path: root/wpa_supplicant/ibss_rsn.c
Commit message (Collapse)AuthorAgeFilesLines
* IBSS: Fix a memory leak on RSN error pathJouni Malinen2016-08-131-0/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Add group_rekey parameter for IBSSJouni Malinen2016-08-131-4/+5
| | | | | | | The new network profile parameter group_rekey can now be used to specify the group rekeying internal in seconds for IBSS. Signed-off-by: Jouni Malinen <j@w1.fi>
* SAE: Fix PMKID calculation for PMKSA cacheMasashi Honma2016-02-181-1/+1
| | | | | | | | The SAE PMKID is calculated with IEEE Std 802.11-2012, but the PMKID was re-calculated with and saved into PMKSA cache. Fix this to save the PMKID calculated with into the PMKSA cache. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* RSN IBSS: Fix segfault on error pathJouni Malinen2015-09-051-1/+2
| | | | | | | If wpa_init() fails, wpa_deinit(NULL) must not be called to avoid hitting a NULL pointer dereference. Signed-off-by: Jouni Malinen <j@w1.fi>
* IBSS: Check ibss_rsn init before starting new IBSS authenticationEduardo Abinader2015-05-031-0/+3
| | | | | | | | Sanity check added to avoid segmentation fault which occurs, when issuing ibss_rsn ctrl iface cmd and IBSS was not initialized previously via IBSS network selection. Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
* Remove unused send_eapol() driver opJouni Malinen2014-12-111-2/+2
| | | | | | | | | | The send_eapol() callback was used by driver_test.c, but with that removed, there is no remaining users of the alternative EAPOL frame transmitting mechanism in wpa_supplicant, i.e., all remaining driver interfaces use l2_packet instead. Remove the send_eapol() to get rid of unused code. Signed-off-by: Jouni Malinen <j@w1.fi>
* SAE: Add support for PMKSA caching on the station sideJouni Malinen2014-10-181-1/+1
| | | | | | | | | This makes wpa_supplicant SME create PMKSA cache entries from SAE authentication and try to use PMKSA caching if an entry is found for the AP. If the AP rejects the attempt, fall back to SAE authentication is used. Signed-off-by: Jouni Malinen <j@w1.fi>
* IBSS RSN: Use monotonic time for reinit detectionJohannes Berg2013-12-241-4/+4
| | | | | | | | The reinit detection skips reinit when the time since the own authentication frame TX is less than half a second, so it shouldn't be affected by wall time and use monotonic time instead. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
* P2P: Select PSK based on Device Address instead of Interface AddressJouni Malinen2013-09-011-1/+2
| | | | | | | | | When using per-device PSKs, select the PSK based on the P2P Device Address of the connecting client if that client is a P2P Device. This allows the P2P Interface Address to be changed between P2P group connections which may happen especially when using persistent groups. Signed-hostap: Jouni Malinen <j@w1.fi>
* P2P: Make peer's P2P Device Address available to authenticatorJouni Malinen2013-09-011-1/+1
| | | | | | | This can be used to implement per-device PSK selection based on the peer's P2P Device Address instead of P2P Interface Address. Signed-hostap: Jouni Malinen <j@w1.fi>
* IBSS RSN: Add a timeout for Authentication frame exchangeJouni Malinen2013-08-271-1/+25
| | | | | | | | | | It is possible for the peer device not to support Authentication frame exchange even though this would be required functionality in the standard. Furthermore, either Authentication frame may be lost. To recover from cases where Authentication frame sequence 2 is not received, start EAPOL Authenticator from one second timeout. Signed-hostap: Jouni Malinen <j@w1.fi>
* IBSS RSN: Work around Data RX vs. Authentication RX race conditionJouni Malinen2013-08-261-0/+13
| | | | | | | | | | | | | It is possible for the driver to report EAPOL frame RX before Authentication frame RX even if the frames arrived in the opposite order. This can result in issues in cases where both IBSS peers initiate Authentication frame exchange at about the same time and one of the EAPOL sessions is started before processing Authentication frame seq=1 RX. Work around this by not re-initializing EAPOL state on Authentication (SEQ=1) RX if own Authentication frame was transmitted within last 500 ms. Signed-hostap: Jouni Malinen <j@w1.fi>
* IBSS RSN: Add IBSS-RSN-COMPLETED event messageJouni Malinen2013-08-251-1/+29
| | | | | | | This new control interface event message is used to indicate when both 4-way handshakes have been completed with a new IBSS peer. Signed-hostap: Jouni Malinen <j@w1.fi>
* IBSS RSN: Add peer restart detectionAntonio Quartulli2013-07-211-23/+209
| | | | | | | | | | | | | | | | | | | | | | | | | To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
* IBSS RSN: Implement disconnect() callback using sta_deauth()Bharat Bhushan2013-06-071-0/+8
| | | | | | | This allows driver wrappers to implement disconnection of IBSS peers in cases operations, e.g., GTK update, fail. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* IBSS RSN: Support authorizationAntonio Quartulli2012-02-121-0/+48
| | | | | | | | In IBSS RSN cfg80211/mac80211 now waits for userspace to authorize new stations. This patch makes wpa_supplicant notify the driver when a station can be considered authorized. Signed-hostap: Antonio Quartulli <ordex@autistici.org>
* Remove the GPL notification from files contributed by Jouni MalinenJouni Malinen2012-02-111-8/+2
| | | | | | | Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
* IBSS RSN: Provide ibss_rsn_get_peer() helper functionAntonio Quartulli2012-01-291-12/+20
| | | | | | | This is a useful function that simplifies some code and can eventually be used somewhere else in future. Signed-hostap: Antonio Quartulli <ordex@autistici.org>
* IBSS: fix RSN key initialisationJohannes Berg2011-12-111-0/+2
| | | | | | | | | | | | | | | | | | | | Antonio reported that RSN IBSS failed to work. We traced it down to a GTK failure, and he then bisected it to commit bdffdc5ddb0c838af4c90d11: "AP: Reorder WPA/Beacon initialization". The reason this commit broke it is that the state machine's GInit variable is never set to false as wpa_init_keys() never gets called, and thus new keys are generated every time the state machine executes. Fix this by calling wpa_init_keys() when the new group has been initialised. Reported-by: Antonio Quartulli <ordex@autistici.org> Tested-by: Antonio Quartulli <ordex@autistici.org> Signed-hostap: Johannes Berg <johannes.berg@intel.com>
* Mark local functions staticJouni Malinen2011-11-181-2/+2
| | | | | | These functions are not used outside the file in which they are defined. Signed-hostap: Jouni Malinen <j@w1.fi>
* IBSS RSN: peer->addr is an array so it cannot be NULLJouni Malinen2011-04-141-1/+1
* RSN IBSS: Restart IBSS state machines for each new IBSSJouni Malinen2011-03-231-30/+8
| | | | | | | | Change the old design of running a single long living RSN IBSS instance to keep a separate instance for each IBSS connection. This fixes number of issues in getting keys set properly for new connections and is in general quite a bit more correct design.
* IBSS RSN: Clear IBSS RSN peers based on peer lost eventsXi Chen2011-03-181-0/+40
* IBSS RSN: Enable group rekeying every 10 minutesXi Chen2011-03-161-0/+1
* IBSS RSN: Add for_each_sta handler for authenticatorXi Chen2011-03-161-0/+19
* IBSS RSN: Add supp_get_state handlerXi Chen2011-03-161-0/+8
* IBSS RSN: Do not start multiple Auth/Supp for same peerJouni Malinen2011-01-151-0/+9
| | | | | | | | | This avoids an issue when a received EAPOL-Key frame from a peer is initiating IBSS RSN Authenticator and Supplicant for the peer and the following new-STA-in-IBSS event from the driver is adding yet another instance of Authenticator/Supplicant. The EAPOL-Key RX case was already checking whether an instance had been started; the driver new-STA event needs to do same.
* IBSS RSN: Delay setting of the initial TX GTKJouni Malinen2011-01-151-0/+30
| | | | | | The driver may get confused if we set the initial TX GTK before having fully configured and connected to an IBSS, so better delay this operation until the connection (join/start IBSS) has been completed.
* RSN IBSS: RX GTK configuration with nl80211Jouni Malinen2010-12-051-0/+9
| | | | | | | | | This add preliminary code for setting the per-STA RX GTK for RSN IBSS when nl80211 drivers. For some reason, this does not seem to fully work, but at least driver_nl80211.c is now aware of what kind of key is being set and the whatever is missing from making this key configuration go through should be specific to nl80211/cfg80211.
* IBSS RSN: Explicitly check addr != NULL before passing it to memcmpJouni Malinen2010-01-101-1/+2
| | | | | | idx == 0 should be enough to make sure that the addr is set, but verify that this is indeed the case to avoid any potential issues if auth_set_key() gets called incorrectly.
* IBSS RSN: Check explicitly that WPA auth sm assoc call succeededJouni Malinen2010-01-101-2/+4
| | | | | | Verify that association processing did not end up freeing the state machine. This should not really happen in practice, but better verify it anyway.
* Get rid of unnecessary typedefs for enums.Jouni Malinen2009-12-261-5/+5
* Move generic AP functionality implementation into src/apJouni Malinen2009-12-241-2/+2
| | | | | | | | | | This code can be shared by both hostapd and wpa_supplicant and this is an initial step in getting the generic code moved to be under the src directories. Couple of generic files still remain under the hostapd directory due to direct dependencies to files there. Once the dependencies have been removed, they will also be moved to the src/ap directory to allow wpa_supplicant to be built without requiring anything from the hostapd directory.
* IBSS RSN: Add more verbose debug info for key setupJouni Malinen2009-12-041-8/+23
* Fix IBSS RSN buildJouni Malinen2009-11-291-17/+3
* Remove src/rsn_supp from default header pathJouni Malinen2009-11-291-2/+2
* IBSS RSN: Added key configurationJouni Malinen2009-01-171-2/+53
* Added a separate ctx pointer for wpa_msg() calls in WPA suppJouni Malinen2009-01-171-0/+1
| | | | | This is needed to allow IBSS RSN to use per-peer context while maintaining support for wpa_msg() calls to get *wpa_s as the pointer.
* IBSS RSN: Set the PSK based on network configurationJouni Malinen2009-01-171-0/+6
* IBSS RSN: Set more hardcoded RSN IEs for nowJouni Malinen2009-01-171-6/+12
| | | | This allows 4-way handshakes to be completed successfully.
* IBSS RSN: Added couple of required WPA supplicant callback functionsJouni Malinen2009-01-171-0/+16
* Process received EAPOL frames in IBSS RSN code if in IBSS modeJouni Malinen2009-01-171-0/+97
* Fixed auth_send_eapol() to use correct ctx structureJouni Malinen2009-01-151-2/+2
* Use a hardcoded RSN IE for testing to start AuthenticatorJouni Malinen2009-01-151-4/+7
| | | | | This needs to be replaced with proper RSN IE from the peer STA (e.g., from Probe Response).
* Implement EAPOL sending callbacks for IBSS RSNJouni Malinen2009-01-151-6/+13
* Added initial step for IBSS RSN supportJouni Malinen2009-01-141-0/+319
This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.