![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sys / net80211
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.27 / (download) - annotate - [select for diffs], Fri May 15 14:21:09 2020 UTC (4 years ago) by stsp
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
HEAD
Changes since 1.26: +5 -1 lines
Diff to previous 1.26 (colored)
Fix CCMP replay check with 11n Rx aggregation and CCMP hardware offloading. So far, drivers using hardware CCMP decryption were expected to keep the most recently seen CCMP packet number (PN) up-to-date, and to discard frames with lower PNs as replays. A-MPDU subframes may legitimately arrive out of order, and the drivers skipped CCMP replay checking for such frames. Re-ordering happens in ieee80211_inputm(), after the driver is done with a frame. Drivers cannot tell replayed frames apart from legitimate out-of-order retransmissions. To fix this, update the PN value in ieee80211_inputm() after subframes have been reordered into their proper sequence. Drivers still perform replay checks but they no longer have to worry about updating the last seen PN value. The 802.11 spec confirms that replay checking is supposed to happen after A-MPDU re-ordering. Tested by jmc@, benno@, solene@, and myself with the following drivers: athn(4), iwn(4), iwm(4), wpi(4), urtwn(4) ok solene@
Revision 1.26 / (download) - annotate - [select for diffs], Fri Aug 16 19:53:32 2019 UTC (4 years, 9 months ago) by procter
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.25: +2 -1 lines
Diff to previous 1.25 (colored)
check that software de/encrypt is possible: under hardware offload, it needn't be. the stack must otherwise rely on every offloading driver correctly handling all frames governed by a given key. ok stsp@
Revision 1.23.4.1 / (download) - annotate - [select for diffs], Wed Aug 30 15:08:46 2017 UTC (6 years, 9 months ago) by stsp
Branch: OPENBSD_6_0
Changes since 1.23: +2 -1 lines
Diff to previous 1.23 (colored) next main 1.24 (colored)
MFC: Add an entry to dmesg if pairwise WPA keys arrive unexpectedly or if WPA group keys are being reused. OpenBSD wireless clients will now leave a trail of such events in their message log. Clear WPA group keys from memory before initiating a key exchange with an access point. Prevents false positive 'reused group key' warnings in dmesg when re-associating to the same access point. (OpenBSD 6.0 errata 041, August 30, 2017)
Revision 1.24.4.1 / (download) - annotate - [select for diffs], Wed Aug 30 15:08:30 2017 UTC (6 years, 9 months ago) by stsp
Branch: OPENBSD_6_1
Changes since 1.24: +2 -1 lines
Diff to previous 1.24 (colored) next main 1.25 (colored)
MFC: Add an entry to dmesg if pairwise WPA keys arrive unexpectedly or if WPA group keys are being reused. OpenBSD wireless clients will now leave a trail of such events in their message log. Clear WPA group keys from memory before initiating a key exchange with an access point. Prevents false positive 'reused group key' warnings in dmesg when re-associating to the same access point. (OpenBSD 6.1 errata 027, August 30, 2017)
Revision 1.25 / (download) - annotate - [select for diffs], Fri Aug 18 17:30:12 2017 UTC (6 years, 9 months ago) by stsp
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.24: +2 -1 lines
Diff to previous 1.24 (colored)
Clear WPA group keys from memory before initiating a key exchange with an access point. Prevents false positive 'reused group key' warnings in dmesg when re-associating to the same access point. Problem reported by tb@ ok tb@
Revision 1.24 / (download) - annotate - [select for diffs], Sat Dec 17 18:35:54 2016 UTC (7 years, 5 months ago) by stsp
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE
Branch point for: OPENBSD_6_1
Changes since 1.23: +4 -1 lines
Diff to previous 1.23 (colored)
Complete our half-done implementation of TKIP countermeasures in hostap mode. The previous code would disable the AP until next reboot upon MIC failure. Instead, disable the AP for 60 seconds, as required by the 802.11 standard. I randomly added a bit of time (up to 120 seconds total) just because we can. Problem reported by Mathy Vanhoef, thanks! ok deraadt@ random input reyk@
Revision 1.23 / (download) - annotate - [select for diffs], Sat Dec 5 16:26:53 2015 UTC (8 years, 6 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Branch point for: OPENBSD_6_0
Changes since 1.22: +14 -11 lines
Diff to previous 1.22 (colored)
Keep kernel definitions under _KERNEL to unbreak security/wpa_supplicant because of a missing forward declaration for kernel functions. ok stsp@
Revision 1.22 / (download) - annotate - [select for diffs], Mon Jan 26 19:09:41 2009 UTC (15 years, 4 months ago) by damien
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7,
OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys) Did some code cleanup too. The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler. Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
Revision 1.21 / (download) - annotate - [select for diffs], Sat Sep 27 15:16:09 2008 UTC (15 years, 8 months ago) by damien
Branch: MAIN
Changes since 1.20: +35 -6 lines
Diff to previous 1.20 (colored)
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication. Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
Revision 1.20 / (download) - annotate - [select for diffs], Wed Aug 27 09:05:04 2008 UTC (15 years, 9 months ago) by damien
Branch: MAIN
Changes since 1.19: +3 -1 lines
Diff to previous 1.19 (colored)
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
Revision 1.19 / (download) - annotate - [select for diffs], Tue Aug 12 19:29:07 2008 UTC (15 years, 10 months ago) by damien
Branch: MAIN
Changes since 1.18: +7 -3 lines
Diff to previous 1.18 (colored)
new SHA-256 based AKMPs.
Revision 1.18 / (download) - annotate - [select for diffs], Tue Aug 12 16:56:45 2008 UTC (15 years, 10 months ago) by damien
Branch: MAIN
Changes since 1.17: +80 -92 lines
Diff to previous 1.17 (colored)
add new IEEE80211_CIPHER_AES128_CMAC cipher and new key flag IEEE80211_KEY_IGTK. lot of cleanup while i'm here (indent function prototypes). change license since this file was completely rewritten.
Revision 1.17 / (download) - annotate - [select for diffs], Tue Aug 12 16:51:39 2008 UTC (15 years, 10 months ago) by damien
Branch: MAIN
Changes since 1.16: +10 -1 lines
Diff to previous 1.16 (colored)
Welcome BIP: the Broadcast/Multicast Integrity Protocol defined in Draft IEEE P802.11w. It provides data integrity and replay protection for broadcast/ multicast robust management frames (not used yet) using AES-128 in CMAC mode.
Revision 1.16 / (download) - annotate - [select for diffs], Tue Aug 12 16:33:38 2008 UTC (15 years, 10 months ago) by damien
Branch: MAIN
Changes since 1.15: +2 -1 lines
Diff to previous 1.15 (colored)
add replay counter for management frames.
Revision 1.15 / (download) - annotate - [select for diffs], Tue Aug 12 16:14:05 2008 UTC (15 years, 10 months ago) by damien
Branch: MAIN
Changes since 1.14: +1 -6 lines
Diff to previous 1.14 (colored)
get rid of the map_ptk()/map_gtk() functions, just inline them which makes things easier to track.
Revision 1.14 / (download) - annotate - [select for diffs], Tue Aug 12 16:05:15 2008 UTC (15 years, 10 months ago) by damien
Branch: MAIN
Changes since 1.13: +4 -4 lines
Diff to previous 1.13 (colored)
simplify ieee80211_derive_ptk() prototype. pass the AKMP so we can support other key derivation functions in the future.
Revision 1.13 / (download) - annotate - [select for diffs], Mon Apr 21 19:37:18 2008 UTC (16 years, 1 month ago) by damien
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.12: +10 -1 lines
Diff to previous 1.12 (colored)
move ieee80211_auth_open() to ieee80211_proto.c move ieee80211_setup_rates() to ieee80211_node.c move some prototypes from ieee80211_proto.h to ieee80211_crypto.h
Revision 1.12 / (download) - annotate - [select for diffs], Mon Apr 21 19:01:01 2008 UTC (16 years, 1 month ago) by damien
Branch: MAIN
Changes since 1.11: +1 -2 lines
Diff to previous 1.11 (colored)
- do not process ethernet PAE frames if RSN is not enabled - add a ieee80211_recv_action() function (will be used later) - some cleanup, remove unused prototypes, get rid of the IEEE80211_VERIFY_* macros
Revision 1.11 / (download) - annotate - [select for diffs], Fri Apr 18 09:16:14 2008 UTC (16 years, 1 month ago) by djm
Branch: MAIN
Changes since 1.10: +1 -3 lines
Diff to previous 1.10 (colored)
extend the if_ethersubr.c crc functions to support updating a running crc in addition to the existing "oneshot" mode and use them to replace ieee80211_crc_update() with the new ether_crc32_le_update(). Saves 1k kernel bss + some code. Mark the new ether_crc32_[lb]e_update functions as __pure for a ~25x speedup (on my i386 at least). feedback and ok damien@
Revision 1.10 / (download) - annotate - [select for diffs], Wed Apr 16 18:32:15 2008 UTC (16 years, 1 month ago) by damien
Branch: MAIN
Changes since 1.9: +48 -17 lines
Diff to previous 1.9 (colored)
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard. Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols. This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported. In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes. The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4) The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher wpa-psk(8) can be used to generate keys from passphrases. tested by many@ ok deraadt@
Revision 1.9 / (download) - annotate - [select for diffs], Thu Aug 23 16:50:30 2007 UTC (16 years, 9 months ago) by damien
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.8: +9 -1 lines
Diff to previous 1.8 (colored)
add pseudo-header definition for TKIP MIC computation.
Revision 1.8 / (download) - annotate - [select for diffs], Wed Aug 22 20:52:26 2007 UTC (16 years, 9 months ago) by damien
Branch: MAIN
Changes since 1.7: +4 -2 lines
Diff to previous 1.7 (colored)
add a ieee80211_get_txkey() function to determine the key to use for transmitting a frame to a given node. change ieee80211_encrypt() so that it now takes the key as parameter. this change is required because drivers doing hardware crypto need to know what key is being used.
Revision 1.7 / (download) - annotate - [select for diffs], Wed Aug 22 20:40:34 2007 UTC (16 years, 9 months ago) by damien
Branch: MAIN
Changes since 1.6: +15 -1 lines
Diff to previous 1.6 (colored)
- add k_rxmic and k_txmic fields to struct ieee80211_key to store the Tx/Rx MIC for TKIP. - add two functions to map a PTK and a GTK to an IEEE 802.11 key and use them in ieee80211_input.c instead of duplicating the same code. properly set Tx/Rx MIC in the IEEE 802.11 key in the case of TKIP. - add ic_psk to struct ieee80211com to store the pre-shared key. - fix setting of the SECURE bit in outgoing EAPOL-Key frames. - when receiving msg 2 of the 4-way handshake, deauthenticate the station if the RSN IE does not match that of the (Re)Association request. - before parsing an RSN or WPA IE, check that there's enough room for the version field (2 bytes) which is mandatory. - various tweaks while i'm here.
Revision 1.6 / (download) - annotate - [select for diffs], Wed Aug 1 15:40:40 2007 UTC (16 years, 10 months ago) by damien
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.5: +9 -1 lines
Diff to previous 1.5 (colored)
add generic ieee80211_encrypt() and ieee80211_decrypt() functions that can handle multiple ciphers (the key to use is determined automatically by these functions based on the frame's destination address). add ieee80211_ccmp_encrypt() and ieee80211_ccmp_decrypt(). those two functions only do encapsulation/decapsulation of CCMP frames for now (they don't do SW crypto). they will help to test things with drivers that can do HW crypto. add a ni_pairwise_key field to struct ieee80211_node to actually install the pairwise transient key. install the GTK in ic_nw_keys[].
Revision 1.5 / (download) - annotate - [select for diffs], Wed Aug 1 12:37:46 2007 UTC (16 years, 10 months ago) by damien
Branch: MAIN
Changes since 1.4: +3 -2 lines
Diff to previous 1.4 (colored)
add a TSC field to the key structure. it will be used to store the TKIP sequence counter (TKIP) or the PN (packet number, CCMP).
Revision 1.4 / (download) - annotate - [select for diffs], Sat Jul 28 11:01:19 2007 UTC (16 years, 10 months ago) by damien
Branch: MAIN
Changes since 1.3: +12 -1 lines
Diff to previous 1.3 (colored)
extend the ieee80211_key structure with a key identifier, a flags field and a 64-bit receive sequence counter (for group keys). add a ieee80211_cipher_keylen() function to retrieve the key length in bytes used by a specific cipher. account for 802.1X header size when computing the Key MIC. some cleanup in comments and variable names while i'm here.
Revision 1.3 / (download) - annotate - [select for diffs], Wed Jul 18 18:10:31 2007 UTC (16 years, 10 months ago) by damien
Branch: MAIN
Changes since 1.2: +27 -4 lines
Diff to previous 1.2 (colored)
replace the ieee80211_wepkey structure with a more generic ieee80211_key one that can be used with other ciphers than WEP.
Revision 1.2 / (download) - annotate - [select for diffs], Wed Jun 6 19:31:07 2007 UTC (17 years ago) by damien
Branch: MAIN
Changes since 1.1: +1 -5 lines
Diff to previous 1.1 (colored)
The license permits us to redistribute this code under the BSD or the GPLv2. Choose the BSD license so that future enhancements will be BSD-only. ok jsg@ reyk@ deraadt@
Revision 1.1 / (download) - annotate - [select for diffs], Tue Jun 22 22:53:52 2004 UTC (19 years, 11 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0,
OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8,
OPENBSD_3_7_BASE,
OPENBSD_3_7,
OPENBSD_3_6_BASE,
OPENBSD_3_6
Import current NetBSD/FreeBSD 802.11 framework. Based in part on a diff from Matthew Gream.