#
1.37 |
|
19-Nov-2020 |
krw |
Always check for EBUSY when the return value of ic_set_key() is tested.
Fixes urtwn(4) repeated DEAUTH and subsequent loss/restoration of link. It was a great dhclient(4) stress test. Note that urtwn(4) is the first and so far only device whose *_set_key() function returns EBUSY.
Debugging hints and ok stsp@
|
#
1.36 |
|
12-Nov-2020 |
krw |
Don't enable port or link until all crypto keys are installed by async task(s).
Makes dhclient(8) much happier.
Suggestions and ok stsp@, jmatthew@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.35 |
|
13-Jul-2020 |
stsp |
When a wifi interface acts as a client and the WPA handshake is done, update the WPA group cipher value in interface configuration data.
Code relying in this value will otherwise get the group cipher wrong. One obvious example is ifconfig which now displays the negotiated group cipher rather than always displaying the default value 'ccmp'.
Fixes a regression where athn(4) no longer worked against WPA2 APs which use TKIP as a group cipher for compatibility with WPA1.
Problem reported by Tim Chase.
ok kettenis@
|
#
1.34 |
|
31-May-2020 |
stsp |
Typo in WPA supplicant state machine: RNSA_SUPP_PTKDONE -> RSNA_SUPP_PTKDONE
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.33 |
|
02-Sep-2019 |
stsp |
Make net80211 expose reasons for association failures to userland and have ifconfig display them in 'scan' output and on the ieee80211 status line if the failure is applicable to an already selected AP (e.g. wrong WPA key).
This will hopefully reduce the amount of help requests for what often turn out to be trivial misconfiguration issues that were previously hard to diagnose without debug mode.
ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in sync with the kernel. A full 'make build' will do the right thing!
Very helpful input by mpi@ and deraadt@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.32 |
|
02-Nov-2018 |
stsp |
Remove 'reused group key update received' printfs. These have served no useful purpose in practice; all reported instances were legitimate group key retransmissions by the AP, e.g. after laptop suspend. We fixed KRACK long ago; re-used group key messages are nothing to worry about.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.31 |
|
16-Oct-2017 |
stsp |
Add comments which document already fixed WPA attack vectors.
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.30 |
|
17-Aug-2017 |
stsp |
Add an entry to dmesg if pairwise WPA keys arrive unexpectedly or if WPA group keys are being reused. OpenBSD wireless clients will now leave a trail of such events in their message log.
There has been increased public scrutiny of WPA's security recently, so I am curious to see if anyone is attempting replay attacks in the wild.
ok deraadt
|
#
1.29 |
|
22-Jul-2017 |
stsp |
Fix length checks in EAPOL key frame parsing. Problem reported by Ilja Van Sprundel. ok tb@ kevlo@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.28 |
|
01-Mar-2017 |
stsp |
branches: 1.28.4; Fix some DPRINTFs I just added to ieee80211_pae_input.c. No fnuctional change.
|
#
1.27 |
|
01-Mar-2017 |
stsp |
Fix a bug allowing a man-in-the-middle attack against WPA wireless clients. A malicious AP could trick clients into connecting to the malicious AP instead of the desired AP. All frames would then be sent in the clear. This problem was found and reported by Mathy Vanhoef who also provided an initial patch which we improved together.
|
#
1.26 |
|
02-Feb-2017 |
stsp |
Remove global counters from struct ieee80211com which track the number of associated nodes with particular properties: 11b-only ("non-ERP") nodes, nodes requiring long slot time, nodes using WPA, nodes not supporting 11n, nodes currently dozing in powersave state, and nodes with a pending group key update confirmation.
These counters weren't properly maintained. There are bugs in the stack where these counters and actual node properties got out of sync. This is exposed by panics which are supposed to help us catch such bugs. But these panics don't provide real clues.
Instead of maintaining global counters forcing us to hunt refcounting bugs, count nodes with the property in question on demand, by iterating over all nodes and checking their state. This is cheap since we'll never have more than 100 nodes cached, and none of the cases where we need such information is in a performance critical path.
Prevents panics in hostap mode reported by Lauri Tirkkonen on bugs@ last year (https://marc.info/?l=openbsd-bugs&m=147513817930489&w=2) and also encountered by my 11n APs ("panic: bogus non-HT station count 0").
tested by Lauri, tb@, and myself ok mpi@ tb@
|
Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.25 |
|
15-Jul-2015 |
deraadt |
branches: 1.25.2; 1.25.6; m_freem() can handle NULL, do not check for this condition beforehands. ok stsp mpi
|
#
1.24 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.23 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.22 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.21 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.20 |
|
24-Jul-2014 |
mpi |
Fix debug printf, from Nathanael Rensen and chris@.
|
#
1.19 |
|
22-Jul-2014 |
mpi |
Fewer <netinet/in_systm.h> !
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.18 |
|
04-May-2011 |
blambert |
Collapse m_pullup and m_pullup2 into a single function, as they're essentially identical; the only difference being that m_pullup2 is capable of handling mbuf clusters, but called m_pullup for shorter lengths (!).
testing dlg@ ok claudio@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.17 |
|
06-Feb-2010 |
jcs |
when receiving the first message of an rsn group key handshake packet, copy the key out of it properly.
fixes the problem where only broadcast packets like ipv6 router advertisements were failing decryption and processing, only after a rekey.
ok damien@
|
#
1.16 |
|
23-Nov-2009 |
damien |
how did i manage to forget that file in my last commit?
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.15 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.14 |
|
06-Dec-2008 |
damien |
typo, no binary change.
|
#
1.13 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.12 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.11 |
|
13-Aug-2008 |
damien |
do not increment is_rx_eapol_key twice for each frame. fix a test on the mbuf length and one on the descriptor version. remove redundant checking of GTK KDE length.
|
#
1.10 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
#
1.9 |
|
12-Aug-2008 |
damien |
process IGTK KDEs in EAPOL-Key frames and install integrity group keys if MFP was negotiated with the peer (not possible yet).
|
#
1.8 |
|
12-Aug-2008 |
damien |
Change the way we process EAPOL-Key frames. Free the mbuf in the ieee80211_eapol_key_input() function. Do not assume the frame is contiguous, call m_pullup2() if it is not. We need the frame to be contiguous to process KDEs efficiently in EAPOL-Key frames (just like we process IEs in management frames). However, there are drivers like upgt(4) that use m_devget() in the RX path. m_devget() can return fragmented mbuf chains. Notice that we should do the same m_pullup2() for management frames. This will be done later. Remove the ic_recv_eapol callback.
|
#
1.7 |
|
12-Aug-2008 |
damien |
get rid of the map_ptk()/map_gtk() functions, just inline them which makes things easier to track.
|
#
1.6 |
|
12-Aug-2008 |
damien |
simplify ieee80211_derive_ptk() prototype. pass the AKMP so we can support other key derivation functions in the future.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.5 |
|
02-Aug-2008 |
damien |
print the correct value in a debug message.
|
#
1.4 |
|
02-Aug-2008 |
damien |
Drop frames that are received unencrypted when WEP is on or when WPA is on and RX protection for TA is on. Keep track of the TX/RX protection for each node when WPA is on.
tested by djm@ (ral+wpa), ckuethe@ (ath-noenc) and krw@ (wpi<->ral+wpa). hints from bluhm@ has been in snaps for a few days.
pointed out by bluhm@ something like 1 year ago but we did not have the right infrastructure to fix it properly at that time.
ok deraadt@
|
#
1.3 |
|
27-Jul-2008 |
damien |
s/IEEE80211_DPRINTF/DPRINTF/ automatically prepend __func__ to output.
deobfuscates debug messages a bit. no binary change unless compiled with IEEE80211_DEBUG.
|
#
1.2 |
|
21-Jul-2008 |
damien |
add ieee80211_priv.h file: contains definitions private to net80211. this must not be included by drivers.
|
#
1.1 |
|
21-Jul-2008 |
damien |
move processing of EAPOL frames away from ieee80211_{input,output}.c
|
#
1.36 |
|
12-Nov-2020 |
krw |
Don't enable port or link until all crypto keys are installed by async task(s).
Makes dhclient(8) much happier.
Suggestions and ok stsp@, jmatthew@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.35 |
|
13-Jul-2020 |
stsp |
When a wifi interface acts as a client and the WPA handshake is done, update the WPA group cipher value in interface configuration data.
Code relying in this value will otherwise get the group cipher wrong. One obvious example is ifconfig which now displays the negotiated group cipher rather than always displaying the default value 'ccmp'.
Fixes a regression where athn(4) no longer worked against WPA2 APs which use TKIP as a group cipher for compatibility with WPA1.
Problem reported by Tim Chase.
ok kettenis@
|
#
1.34 |
|
31-May-2020 |
stsp |
Typo in WPA supplicant state machine: RNSA_SUPP_PTKDONE -> RSNA_SUPP_PTKDONE
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.33 |
|
02-Sep-2019 |
stsp |
Make net80211 expose reasons for association failures to userland and have ifconfig display them in 'scan' output and on the ieee80211 status line if the failure is applicable to an already selected AP (e.g. wrong WPA key).
This will hopefully reduce the amount of help requests for what often turn out to be trivial misconfiguration issues that were previously hard to diagnose without debug mode.
ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in sync with the kernel. A full 'make build' will do the right thing!
Very helpful input by mpi@ and deraadt@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.32 |
|
02-Nov-2018 |
stsp |
Remove 'reused group key update received' printfs. These have served no useful purpose in practice; all reported instances were legitimate group key retransmissions by the AP, e.g. after laptop suspend. We fixed KRACK long ago; re-used group key messages are nothing to worry about.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.31 |
|
16-Oct-2017 |
stsp |
Add comments which document already fixed WPA attack vectors.
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.30 |
|
17-Aug-2017 |
stsp |
Add an entry to dmesg if pairwise WPA keys arrive unexpectedly or if WPA group keys are being reused. OpenBSD wireless clients will now leave a trail of such events in their message log.
There has been increased public scrutiny of WPA's security recently, so I am curious to see if anyone is attempting replay attacks in the wild.
ok deraadt
|
#
1.29 |
|
22-Jul-2017 |
stsp |
Fix length checks in EAPOL key frame parsing. Problem reported by Ilja Van Sprundel. ok tb@ kevlo@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.28 |
|
01-Mar-2017 |
stsp |
branches: 1.28.4; Fix some DPRINTFs I just added to ieee80211_pae_input.c. No fnuctional change.
|
#
1.27 |
|
01-Mar-2017 |
stsp |
Fix a bug allowing a man-in-the-middle attack against WPA wireless clients. A malicious AP could trick clients into connecting to the malicious AP instead of the desired AP. All frames would then be sent in the clear. This problem was found and reported by Mathy Vanhoef who also provided an initial patch which we improved together.
|
#
1.26 |
|
02-Feb-2017 |
stsp |
Remove global counters from struct ieee80211com which track the number of associated nodes with particular properties: 11b-only ("non-ERP") nodes, nodes requiring long slot time, nodes using WPA, nodes not supporting 11n, nodes currently dozing in powersave state, and nodes with a pending group key update confirmation.
These counters weren't properly maintained. There are bugs in the stack where these counters and actual node properties got out of sync. This is exposed by panics which are supposed to help us catch such bugs. But these panics don't provide real clues.
Instead of maintaining global counters forcing us to hunt refcounting bugs, count nodes with the property in question on demand, by iterating over all nodes and checking their state. This is cheap since we'll never have more than 100 nodes cached, and none of the cases where we need such information is in a performance critical path.
Prevents panics in hostap mode reported by Lauri Tirkkonen on bugs@ last year (https://marc.info/?l=openbsd-bugs&m=147513817930489&w=2) and also encountered by my 11n APs ("panic: bogus non-HT station count 0").
tested by Lauri, tb@, and myself ok mpi@ tb@
|
Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.25 |
|
15-Jul-2015 |
deraadt |
branches: 1.25.2; 1.25.6; m_freem() can handle NULL, do not check for this condition beforehands. ok stsp mpi
|
#
1.24 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.23 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.22 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.21 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.20 |
|
24-Jul-2014 |
mpi |
Fix debug printf, from Nathanael Rensen and chris@.
|
#
1.19 |
|
22-Jul-2014 |
mpi |
Fewer <netinet/in_systm.h> !
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.18 |
|
04-May-2011 |
blambert |
Collapse m_pullup and m_pullup2 into a single function, as they're essentially identical; the only difference being that m_pullup2 is capable of handling mbuf clusters, but called m_pullup for shorter lengths (!).
testing dlg@ ok claudio@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.17 |
|
06-Feb-2010 |
jcs |
when receiving the first message of an rsn group key handshake packet, copy the key out of it properly.
fixes the problem where only broadcast packets like ipv6 router advertisements were failing decryption and processing, only after a rekey.
ok damien@
|
#
1.16 |
|
23-Nov-2009 |
damien |
how did i manage to forget that file in my last commit?
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.15 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.14 |
|
06-Dec-2008 |
damien |
typo, no binary change.
|
#
1.13 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.12 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.11 |
|
13-Aug-2008 |
damien |
do not increment is_rx_eapol_key twice for each frame. fix a test on the mbuf length and one on the descriptor version. remove redundant checking of GTK KDE length.
|
#
1.10 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
#
1.9 |
|
12-Aug-2008 |
damien |
process IGTK KDEs in EAPOL-Key frames and install integrity group keys if MFP was negotiated with the peer (not possible yet).
|
#
1.8 |
|
12-Aug-2008 |
damien |
Change the way we process EAPOL-Key frames. Free the mbuf in the ieee80211_eapol_key_input() function. Do not assume the frame is contiguous, call m_pullup2() if it is not. We need the frame to be contiguous to process KDEs efficiently in EAPOL-Key frames (just like we process IEs in management frames). However, there are drivers like upgt(4) that use m_devget() in the RX path. m_devget() can return fragmented mbuf chains. Notice that we should do the same m_pullup2() for management frames. This will be done later. Remove the ic_recv_eapol callback.
|
#
1.7 |
|
12-Aug-2008 |
damien |
get rid of the map_ptk()/map_gtk() functions, just inline them which makes things easier to track.
|
#
1.6 |
|
12-Aug-2008 |
damien |
simplify ieee80211_derive_ptk() prototype. pass the AKMP so we can support other key derivation functions in the future.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.5 |
|
02-Aug-2008 |
damien |
print the correct value in a debug message.
|
#
1.4 |
|
02-Aug-2008 |
damien |
Drop frames that are received unencrypted when WEP is on or when WPA is on and RX protection for TA is on. Keep track of the TX/RX protection for each node when WPA is on.
tested by djm@ (ral+wpa), ckuethe@ (ath-noenc) and krw@ (wpi<->ral+wpa). hints from bluhm@ has been in snaps for a few days.
pointed out by bluhm@ something like 1 year ago but we did not have the right infrastructure to fix it properly at that time.
ok deraadt@
|
#
1.3 |
|
27-Jul-2008 |
damien |
s/IEEE80211_DPRINTF/DPRINTF/ automatically prepend __func__ to output.
deobfuscates debug messages a bit. no binary change unless compiled with IEEE80211_DEBUG.
|
#
1.2 |
|
21-Jul-2008 |
damien |
add ieee80211_priv.h file: contains definitions private to net80211. this must not be included by drivers.
|
#
1.1 |
|
21-Jul-2008 |
damien |
move processing of EAPOL frames away from ieee80211_{input,output}.c
|
#
1.35 |
|
13-Jul-2020 |
stsp |
When a wifi interface acts as a client and the WPA handshake is done, update the WPA group cipher value in interface configuration data.
Code relying in this value will otherwise get the group cipher wrong. One obvious example is ifconfig which now displays the negotiated group cipher rather than always displaying the default value 'ccmp'.
Fixes a regression where athn(4) no longer worked against WPA2 APs which use TKIP as a group cipher for compatibility with WPA1.
Problem reported by Tim Chase.
ok kettenis@
|
#
1.34 |
|
31-May-2020 |
stsp |
Typo in WPA supplicant state machine: RNSA_SUPP_PTKDONE -> RSNA_SUPP_PTKDONE
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.33 |
|
02-Sep-2019 |
stsp |
Make net80211 expose reasons for association failures to userland and have ifconfig display them in 'scan' output and on the ieee80211 status line if the failure is applicable to an already selected AP (e.g. wrong WPA key).
This will hopefully reduce the amount of help requests for what often turn out to be trivial misconfiguration issues that were previously hard to diagnose without debug mode.
ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in sync with the kernel. A full 'make build' will do the right thing!
Very helpful input by mpi@ and deraadt@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.32 |
|
02-Nov-2018 |
stsp |
Remove 'reused group key update received' printfs. These have served no useful purpose in practice; all reported instances were legitimate group key retransmissions by the AP, e.g. after laptop suspend. We fixed KRACK long ago; re-used group key messages are nothing to worry about.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.31 |
|
16-Oct-2017 |
stsp |
Add comments which document already fixed WPA attack vectors.
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.30 |
|
17-Aug-2017 |
stsp |
Add an entry to dmesg if pairwise WPA keys arrive unexpectedly or if WPA group keys are being reused. OpenBSD wireless clients will now leave a trail of such events in their message log.
There has been increased public scrutiny of WPA's security recently, so I am curious to see if anyone is attempting replay attacks in the wild.
ok deraadt
|
#
1.29 |
|
22-Jul-2017 |
stsp |
Fix length checks in EAPOL key frame parsing. Problem reported by Ilja Van Sprundel. ok tb@ kevlo@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.28 |
|
01-Mar-2017 |
stsp |
branches: 1.28.4; Fix some DPRINTFs I just added to ieee80211_pae_input.c. No fnuctional change.
|
#
1.27 |
|
01-Mar-2017 |
stsp |
Fix a bug allowing a man-in-the-middle attack against WPA wireless clients. A malicious AP could trick clients into connecting to the malicious AP instead of the desired AP. All frames would then be sent in the clear. This problem was found and reported by Mathy Vanhoef who also provided an initial patch which we improved together.
|
#
1.26 |
|
02-Feb-2017 |
stsp |
Remove global counters from struct ieee80211com which track the number of associated nodes with particular properties: 11b-only ("non-ERP") nodes, nodes requiring long slot time, nodes using WPA, nodes not supporting 11n, nodes currently dozing in powersave state, and nodes with a pending group key update confirmation.
These counters weren't properly maintained. There are bugs in the stack where these counters and actual node properties got out of sync. This is exposed by panics which are supposed to help us catch such bugs. But these panics don't provide real clues.
Instead of maintaining global counters forcing us to hunt refcounting bugs, count nodes with the property in question on demand, by iterating over all nodes and checking their state. This is cheap since we'll never have more than 100 nodes cached, and none of the cases where we need such information is in a performance critical path.
Prevents panics in hostap mode reported by Lauri Tirkkonen on bugs@ last year (https://marc.info/?l=openbsd-bugs&m=147513817930489&w=2) and also encountered by my 11n APs ("panic: bogus non-HT station count 0").
tested by Lauri, tb@, and myself ok mpi@ tb@
|
Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.25 |
|
15-Jul-2015 |
deraadt |
branches: 1.25.2; 1.25.6; m_freem() can handle NULL, do not check for this condition beforehands. ok stsp mpi
|
#
1.24 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.23 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.22 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.21 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.20 |
|
24-Jul-2014 |
mpi |
Fix debug printf, from Nathanael Rensen and chris@.
|
#
1.19 |
|
22-Jul-2014 |
mpi |
Fewer <netinet/in_systm.h> !
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.18 |
|
04-May-2011 |
blambert |
Collapse m_pullup and m_pullup2 into a single function, as they're essentially identical; the only difference being that m_pullup2 is capable of handling mbuf clusters, but called m_pullup for shorter lengths (!).
testing dlg@ ok claudio@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.17 |
|
06-Feb-2010 |
jcs |
when receiving the first message of an rsn group key handshake packet, copy the key out of it properly.
fixes the problem where only broadcast packets like ipv6 router advertisements were failing decryption and processing, only after a rekey.
ok damien@
|
#
1.16 |
|
23-Nov-2009 |
damien |
how did i manage to forget that file in my last commit?
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.15 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.14 |
|
06-Dec-2008 |
damien |
typo, no binary change.
|
#
1.13 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.12 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.11 |
|
13-Aug-2008 |
damien |
do not increment is_rx_eapol_key twice for each frame. fix a test on the mbuf length and one on the descriptor version. remove redundant checking of GTK KDE length.
|
#
1.10 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
#
1.9 |
|
12-Aug-2008 |
damien |
process IGTK KDEs in EAPOL-Key frames and install integrity group keys if MFP was negotiated with the peer (not possible yet).
|
#
1.8 |
|
12-Aug-2008 |
damien |
Change the way we process EAPOL-Key frames. Free the mbuf in the ieee80211_eapol_key_input() function. Do not assume the frame is contiguous, call m_pullup2() if it is not. We need the frame to be contiguous to process KDEs efficiently in EAPOL-Key frames (just like we process IEs in management frames). However, there are drivers like upgt(4) that use m_devget() in the RX path. m_devget() can return fragmented mbuf chains. Notice that we should do the same m_pullup2() for management frames. This will be done later. Remove the ic_recv_eapol callback.
|
#
1.7 |
|
12-Aug-2008 |
damien |
get rid of the map_ptk()/map_gtk() functions, just inline them which makes things easier to track.
|
#
1.6 |
|
12-Aug-2008 |
damien |
simplify ieee80211_derive_ptk() prototype. pass the AKMP so we can support other key derivation functions in the future.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.5 |
|
02-Aug-2008 |
damien |
print the correct value in a debug message.
|
#
1.4 |
|
02-Aug-2008 |
damien |
Drop frames that are received unencrypted when WEP is on or when WPA is on and RX protection for TA is on. Keep track of the TX/RX protection for each node when WPA is on.
tested by djm@ (ral+wpa), ckuethe@ (ath-noenc) and krw@ (wpi<->ral+wpa). hints from bluhm@ has been in snaps for a few days.
pointed out by bluhm@ something like 1 year ago but we did not have the right infrastructure to fix it properly at that time.
ok deraadt@
|
#
1.3 |
|
27-Jul-2008 |
damien |
s/IEEE80211_DPRINTF/DPRINTF/ automatically prepend __func__ to output.
deobfuscates debug messages a bit. no binary change unless compiled with IEEE80211_DEBUG.
|
#
1.2 |
|
21-Jul-2008 |
damien |
add ieee80211_priv.h file: contains definitions private to net80211. this must not be included by drivers.
|
#
1.1 |
|
21-Jul-2008 |
damien |
move processing of EAPOL frames away from ieee80211_{input,output}.c
|
#
1.34 |
|
31-May-2020 |
stsp |
Typo in WPA supplicant state machine: RNSA_SUPP_PTKDONE -> RSNA_SUPP_PTKDONE
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.33 |
|
02-Sep-2019 |
stsp |
Make net80211 expose reasons for association failures to userland and have ifconfig display them in 'scan' output and on the ieee80211 status line if the failure is applicable to an already selected AP (e.g. wrong WPA key).
This will hopefully reduce the amount of help requests for what often turn out to be trivial misconfiguration issues that were previously hard to diagnose without debug mode.
ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in sync with the kernel. A full 'make build' will do the right thing!
Very helpful input by mpi@ and deraadt@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.32 |
|
02-Nov-2018 |
stsp |
Remove 'reused group key update received' printfs. These have served no useful purpose in practice; all reported instances were legitimate group key retransmissions by the AP, e.g. after laptop suspend. We fixed KRACK long ago; re-used group key messages are nothing to worry about.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.31 |
|
16-Oct-2017 |
stsp |
Add comments which document already fixed WPA attack vectors.
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.30 |
|
17-Aug-2017 |
stsp |
Add an entry to dmesg if pairwise WPA keys arrive unexpectedly or if WPA group keys are being reused. OpenBSD wireless clients will now leave a trail of such events in their message log.
There has been increased public scrutiny of WPA's security recently, so I am curious to see if anyone is attempting replay attacks in the wild.
ok deraadt
|
#
1.29 |
|
22-Jul-2017 |
stsp |
Fix length checks in EAPOL key frame parsing. Problem reported by Ilja Van Sprundel. ok tb@ kevlo@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.28 |
|
01-Mar-2017 |
stsp |
branches: 1.28.4; Fix some DPRINTFs I just added to ieee80211_pae_input.c. No fnuctional change.
|
#
1.27 |
|
01-Mar-2017 |
stsp |
Fix a bug allowing a man-in-the-middle attack against WPA wireless clients. A malicious AP could trick clients into connecting to the malicious AP instead of the desired AP. All frames would then be sent in the clear. This problem was found and reported by Mathy Vanhoef who also provided an initial patch which we improved together.
|
#
1.26 |
|
02-Feb-2017 |
stsp |
Remove global counters from struct ieee80211com which track the number of associated nodes with particular properties: 11b-only ("non-ERP") nodes, nodes requiring long slot time, nodes using WPA, nodes not supporting 11n, nodes currently dozing in powersave state, and nodes with a pending group key update confirmation.
These counters weren't properly maintained. There are bugs in the stack where these counters and actual node properties got out of sync. This is exposed by panics which are supposed to help us catch such bugs. But these panics don't provide real clues.
Instead of maintaining global counters forcing us to hunt refcounting bugs, count nodes with the property in question on demand, by iterating over all nodes and checking their state. This is cheap since we'll never have more than 100 nodes cached, and none of the cases where we need such information is in a performance critical path.
Prevents panics in hostap mode reported by Lauri Tirkkonen on bugs@ last year (https://marc.info/?l=openbsd-bugs&m=147513817930489&w=2) and also encountered by my 11n APs ("panic: bogus non-HT station count 0").
tested by Lauri, tb@, and myself ok mpi@ tb@
|
Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.25 |
|
15-Jul-2015 |
deraadt |
branches: 1.25.2; 1.25.6; m_freem() can handle NULL, do not check for this condition beforehands. ok stsp mpi
|
#
1.24 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.23 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.22 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.21 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.20 |
|
24-Jul-2014 |
mpi |
Fix debug printf, from Nathanael Rensen and chris@.
|
#
1.19 |
|
22-Jul-2014 |
mpi |
Fewer <netinet/in_systm.h> !
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.18 |
|
04-May-2011 |
blambert |
Collapse m_pullup and m_pullup2 into a single function, as they're essentially identical; the only difference being that m_pullup2 is capable of handling mbuf clusters, but called m_pullup for shorter lengths (!).
testing dlg@ ok claudio@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.17 |
|
06-Feb-2010 |
jcs |
when receiving the first message of an rsn group key handshake packet, copy the key out of it properly.
fixes the problem where only broadcast packets like ipv6 router advertisements were failing decryption and processing, only after a rekey.
ok damien@
|
#
1.16 |
|
23-Nov-2009 |
damien |
how did i manage to forget that file in my last commit?
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.15 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.14 |
|
06-Dec-2008 |
damien |
typo, no binary change.
|
#
1.13 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.12 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.11 |
|
13-Aug-2008 |
damien |
do not increment is_rx_eapol_key twice for each frame. fix a test on the mbuf length and one on the descriptor version. remove redundant checking of GTK KDE length.
|
#
1.10 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
#
1.9 |
|
12-Aug-2008 |
damien |
process IGTK KDEs in EAPOL-Key frames and install integrity group keys if MFP was negotiated with the peer (not possible yet).
|
#
1.8 |
|
12-Aug-2008 |
damien |
Change the way we process EAPOL-Key frames. Free the mbuf in the ieee80211_eapol_key_input() function. Do not assume the frame is contiguous, call m_pullup2() if it is not. We need the frame to be contiguous to process KDEs efficiently in EAPOL-Key frames (just like we process IEs in management frames). However, there are drivers like upgt(4) that use m_devget() in the RX path. m_devget() can return fragmented mbuf chains. Notice that we should do the same m_pullup2() for management frames. This will be done later. Remove the ic_recv_eapol callback.
|
#
1.7 |
|
12-Aug-2008 |
damien |
get rid of the map_ptk()/map_gtk() functions, just inline them which makes things easier to track.
|
#
1.6 |
|
12-Aug-2008 |
damien |
simplify ieee80211_derive_ptk() prototype. pass the AKMP so we can support other key derivation functions in the future.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.5 |
|
02-Aug-2008 |
damien |
print the correct value in a debug message.
|
#
1.4 |
|
02-Aug-2008 |
damien |
Drop frames that are received unencrypted when WEP is on or when WPA is on and RX protection for TA is on. Keep track of the TX/RX protection for each node when WPA is on.
tested by djm@ (ral+wpa), ckuethe@ (ath-noenc) and krw@ (wpi<->ral+wpa). hints from bluhm@ has been in snaps for a few days.
pointed out by bluhm@ something like 1 year ago but we did not have the right infrastructure to fix it properly at that time.
ok deraadt@
|
#
1.3 |
|
27-Jul-2008 |
damien |
s/IEEE80211_DPRINTF/DPRINTF/ automatically prepend __func__ to output.
deobfuscates debug messages a bit. no binary change unless compiled with IEEE80211_DEBUG.
|
#
1.2 |
|
21-Jul-2008 |
damien |
add ieee80211_priv.h file: contains definitions private to net80211. this must not be included by drivers.
|
#
1.1 |
|
21-Jul-2008 |
damien |
move processing of EAPOL frames away from ieee80211_{input,output}.c
|
#
1.33 |
|
02-Sep-2019 |
stsp |
Make net80211 expose reasons for association failures to userland and have ifconfig display them in 'scan' output and on the ieee80211 status line if the failure is applicable to an already selected AP (e.g. wrong WPA key).
This will hopefully reduce the amount of help requests for what often turn out to be trivial misconfiguration issues that were previously hard to diagnose without debug mode.
ifconfig must be recompiled with the new ieee80211_ioctl.h to stay in sync with the kernel. A full 'make build' will do the right thing!
Very helpful input by mpi@ and deraadt@
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.32 |
|
02-Nov-2018 |
stsp |
Remove 'reused group key update received' printfs. These have served no useful purpose in practice; all reported instances were legitimate group key retransmissions by the AP, e.g. after laptop suspend. We fixed KRACK long ago; re-used group key messages are nothing to worry about.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.31 |
|
16-Oct-2017 |
stsp |
Add comments which document already fixed WPA attack vectors.
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.30 |
|
17-Aug-2017 |
stsp |
Add an entry to dmesg if pairwise WPA keys arrive unexpectedly or if WPA group keys are being reused. OpenBSD wireless clients will now leave a trail of such events in their message log.
There has been increased public scrutiny of WPA's security recently, so I am curious to see if anyone is attempting replay attacks in the wild.
ok deraadt
|
#
1.29 |
|
22-Jul-2017 |
stsp |
Fix length checks in EAPOL key frame parsing. Problem reported by Ilja Van Sprundel. ok tb@ kevlo@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.28 |
|
01-Mar-2017 |
stsp |
branches: 1.28.4; Fix some DPRINTFs I just added to ieee80211_pae_input.c. No fnuctional change.
|
#
1.27 |
|
01-Mar-2017 |
stsp |
Fix a bug allowing a man-in-the-middle attack against WPA wireless clients. A malicious AP could trick clients into connecting to the malicious AP instead of the desired AP. All frames would then be sent in the clear. This problem was found and reported by Mathy Vanhoef who also provided an initial patch which we improved together.
|
#
1.26 |
|
02-Feb-2017 |
stsp |
Remove global counters from struct ieee80211com which track the number of associated nodes with particular properties: 11b-only ("non-ERP") nodes, nodes requiring long slot time, nodes using WPA, nodes not supporting 11n, nodes currently dozing in powersave state, and nodes with a pending group key update confirmation.
These counters weren't properly maintained. There are bugs in the stack where these counters and actual node properties got out of sync. This is exposed by panics which are supposed to help us catch such bugs. But these panics don't provide real clues.
Instead of maintaining global counters forcing us to hunt refcounting bugs, count nodes with the property in question on demand, by iterating over all nodes and checking their state. This is cheap since we'll never have more than 100 nodes cached, and none of the cases where we need such information is in a performance critical path.
Prevents panics in hostap mode reported by Lauri Tirkkonen on bugs@ last year (https://marc.info/?l=openbsd-bugs&m=147513817930489&w=2) and also encountered by my 11n APs ("panic: bogus non-HT station count 0").
tested by Lauri, tb@, and myself ok mpi@ tb@
|
Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.25 |
|
15-Jul-2015 |
deraadt |
branches: 1.25.2; 1.25.6; m_freem() can handle NULL, do not check for this condition beforehands. ok stsp mpi
|
#
1.24 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.23 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.22 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.21 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.20 |
|
24-Jul-2014 |
mpi |
Fix debug printf, from Nathanael Rensen and chris@.
|
#
1.19 |
|
22-Jul-2014 |
mpi |
Fewer <netinet/in_systm.h> !
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.18 |
|
04-May-2011 |
blambert |
Collapse m_pullup and m_pullup2 into a single function, as they're essentially identical; the only difference being that m_pullup2 is capable of handling mbuf clusters, but called m_pullup for shorter lengths (!).
testing dlg@ ok claudio@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.17 |
|
06-Feb-2010 |
jcs |
when receiving the first message of an rsn group key handshake packet, copy the key out of it properly.
fixes the problem where only broadcast packets like ipv6 router advertisements were failing decryption and processing, only after a rekey.
ok damien@
|
#
1.16 |
|
23-Nov-2009 |
damien |
how did i manage to forget that file in my last commit?
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.15 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.14 |
|
06-Dec-2008 |
damien |
typo, no binary change.
|
#
1.13 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.12 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.11 |
|
13-Aug-2008 |
damien |
do not increment is_rx_eapol_key twice for each frame. fix a test on the mbuf length and one on the descriptor version. remove redundant checking of GTK KDE length.
|
#
1.10 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
#
1.9 |
|
12-Aug-2008 |
damien |
process IGTK KDEs in EAPOL-Key frames and install integrity group keys if MFP was negotiated with the peer (not possible yet).
|
#
1.8 |
|
12-Aug-2008 |
damien |
Change the way we process EAPOL-Key frames. Free the mbuf in the ieee80211_eapol_key_input() function. Do not assume the frame is contiguous, call m_pullup2() if it is not. We need the frame to be contiguous to process KDEs efficiently in EAPOL-Key frames (just like we process IEs in management frames). However, there are drivers like upgt(4) that use m_devget() in the RX path. m_devget() can return fragmented mbuf chains. Notice that we should do the same m_pullup2() for management frames. This will be done later. Remove the ic_recv_eapol callback.
|
#
1.7 |
|
12-Aug-2008 |
damien |
get rid of the map_ptk()/map_gtk() functions, just inline them which makes things easier to track.
|
#
1.6 |
|
12-Aug-2008 |
damien |
simplify ieee80211_derive_ptk() prototype. pass the AKMP so we can support other key derivation functions in the future.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.5 |
|
02-Aug-2008 |
damien |
print the correct value in a debug message.
|
#
1.4 |
|
02-Aug-2008 |
damien |
Drop frames that are received unencrypted when WEP is on or when WPA is on and RX protection for TA is on. Keep track of the TX/RX protection for each node when WPA is on.
tested by djm@ (ral+wpa), ckuethe@ (ath-noenc) and krw@ (wpi<->ral+wpa). hints from bluhm@ has been in snaps for a few days.
pointed out by bluhm@ something like 1 year ago but we did not have the right infrastructure to fix it properly at that time.
ok deraadt@
|
#
1.3 |
|
27-Jul-2008 |
damien |
s/IEEE80211_DPRINTF/DPRINTF/ automatically prepend __func__ to output.
deobfuscates debug messages a bit. no binary change unless compiled with IEEE80211_DEBUG.
|
#
1.2 |
|
21-Jul-2008 |
damien |
add ieee80211_priv.h file: contains definitions private to net80211. this must not be included by drivers.
|
#
1.1 |
|
21-Jul-2008 |
damien |
move processing of EAPOL frames away from ieee80211_{input,output}.c
|
#
1.32 |
|
02-Nov-2018 |
stsp |
Remove 'reused group key update received' printfs. These have served no useful purpose in practice; all reported instances were legitimate group key retransmissions by the AP, e.g. after laptop suspend. We fixed KRACK long ago; re-used group key messages are nothing to worry about.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.31 |
|
16-Oct-2017 |
stsp |
Add comments which document already fixed WPA attack vectors.
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.30 |
|
17-Aug-2017 |
stsp |
Add an entry to dmesg if pairwise WPA keys arrive unexpectedly or if WPA group keys are being reused. OpenBSD wireless clients will now leave a trail of such events in their message log.
There has been increased public scrutiny of WPA's security recently, so I am curious to see if anyone is attempting replay attacks in the wild.
ok deraadt
|
#
1.29 |
|
22-Jul-2017 |
stsp |
Fix length checks in EAPOL key frame parsing. Problem reported by Ilja Van Sprundel. ok tb@ kevlo@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.28 |
|
01-Mar-2017 |
stsp |
branches: 1.28.4; Fix some DPRINTFs I just added to ieee80211_pae_input.c. No fnuctional change.
|
#
1.27 |
|
01-Mar-2017 |
stsp |
Fix a bug allowing a man-in-the-middle attack against WPA wireless clients. A malicious AP could trick clients into connecting to the malicious AP instead of the desired AP. All frames would then be sent in the clear. This problem was found and reported by Mathy Vanhoef who also provided an initial patch which we improved together.
|
#
1.26 |
|
02-Feb-2017 |
stsp |
Remove global counters from struct ieee80211com which track the number of associated nodes with particular properties: 11b-only ("non-ERP") nodes, nodes requiring long slot time, nodes using WPA, nodes not supporting 11n, nodes currently dozing in powersave state, and nodes with a pending group key update confirmation.
These counters weren't properly maintained. There are bugs in the stack where these counters and actual node properties got out of sync. This is exposed by panics which are supposed to help us catch such bugs. But these panics don't provide real clues.
Instead of maintaining global counters forcing us to hunt refcounting bugs, count nodes with the property in question on demand, by iterating over all nodes and checking their state. This is cheap since we'll never have more than 100 nodes cached, and none of the cases where we need such information is in a performance critical path.
Prevents panics in hostap mode reported by Lauri Tirkkonen on bugs@ last year (https://marc.info/?l=openbsd-bugs&m=147513817930489&w=2) and also encountered by my 11n APs ("panic: bogus non-HT station count 0").
tested by Lauri, tb@, and myself ok mpi@ tb@
|
Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.25 |
|
15-Jul-2015 |
deraadt |
branches: 1.25.2; 1.25.6; m_freem() can handle NULL, do not check for this condition beforehands. ok stsp mpi
|
#
1.24 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.23 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.22 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.21 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.20 |
|
24-Jul-2014 |
mpi |
Fix debug printf, from Nathanael Rensen and chris@.
|
#
1.19 |
|
22-Jul-2014 |
mpi |
Fewer <netinet/in_systm.h> !
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.18 |
|
04-May-2011 |
blambert |
Collapse m_pullup and m_pullup2 into a single function, as they're essentially identical; the only difference being that m_pullup2 is capable of handling mbuf clusters, but called m_pullup for shorter lengths (!).
testing dlg@ ok claudio@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.17 |
|
06-Feb-2010 |
jcs |
when receiving the first message of an rsn group key handshake packet, copy the key out of it properly.
fixes the problem where only broadcast packets like ipv6 router advertisements were failing decryption and processing, only after a rekey.
ok damien@
|
#
1.16 |
|
23-Nov-2009 |
damien |
how did i manage to forget that file in my last commit?
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.15 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.14 |
|
06-Dec-2008 |
damien |
typo, no binary change.
|
#
1.13 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.12 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.11 |
|
13-Aug-2008 |
damien |
do not increment is_rx_eapol_key twice for each frame. fix a test on the mbuf length and one on the descriptor version. remove redundant checking of GTK KDE length.
|
#
1.10 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
#
1.9 |
|
12-Aug-2008 |
damien |
process IGTK KDEs in EAPOL-Key frames and install integrity group keys if MFP was negotiated with the peer (not possible yet).
|
#
1.8 |
|
12-Aug-2008 |
damien |
Change the way we process EAPOL-Key frames. Free the mbuf in the ieee80211_eapol_key_input() function. Do not assume the frame is contiguous, call m_pullup2() if it is not. We need the frame to be contiguous to process KDEs efficiently in EAPOL-Key frames (just like we process IEs in management frames). However, there are drivers like upgt(4) that use m_devget() in the RX path. m_devget() can return fragmented mbuf chains. Notice that we should do the same m_pullup2() for management frames. This will be done later. Remove the ic_recv_eapol callback.
|
#
1.7 |
|
12-Aug-2008 |
damien |
get rid of the map_ptk()/map_gtk() functions, just inline them which makes things easier to track.
|
#
1.6 |
|
12-Aug-2008 |
damien |
simplify ieee80211_derive_ptk() prototype. pass the AKMP so we can support other key derivation functions in the future.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.5 |
|
02-Aug-2008 |
damien |
print the correct value in a debug message.
|
#
1.4 |
|
02-Aug-2008 |
damien |
Drop frames that are received unencrypted when WEP is on or when WPA is on and RX protection for TA is on. Keep track of the TX/RX protection for each node when WPA is on.
tested by djm@ (ral+wpa), ckuethe@ (ath-noenc) and krw@ (wpi<->ral+wpa). hints from bluhm@ has been in snaps for a few days.
pointed out by bluhm@ something like 1 year ago but we did not have the right infrastructure to fix it properly at that time.
ok deraadt@
|
#
1.3 |
|
27-Jul-2008 |
damien |
s/IEEE80211_DPRINTF/DPRINTF/ automatically prepend __func__ to output.
deobfuscates debug messages a bit. no binary change unless compiled with IEEE80211_DEBUG.
|
#
1.2 |
|
21-Jul-2008 |
damien |
add ieee80211_priv.h file: contains definitions private to net80211. this must not be included by drivers.
|
#
1.1 |
|
21-Jul-2008 |
damien |
move processing of EAPOL frames away from ieee80211_{input,output}.c
|
#
1.31 |
|
16-Oct-2017 |
stsp |
Add comments which document already fixed WPA attack vectors.
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.30 |
|
17-Aug-2017 |
stsp |
Add an entry to dmesg if pairwise WPA keys arrive unexpectedly or if WPA group keys are being reused. OpenBSD wireless clients will now leave a trail of such events in their message log.
There has been increased public scrutiny of WPA's security recently, so I am curious to see if anyone is attempting replay attacks in the wild.
ok deraadt
|
#
1.29 |
|
22-Jul-2017 |
stsp |
Fix length checks in EAPOL key frame parsing. Problem reported by Ilja Van Sprundel. ok tb@ kevlo@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.28 |
|
01-Mar-2017 |
stsp |
branches: 1.28.4; Fix some DPRINTFs I just added to ieee80211_pae_input.c. No fnuctional change.
|
#
1.27 |
|
01-Mar-2017 |
stsp |
Fix a bug allowing a man-in-the-middle attack against WPA wireless clients. A malicious AP could trick clients into connecting to the malicious AP instead of the desired AP. All frames would then be sent in the clear. This problem was found and reported by Mathy Vanhoef who also provided an initial patch which we improved together.
|
#
1.26 |
|
02-Feb-2017 |
stsp |
Remove global counters from struct ieee80211com which track the number of associated nodes with particular properties: 11b-only ("non-ERP") nodes, nodes requiring long slot time, nodes using WPA, nodes not supporting 11n, nodes currently dozing in powersave state, and nodes with a pending group key update confirmation.
These counters weren't properly maintained. There are bugs in the stack where these counters and actual node properties got out of sync. This is exposed by panics which are supposed to help us catch such bugs. But these panics don't provide real clues.
Instead of maintaining global counters forcing us to hunt refcounting bugs, count nodes with the property in question on demand, by iterating over all nodes and checking their state. This is cheap since we'll never have more than 100 nodes cached, and none of the cases where we need such information is in a performance critical path.
Prevents panics in hostap mode reported by Lauri Tirkkonen on bugs@ last year (https://marc.info/?l=openbsd-bugs&m=147513817930489&w=2) and also encountered by my 11n APs ("panic: bogus non-HT station count 0").
tested by Lauri, tb@, and myself ok mpi@ tb@
|
Revision tags: OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.25 |
|
15-Jul-2015 |
deraadt |
branches: 1.25.2; 1.25.6; m_freem() can handle NULL, do not check for this condition beforehands. ok stsp mpi
|
#
1.24 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.23 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
#
1.22 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.21 |
|
14-Sep-2014 |
jsg |
remove uneeded proc.h includes ok mpi@ kspillner@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.20 |
|
24-Jul-2014 |
mpi |
Fix debug printf, from Nathanael Rensen and chris@.
|
#
1.19 |
|
22-Jul-2014 |
mpi |
Fewer <netinet/in_systm.h> !
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE
|
#
1.18 |
|
04-May-2011 |
blambert |
Collapse m_pullup and m_pullup2 into a single function, as they're essentially identical; the only difference being that m_pullup2 is capable of handling mbuf clusters, but called m_pullup for shorter lengths (!).
testing dlg@ ok claudio@
|
Revision tags: OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.17 |
|
06-Feb-2010 |
jcs |
when receiving the first message of an rsn group key handshake packet, copy the key out of it properly.
fixes the problem where only broadcast packets like ipv6 router advertisements were failing decryption and processing, only after a rekey.
ok damien@
|
#
1.16 |
|
23-Nov-2009 |
damien |
how did i manage to forget that file in my last commit?
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.15 |
|
26-Jan-2009 |
damien |
Add some initial HT bits (not enabled yet) based on 802.11n Draft 7.01: - implement A-MPDU frames buffering and reordering - implement A-MSDU decapsulation - process/send ADDBA Request, ADDBA Response and DELBA action frames - process Block Ack Request control frames (including MTBAR) - implement PBAC support (Protected Block Ack) - add some incomplete HT Capabilities and HT Operation IEs parsing
Add more Management Frame Protection bits based on 802.11w Draft 7.0: - implement SA Query procedure (both AP and STA) - cleanup BIP
Fix some bugs: - fix check for WEP key length that otherwise caused a stack smash in ieee80211_wep_encrypt (pointed out by Xavier Santolaria on macppc) - properly stop EAPOL timeout: fixes a panic that occured in HostAP mode when turning the interface down while a 4-way handshake is in progress (pointed out by Doughertys)
Did some code cleanup too.
The HT bits are currently not compiled in (IEEE80211_NO_HT is defined) because they won't be ready until after the next release and I didn't want to grow the kernel or to inadvertently introduce new bugs. They are here such that other people can look at the code. Notice that I had to add an extra parameter to ic_send_mgmt() for action frames, that is why there are small changes in drivers defining their own ic_send_mgmt() handler.
Sorry for the not very incremental diff but this has been sitting in my tree for too long now.
|
#
1.14 |
|
06-Dec-2008 |
damien |
typo, no binary change.
|
#
1.13 |
|
27-Sep-2008 |
damien |
Initial implementation of PMKSA caching and pre-authentication. This will be required for future WPA-Enterprise support (802.1X). Add ieee80211_needs_auth() function (not implemented yet) to notify the userland 802.1X PACP machine when an 802.1X port becomes enabled (that is after successfull 802.11 Open System authentication). Add SIOCS80211KEYRUN and SIOCS80211KEYAVAIL ioctls so that the PACP state machine can kick the 802.11 key state machine and install PMKs obtained from 802.1X (pre-)authentication.
Enable SHA-256 based AKMPs by default while I'm here (TGw). This uses SHA-256 for key-derivation (instead of SHA1), AES-128-CMAC for data integrity, and AES Key Wrap for data protection of EAPOL-Key frames. An OpenBSD AP will always advertise this capability and an OpenBSD STA will always prefer SHA-256 based AKMPs over SHA1 based ones if both are supported by an AP.
|
#
1.12 |
|
27-Aug-2008 |
damien |
introduce new IEEE80211_STA_ONLY kernel option that can be set to remove IBSS and HostAP support from net80211 and 802.11 drivers. it can be used to shrink RAMDISK kernels for instance (like what was done for wi(4)). it also has the benefit of highlighting what is specific to IBSS and HostAP modes in the code. the cost is that we now have two code paths to maintain.
|
#
1.11 |
|
13-Aug-2008 |
damien |
do not increment is_rx_eapol_key twice for each frame. fix a test on the mbuf length and one on the descriptor version. remove redundant checking of GTK KDE length.
|
#
1.10 |
|
12-Aug-2008 |
damien |
new SHA-256 based AKMPs.
|
#
1.9 |
|
12-Aug-2008 |
damien |
process IGTK KDEs in EAPOL-Key frames and install integrity group keys if MFP was negotiated with the peer (not possible yet).
|
#
1.8 |
|
12-Aug-2008 |
damien |
Change the way we process EAPOL-Key frames. Free the mbuf in the ieee80211_eapol_key_input() function. Do not assume the frame is contiguous, call m_pullup2() if it is not. We need the frame to be contiguous to process KDEs efficiently in EAPOL-Key frames (just like we process IEs in management frames). However, there are drivers like upgt(4) that use m_devget() in the RX path. m_devget() can return fragmented mbuf chains. Notice that we should do the same m_pullup2() for management frames. This will be done later. Remove the ic_recv_eapol callback.
|
#
1.7 |
|
12-Aug-2008 |
damien |
get rid of the map_ptk()/map_gtk() functions, just inline them which makes things easier to track.
|
#
1.6 |
|
12-Aug-2008 |
damien |
simplify ieee80211_derive_ptk() prototype. pass the AKMP so we can support other key derivation functions in the future.
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.5 |
|
02-Aug-2008 |
damien |
print the correct value in a debug message.
|
#
1.4 |
|
02-Aug-2008 |
damien |
Drop frames that are received unencrypted when WEP is on or when WPA is on and RX protection for TA is on. Keep track of the TX/RX protection for each node when WPA is on.
tested by djm@ (ral+wpa), ckuethe@ (ath-noenc) and krw@ (wpi<->ral+wpa). hints from bluhm@ has been in snaps for a few days.
pointed out by bluhm@ something like 1 year ago but we did not have the right infrastructure to fix it properly at that time.
ok deraadt@
|
#
1.3 |
|
27-Jul-2008 |
damien |
s/IEEE80211_DPRINTF/DPRINTF/ automatically prepend __func__ to output.
deobfuscates debug messages a bit. no binary change unless compiled with IEEE80211_DEBUG.
|
#
1.2 |
|
21-Jul-2008 |
damien |
add ieee80211_priv.h file: contains definitions private to net80211. this must not be included by drivers.
|
#
1.1 |
|
21-Jul-2008 |
damien |
move processing of EAPOL frames away from ieee80211_{input,output}.c
|