KH-ID, and R1KH-ID must match with the values used in the previous FT authentication sequence message per IEEE Std 802.11r-2008, 11A.8.4.
* FT: Validate protect IE count in FTIE MIC ControlJouni Malinen2010-04-091-0/+11
* FT: Fix Reassociation Response in FT Protocol to include ANonce/SNonceJouni Malinen2010-04-091-1/+6
| | | | | These values are required to be included in the frame per IEEE Std 802.11r-2008, 11A.8.5.
* FT: Do not add MIC to FTIE during initial MD associationJouni Malinen2010-04-091-4/+8
| | | | | | We do not have any keys set at this point so there is no point in adding the MIC. In addition, IEEE Std 802.11r-2008, 11A.4.2 describes this frame to have MIC IE count of 0 and MIC of 0.
* FT: Fix GTK subelement format in FTIEJouni Malinen2010-04-071-7/+8
| | | | | The Key Info field was changed from 1-octet field to 2-octet field in 802.11r/D7.0, but that had not been updated in the implementation.
* FT: Fix FT 4-Way Handshake to include PMKR1Name in messages 2 and 3Jouni Malinen2010-04-071-5/+6
| | | | | | | | | | | | | | | | | | | IEEE Std 802.11r-2008, 11A.4.2 describes FT initial mobility domain association in an RSN to include PMKR1Name in the PMKID-List field in RSN IE in messages 2/4 and 3/4. This makes the RSN IE not be bitwise identical with the values used in Beacon, Probe Response, (Re)association Request frames. The previous versions of wpa_supplicant and hostapd did not add the PMKR1Name value in EAPOL-Key frame and did not accept it if added (due to bitwise comparison of RSN IEs). This commit fixes the implementation to be compliant with the standard by adding the PMKR1Name value into EAPOL-Key messages during FT 4-Way Handshake and by verifying that the received value matches with the value derived locally. This breaks interoperability with previous wpa_supplicant/hostapd versions.
* FT: Do not include RSN IE in (Re)Assoc Resp during initial MD associationJouni Malinen2010-04-071-9/+14
| | | | | RSN IE is only supposed to be included in Reassociation Response frames and only when they are part of a fast BSS transition.
* FT: Re-set PTK on reassociationJouni Malinen2010-04-041-1/+0
| | | | | | It turns out that this is needed for both FT-over-DS and FT-over-air when using mac80211, so it looks easiest to just unconditionally re-configure the keys after reassociation when FT is used.
* FT: Force key configuration after association in FT-over-DSJouni Malinen2010-04-041-0/+1
| | | | | | This seems to be needed at least with mac80211 when a STA is using FT-over-DS to reassociate back to the AP when the AP still has the previous association state.
* FT: Fix PTK configuration in authenticatorJouni Malinen2010-03-131-4/+9
| | | | | | Must update sm->pairwise when fetching PMK-R1 SA. Add a workaround for drivers that cannot set keys before association (e.g., cfg80211/mac80211): retry PTK configuration after association.
* FT: Include pairwise cipher suite in PMK-R0 SA and PMK-R1 SAJouni Malinen2010-03-071-17/+39
| | | | | | | This is needed to fix PTK derivation to use correct length. Previously, 64-octet PTK may have been derived if the authenticator did not already have a STA entry. Now, the correct pairwise cipher suite is learned when then PMK-R1 SA is received.
* Get rid of unnecessary typedefs for enums.Jouni Malinen2009-12-261-2/+2
* Include header files explicitly in *.c, not via header filesJouni Malinen2009-12-251-0/+2
* Rename some src/ap files to avoid duplicate file namesJouni Malinen2009-12-251-0/+1656
Doxygen and some build tools may get a bit confused about same file name being used in different directories. Clean this up a bit by renaming some of the duplicated file names in src/ap.