summaryrefslogtreecommitdiffstats
path: root/sys/net80211/ieee80211_pae_input.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Collapse m_pullup and m_pullup2 into a single function, as they'reblambert2011-05-041-2/+2
| | | | | | | | essentially identical; the only difference being that m_pullup2 is capable of handling mbuf clusters, but called m_pullup for shorter lengths (!). testing dlg@ ok claudio@
* when receiving the first message of an rsn group key handshakejcs2010-02-061-1/+2
| | | | | | | | | | packet, copy the key out of it properly. fixes the problem where only broadcast packets like ipv6 router advertisements were failing decryption and processing, only after a rekey. ok damien@
* how did i manage to forget that file in my last commit?damien2009-11-231-1/+4
|
* Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01:damien2009-01-261-18/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys) Did some code cleanup too. The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler. Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
* typo, no binary change.damien2008-12-061-2/+2
|
* Initial implementation of PMKSA caching and pre-authentication.damien2008-09-271-31/+40
| | | | | | | | | | | | | | | | | | This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication. Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
* introduce new IEEE80211_STA_ONLY kernel option that can be set todamien2008-08-271-10/+41
| | | | | | | | | remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
* do not increment is_rx_eapol_key twice for each frame.damien2008-08-131-23/+17
| | | | | fix a test on the mbuf length and one on the descriptor version. remove redundant checking of GTK KDE length.
* new SHA-256 based AKMPs.damien2008-08-121-2/+7
|
* process IGTK KDEs in EAPOL-Key frames and install integrity group keysdamien2008-08-121-33/+110
| | | | if MFP was negotiated with the peer (not possible yet).
* Change the way we process EAPOL-Key frames.damien2008-08-121-13/+33
| | | | | | | | | | | | Free the mbuf in the ieee80211_eapol_key_input() function. Do not assume the frame is contiguous, call m_pullup2() if it is not. We need the frame to be contiguous to process KDEs efficiently in EAPOL-Key frames (just like we process IEs in management frames). However, there are drivers like upgt(4) that use m_devget() in the RX path. m_devget() can return fragmented mbuf chains. Notice that we should do the same m_pullup2() for management frames. This will be done later. Remove the ic_recv_eapol callback.
* get rid of the map_ptk()/map_gtk() functions, just inline themdamien2008-08-121-29/+58
| | | | which makes things easier to track.
* simplify ieee80211_derive_ptk() prototype.damien2008-08-121-10/+7
| | | | | pass the AKMP so we can support other key derivation functions in the future.
* print the correct value in a debug message.damien2008-08-021-4/+4
|
* Drop frames that are received unencrypted when WEP is on or whendamien2008-08-021-1/+8
| | | | | | | | | | | | | | WPA is on and RX protection for TA is on. Keep track of the TX/RX protection for each node when WPA is on. tested by djm@ (ral+wpa), ckuethe@ (ath-noenc) and krw@ (wpi<->ral+wpa). hints from bluhm@ has been in snaps for a few days. pointed out by bluhm@ something like 1 year ago but we did not have the right infrastructure to fix it properly at that time. ok deraadt@
* s/IEEE80211_DPRINTF/DPRINTF/damien2008-07-271-34/+26
| | | | | | | automatically prepend __func__ to output. deobfuscates debug messages a bit. no binary change unless compiled with IEEE80211_DEBUG.
* add ieee80211_priv.h file: contains definitions private to net80211.damien2008-07-211-16/+3
| | | | this must not be included by drivers.
* move processing of EAPOL frames away from ieee80211_{input,output}.cdamien2008-07-211-0/+916
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.