Andrew Zaborowski
721be04f95
eapol: Pass actual PTK size to crypto_derive_pairwise_ptk()
...
It doesn't matter for crypto_derive_pairwise_ptk in non-SHA256 mode
but in the FT PTK derivation function, as well as in SHA256 mode all
bytes of the output do actually change with the PTK size.
2016-10-04 14:10:23 -05:00
Denis Kenzior
db8794460f
eapol: Remove io argument from eapol_start
2016-09-13 17:37:13 -05:00
Denis Kenzior
9fde037b8f
eapol: Add eapol_sm_set_event_func
2016-09-13 13:30:54 -05:00
Denis Kenzior
baf72d7f86
eapol: Move to a single PAE socket
...
We used to open a socket for each wireless interface. This patch uses a
single socket with an attached BPF to handle all EAPoL traffic via a
single file descriptor.
2016-09-12 10:02:04 -05:00
Andrew Zaborowski
1b1bf3cf65
eapol: On EAP success save the second 256 bits of MSK
2016-09-06 14:07:35 -05:00
Denis Kenzior
bcfaad2b62
eapol: Make EAP packets use sm->protocol_version
...
Instead of hard-coding the EAPoL version to 2004 for all EAP packets,
use the version from eapol_sm.
2016-08-10 16:37:39 -05:00
Denis Kenzior
abc44fe98a
eapol: Use switch-case instead of if
...
The if statement was shorter, but a bit less readable.
2016-08-10 16:36:14 -05:00
Denis Kenzior
34a537652a
eapol: Store protocol version in eapol_sm
...
Instead of one global protocol_version, we now store it inside eapol_sm.
This allows us to use the same protocol version for our response as the
request from the authenticator.
For unit tests where we had protocol version mismatches, a new method is
introduced to explicitly set the protocol version to use.
2016-08-10 16:32:45 -05:00
Denis Kenzior
169222fb96
eapol: warn if state machine list isn't empty
2016-07-20 15:34:21 -05:00
Denis Kenzior
943acddb49
eapol: Refactor eapol tx path
2016-06-28 18:45:49 -05:00
Denis Kenzior
efe5bed7c5
netdev: Move eapol_read to eapol.c
2016-06-28 18:18:47 -05:00
Denis Kenzior
b6d651dda8
eapol: Move eapol_start
2016-06-28 17:26:03 -05:00
Denis Kenzior
e059ee01a7
eapol: Move eapol_cancel
2016-06-28 17:26:03 -05:00
Rahul Rahul
fb339bcc76
eapol: helper functions for REKEY_OFFLOAD
2016-06-22 18:44:17 -05:00
Denis Kenzior
b93ae37325
eapol: Add eapol_sm_get_own_ie
2016-06-14 19:57:21 -05:00
Denis Kenzior
6d81e0a172
eapol: Add eapol_sm_get_group_cipher
2016-06-14 19:57:21 -05:00
Denis Kenzior
c1ff686ed6
eapol: Add eapol_sm_get_pairwise_cipher
2016-06-14 19:57:21 -05:00
Denis Kenzior
30d1673ba4
eapol: Add support for SHA-256 based AKMs
2016-02-10 19:18:56 -06:00
Denis Kenzior
c35409d73c
eapol: Update to the new API
2016-02-10 16:55:15 -06:00
Denis Kenzior
3320d31ead
sha1: Remove sha1.[ch]
2016-02-10 14:36:14 -06:00
Denis Kenzior
342ad9c61c
eapol: Add clarifying comment
2015-11-03 16:26:34 -06:00
Andrew Zaborowski
14020b2aa6
eapol: Handle EAPoL-EAP packets
2015-11-02 21:45:43 -06:00
Andrew Zaborowski
2bccb7e7dc
eapol: Remove user_data from __eapol_rx_packet args
...
Instead of passing the user_data parameter in every __eapol_rx_packet
call to be used by EAPOL in all tx_packet calls, add
eapol_sm_set_tx_user_data function that sets the value of user_data for
all subsequent tx_packet calls. This way tx_packet can be called from
places that are not necessarily inside an __eapol_rx_packet call.
2015-11-02 21:40:21 -06:00
Andrew Zaborowski
ef9b6f41ce
eapol: Separate EAPOL header from struct eapol_key
...
This is needed so we can better handle sending and receiving EAPoL
packets other than EAPoL-Key.
2015-11-02 21:40:21 -06:00
Denis Kenzior
f1d81cd3c5
eapol: Remove unneded TODO comment
2015-06-08 10:46:48 -05:00
Denis Kenzior
99cdb860c0
eapol: Simplify install_tk callback
2015-05-21 21:10:21 -05:00
Denis Kenzior
e93dd44607
eapol: Simplify GTK install callback
...
Instead of passing in the RSN/WPA elements, simply pass in the
configured cipher. This will make the implementation of the install_gtk
callback much simpler.
2015-05-21 21:08:47 -05:00
Denis Kenzior
9992d3aeda
eapol: Extract & keep track of desired ciphers
...
When our own WPA IE or RSN IE are set, extract group and pairwise
ciphers. These ciphers are the ones we desire to use for the secure
connection.
2015-05-19 00:05:53 -05:00
Denis Kenzior
12551b52ff
eapol: Sanity check 2nd RSNE
...
If the second (optional) RSN element is included in Step 3/4 of the
4-way handshake, parse it and perform basic sanity checks
2015-05-18 23:49:11 -05:00
Denis Kenzior
8593ebaad4
eapol: Set wpa_key_id in WPA1 Step 2 of 2
2015-05-18 14:45:09 -05:00
Andrew Zaborowski
a227d0b00f
eapol: In GTK step 2 of 2, secure bit is always 1
2015-05-18 12:50:50 -05:00
Andrew Zaborowski
a84d232eb1
eapol: Accept 32-byte keys in verify_ptk_3_of_4
...
TKIP key data is 32 bytes long.
2015-05-18 12:37:34 -05:00
Denis Kenzior
619448cacc
eapol: Sanity check wpa_key_id field a bit more
2015-05-05 22:26:11 -05:00
Denis Kenzior
9793054a0a
eapol: Update TODO comment
2015-05-05 22:19:45 -05:00
Denis Kenzior
a38b6f1f9a
eapol: Add missing newline
2015-05-05 22:18:35 -05:00
Denis Kenzior
8f3fd6e47d
eapol: Add eapol_verify_gtk_2_of_2
2015-05-05 22:04:21 -05:00
Denis Kenzior
2ba7867e9f
eapol: Drop unneded check in verify_ptk_4_of_4
...
Step 4 is always sent without encrypted Key Data according to Section
11.6.6.5. In the case of WPA, Encrypted Key Data field is reserved, and
should always be 0. Thus it is safe to drop the !is_wpa condition.
2015-05-05 22:01:53 -05:00
Denis Kenzior
bb17f5df94
eapol: Add sanity checking of the install bit
2015-05-05 21:50:35 -05:00
Andrew Zaborowski
0ea28ba5ad
eapol: Generate new snonce on new 4-Way Handshake
...
Make sure that we handle PTK rekeying.
2015-05-05 21:22:38 -05:00
Andrew Zaborowski
a7846aee85
eapol: WPA-specific handshake quirks
...
To support WPA allow the legacy EAPOL-Key frame formats.
2015-05-05 21:22:31 -05:00
Andrew Zaborowski
a8c0f20510
eapol: Handle the Group Key Handshake
2015-05-05 21:10:07 -05:00
Andrew Zaborowski
169aa04570
eapol: Free eapol_sm even if callback is null
...
If deauthenticate callback was not provided, the state machine was not
being freed / removed.
2015-04-29 08:54:53 -05:00
Andrew Zaborowski
4a27563b5a
eapol: Fix key-IV check in EAPOL-Key verification
...
The comment correctly states the IV is 0 for version 2, but the
check was actually for version 1.
2015-04-29 08:54:47 -05:00
Andrzej Zaborowski
c22d22f5e5
eapol: Remove eapol_sm's from queue when destroying.
...
Prevents a double-free.
2015-04-17 10:40:10 -05:00
Denis Kenzior
bc98bc9ecb
eapol: Add functions to set own/ap WPA IEs
...
If EAPoL is being run for in WPA mode, then instead of RSN elements, the
WPA elements are required.
2015-04-10 23:46:58 -05:00
Denis Kenzior
445ad55796
eapol: Start a handshake timer
...
We start a timer. This handles the case that the Authenticator does
not send us the first message of the 4-way handshake, or disappears
before sending us the 3rd message.
2015-03-29 22:44:08 -05:00
Denis Kenzior
e2badc9828
eapol: Call deauthenticate callback
2015-03-29 22:32:09 -05:00
Denis Kenzior
9f17b71375
eapol: Add eapol_cancel
2015-03-29 20:58:40 -05:00
Denis Kenzior
cf3681efbe
eapol: Add comment for handling MIC failures
2015-03-29 20:57:58 -05:00
Denis Kenzior
f31407dd46
eapol: Add deauthenticate callback
2015-03-29 20:30:14 -05:00