#
1.22 |
|
15-May-2020 |
stsp |
Fix CCMP replay check with 11n Rx aggregation and CCMP hardware offloading.
So far, drivers using hardware CCMP decryption were expected to keep the most recently seen CCMP packet number (PN) up-to-date, and to discard frames with lower PNs as replays.
A-MPDU subframes may legitimately arrive out of order, and the drivers skipped CCMP replay checking for such frames. Re-ordering happens in ieee80211_inputm(), after the driver is done with a frame. Drivers cannot tell replayed frames apart from legitimate out-of-order retransmissions.
To fix this, update the PN value in ieee80211_inputm() after subframes have been reordered into their proper sequence. Drivers still perform replay checks but they no longer have to worry about updating the last seen PN value.
The 802.11 spec confirms that replay checking is supposed to happen after A-MPDU re-ordering.
Tested by jmc@, benno@, solene@, and myself with the following drivers: athn(4), iwn(4), iwm(4), wpi(4), urtwn(4)
ok solene@
|
Revision tags: OPENBSD_6_5_BASE OPENBSD_6_6_BASE OPENBSD_6_7_BASE
|
#
1.21 |
|
09-Nov-2018 |
claudio |
M_LEADINGSPACE() and M_TRAILINGSPACE() are just wrappers for m_leadingspace() and m_trailingspace(). Convert all callers to call directly the functions and remove the defines. OK krw@, mpi@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.20 |
|
02-May-2017 |
mikeb |
Switch 802.11 crypto over to the new AES
OK stsp@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.19 |
|
23-Mar-2017 |
tb |
Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.18 |
|
24-Nov-2015 |
mpi |
No need to include <net/if_arp.h>
This header is only needed because <netinet/if_ether.h> declares a structure that needs it. But it turns out that <net/if.h> already includes it as workaround.
A proper solution would be to stop declarting "struct ether_arp" there. But no driver should need this header.
|
#
1.17 |
|
15-Nov-2015 |
stsp |
Fix CCMP (WPA2) in preparation for 11n. This code didn't handle QoS frames correctly but QoS frames are required for 11n A-MPDU aggregation and 11n STAs are required to use CCMP instead of WEP or TKIP ciphers.
The QoS bit in FC0 is part of AAD (additional authentication data) but was being masked unconditionally. The FC1 order bit is masked to 0 in AAD if a data frame contains a QoS control field but this code was looking for HT control fields instead.
Add an XXX comment about another bit which must be set if SPP (signaling and payload protected) A-MSDUs are supported. Neither Linux nor FreeBSD seem to set this bit, and we don't support SPP A-MSDUs yet so a comment seems good enough for now.
ok deraadt mpi kettenis guenther helpful hints from mikeb
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
15-Jul-2015 |
deraadt |
m_freem() can handle NULL, do not check for this condition beforehands. ok stsp mpi
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
12-Jul-2014 |
tedu |
add a size argument to free. will be used soon, but for now default to 0. after discussions with beck deraadt kettenis.
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
21-Nov-2013 |
mpi |
Remove unneeded include.
ok deraadt@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.12 |
|
05-Apr-2011 |
blambert |
Passing M_WAITOK to mbuf functions is supposed to be a contract between the caller and the function that the function will not fail to allocate memory and return a NULL pointer. However, m_dup_pkthdr() violates this contract, making it possible for functions that pass M_WAITOK to be surprised in ways that hurt.
Fix this by passing the wait flag all the way down the functions that actually do the allocation for m_dup_pkthdr() so that we won't be surprised.
man page update forthcoming
ok claudio@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.11 |
|
20-Jul-2010 |
matthew |
Switch some obvious network stack MAC comparisons from bcmp() to timingsafe_bcmp().
ok deraadt@; committed over WPA.
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.10 |
|
24-Sep-2009 |
damien |
do not call m_free(n0) followed by m_freem(n0) when m_dup_pkthdr() call fails. this double-free was introduced with the M_DUP_PKTHRD to m_dup_pkthdr change that got committed before I had a chance to review it.
|
#
1.9 |
|
13-Sep-2009 |
krw |
M_DUP_PKTHDR() define -> m_dup_pkthdr() function to properly deal with m_tag_copy_chain() failures.
Use m_defrag() to eliminate hand rolled defragging of mbufs and some uses of M_DUP_PKTHDR().
Original diff from thib@, claudio@'s feedback integrated by me.
Tests kevlo@ claudio@, "reads ok" blambert@
ok thib@ claudio@, "m_defrag() bits ok" kettenis@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.8 |
|
03-Dec-2008 |
damien |
typos in comments - no binary change.
|
#
1.7 |
|
27-Sep-2008 |
damien |
Add some inline functions to test the presence of optional 802.11 header fields (Sequence Control, Address 4, QoS Control, +HTC) and use them where appropriate.
Add ieee80211_get_qos() inline function to extract the QoS control field of an 802.11 header instead of duplicating the same scary code everywhere (the location of this field depends on the presence of an Address 4 field).
Export ieee80211_up_to_ac() so that drivers can select the access category to use based on the TID subfield of the QoS Control field.
Define more QoS-related bits for the RSN Capabilities field of RSN IE (will be used later).
|
#
1.6 |
|
12-Aug-2008 |
damien |
in a near future, unicast management frames will be encrypted/decrypted using CCMP. use the right replay counter in this case.
|
#
1.5 |
|
12-Aug-2008 |
damien |
maintain a count of TKIP and CCMP replayed frames. some cleanup while i'm here.
|
#
1.4 |
|
12-Aug-2008 |
damien |
retrieve the TID from QoS frames to use with the appropriate replay counter.
|
#
1.3 |
|
12-Aug-2008 |
henning |
use MINCLSIZE to decide wether we need to allocate an mbuf cluster instead of MLEM, damien ok
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.2 |
|
26-Jul-2008 |
damien |
properly handle management frames (required for future work). remove useless #includes.
|
#
1.1 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
#
1.21 |
|
09-Nov-2018 |
claudio |
M_LEADINGSPACE() and M_TRAILINGSPACE() are just wrappers for m_leadingspace() and m_trailingspace(). Convert all callers to call directly the functions and remove the defines. OK krw@, mpi@
|
Revision tags: OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
#
1.20 |
|
02-May-2017 |
mikeb |
Switch 802.11 crypto over to the new AES
OK stsp@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.19 |
|
23-Mar-2017 |
tb |
Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.18 |
|
24-Nov-2015 |
mpi |
No need to include <net/if_arp.h>
This header is only needed because <netinet/if_ether.h> declares a structure that needs it. But it turns out that <net/if.h> already includes it as workaround.
A proper solution would be to stop declarting "struct ether_arp" there. But no driver should need this header.
|
#
1.17 |
|
15-Nov-2015 |
stsp |
Fix CCMP (WPA2) in preparation for 11n. This code didn't handle QoS frames correctly but QoS frames are required for 11n A-MPDU aggregation and 11n STAs are required to use CCMP instead of WEP or TKIP ciphers.
The QoS bit in FC0 is part of AAD (additional authentication data) but was being masked unconditionally. The FC1 order bit is masked to 0 in AAD if a data frame contains a QoS control field but this code was looking for HT control fields instead.
Add an XXX comment about another bit which must be set if SPP (signaling and payload protected) A-MSDUs are supported. Neither Linux nor FreeBSD seem to set this bit, and we don't support SPP A-MSDUs yet so a comment seems good enough for now.
ok deraadt mpi kettenis guenther helpful hints from mikeb
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
15-Jul-2015 |
deraadt |
m_freem() can handle NULL, do not check for this condition beforehands. ok stsp mpi
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
12-Jul-2014 |
tedu |
add a size argument to free. will be used soon, but for now default to 0. after discussions with beck deraadt kettenis.
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
21-Nov-2013 |
mpi |
Remove unneeded include.
ok deraadt@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.12 |
|
05-Apr-2011 |
blambert |
Passing M_WAITOK to mbuf functions is supposed to be a contract between the caller and the function that the function will not fail to allocate memory and return a NULL pointer. However, m_dup_pkthdr() violates this contract, making it possible for functions that pass M_WAITOK to be surprised in ways that hurt.
Fix this by passing the wait flag all the way down the functions that actually do the allocation for m_dup_pkthdr() so that we won't be surprised.
man page update forthcoming
ok claudio@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.11 |
|
20-Jul-2010 |
matthew |
Switch some obvious network stack MAC comparisons from bcmp() to timingsafe_bcmp().
ok deraadt@; committed over WPA.
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.10 |
|
24-Sep-2009 |
damien |
do not call m_free(n0) followed by m_freem(n0) when m_dup_pkthdr() call fails. this double-free was introduced with the M_DUP_PKTHRD to m_dup_pkthdr change that got committed before I had a chance to review it.
|
#
1.9 |
|
13-Sep-2009 |
krw |
M_DUP_PKTHDR() define -> m_dup_pkthdr() function to properly deal with m_tag_copy_chain() failures.
Use m_defrag() to eliminate hand rolled defragging of mbufs and some uses of M_DUP_PKTHDR().
Original diff from thib@, claudio@'s feedback integrated by me.
Tests kevlo@ claudio@, "reads ok" blambert@
ok thib@ claudio@, "m_defrag() bits ok" kettenis@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.8 |
|
03-Dec-2008 |
damien |
typos in comments - no binary change.
|
#
1.7 |
|
27-Sep-2008 |
damien |
Add some inline functions to test the presence of optional 802.11 header fields (Sequence Control, Address 4, QoS Control, +HTC) and use them where appropriate.
Add ieee80211_get_qos() inline function to extract the QoS control field of an 802.11 header instead of duplicating the same scary code everywhere (the location of this field depends on the presence of an Address 4 field).
Export ieee80211_up_to_ac() so that drivers can select the access category to use based on the TID subfield of the QoS Control field.
Define more QoS-related bits for the RSN Capabilities field of RSN IE (will be used later).
|
#
1.6 |
|
12-Aug-2008 |
damien |
in a near future, unicast management frames will be encrypted/decrypted using CCMP. use the right replay counter in this case.
|
#
1.5 |
|
12-Aug-2008 |
damien |
maintain a count of TKIP and CCMP replayed frames. some cleanup while i'm here.
|
#
1.4 |
|
12-Aug-2008 |
damien |
retrieve the TID from QoS frames to use with the appropriate replay counter.
|
#
1.3 |
|
12-Aug-2008 |
henning |
use MINCLSIZE to decide wether we need to allocate an mbuf cluster instead of MLEM, damien ok
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.2 |
|
26-Jul-2008 |
damien |
properly handle management frames (required for future work). remove useless #includes.
|
#
1.1 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.20 |
|
02-May-2017 |
mikeb |
Switch 802.11 crypto over to the new AES
OK stsp@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.19 |
|
23-Mar-2017 |
tb |
Use explicit_bzero() to wipe out key material and add some sizes to free().
ok stsp
|
Revision tags: OPENBSD_5_9_BASE OPENBSD_6_0_BASE
|
#
1.18 |
|
24-Nov-2015 |
mpi |
No need to include <net/if_arp.h>
This header is only needed because <netinet/if_ether.h> declares a structure that needs it. But it turns out that <net/if.h> already includes it as workaround.
A proper solution would be to stop declarting "struct ether_arp" there. But no driver should need this header.
|
#
1.17 |
|
15-Nov-2015 |
stsp |
Fix CCMP (WPA2) in preparation for 11n. This code didn't handle QoS frames correctly but QoS frames are required for 11n A-MPDU aggregation and 11n STAs are required to use CCMP instead of WEP or TKIP ciphers.
The QoS bit in FC0 is part of AAD (additional authentication data) but was being masked unconditionally. The FC1 order bit is masked to 0 in AAD if a data frame contains a QoS control field but this code was looking for HT control fields instead.
Add an XXX comment about another bit which must be set if SPP (signaling and payload protected) A-MSDUs are supported. Neither Linux nor FreeBSD seem to set this bit, and we don't support SPP A-MSDUs yet so a comment seems good enough for now.
ok deraadt mpi kettenis guenther helpful hints from mikeb
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.16 |
|
15-Jul-2015 |
deraadt |
m_freem() can handle NULL, do not check for this condition beforehands. ok stsp mpi
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.15 |
|
23-Dec-2014 |
tedu |
unifdef some more INET. v4 4life.
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.14 |
|
12-Jul-2014 |
tedu |
add a size argument to free. will be used soon, but for now default to 0. after discussions with beck deraadt kettenis.
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.13 |
|
21-Nov-2013 |
mpi |
Remove unneeded include.
ok deraadt@
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE
|
#
1.12 |
|
05-Apr-2011 |
blambert |
Passing M_WAITOK to mbuf functions is supposed to be a contract between the caller and the function that the function will not fail to allocate memory and return a NULL pointer. However, m_dup_pkthdr() violates this contract, making it possible for functions that pass M_WAITOK to be surprised in ways that hurt.
Fix this by passing the wait flag all the way down the functions that actually do the allocation for m_dup_pkthdr() so that we won't be surprised.
man page update forthcoming
ok claudio@
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.11 |
|
20-Jul-2010 |
matthew |
Switch some obvious network stack MAC comparisons from bcmp() to timingsafe_bcmp().
ok deraadt@; committed over WPA.
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.10 |
|
24-Sep-2009 |
damien |
do not call m_free(n0) followed by m_freem(n0) when m_dup_pkthdr() call fails. this double-free was introduced with the M_DUP_PKTHRD to m_dup_pkthdr change that got committed before I had a chance to review it.
|
#
1.9 |
|
13-Sep-2009 |
krw |
M_DUP_PKTHDR() define -> m_dup_pkthdr() function to properly deal with m_tag_copy_chain() failures.
Use m_defrag() to eliminate hand rolled defragging of mbufs and some uses of M_DUP_PKTHDR().
Original diff from thib@, claudio@'s feedback integrated by me.
Tests kevlo@ claudio@, "reads ok" blambert@
ok thib@ claudio@, "m_defrag() bits ok" kettenis@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.8 |
|
03-Dec-2008 |
damien |
typos in comments - no binary change.
|
#
1.7 |
|
27-Sep-2008 |
damien |
Add some inline functions to test the presence of optional 802.11 header fields (Sequence Control, Address 4, QoS Control, +HTC) and use them where appropriate.
Add ieee80211_get_qos() inline function to extract the QoS control field of an 802.11 header instead of duplicating the same scary code everywhere (the location of this field depends on the presence of an Address 4 field).
Export ieee80211_up_to_ac() so that drivers can select the access category to use based on the TID subfield of the QoS Control field.
Define more QoS-related bits for the RSN Capabilities field of RSN IE (will be used later).
|
#
1.6 |
|
12-Aug-2008 |
damien |
in a near future, unicast management frames will be encrypted/decrypted using CCMP. use the right replay counter in this case.
|
#
1.5 |
|
12-Aug-2008 |
damien |
maintain a count of TKIP and CCMP replayed frames. some cleanup while i'm here.
|
#
1.4 |
|
12-Aug-2008 |
damien |
retrieve the TID from QoS frames to use with the appropriate replay counter.
|
#
1.3 |
|
12-Aug-2008 |
henning |
use MINCLSIZE to decide wether we need to allocate an mbuf cluster instead of MLEM, damien ok
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.2 |
|
26-Jul-2008 |
damien |
properly handle management frames (required for future work). remove useless #includes.
|
#
1.1 |
|
16-Apr-2008 |
damien |
Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard.
Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.
This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported.
In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes.
The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4)
The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher
wpa-psk(8) can be used to generate keys from passphrases.
tested by many@ ok deraadt@
|