[PATCH 00/14] Support base Pre association Security Negotiation (PASN)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following series of patches adds support for the basic
Pre Association Security Negotiation (PASN) as defined in Draft
802.11az_D2.0. In short, PASN is a mechanism to establish
security association and allow Management Frame Protection (MFP)
prior to association.

The patch set continues the work introduced in the previous patch set:
"Preparations for Pre association Security Negotiation(PASN) Support"

The first patches in the series introduce building block functions
to compute the keys etc. and build/validate the PASN authentication
frames.

Since PASN intended to be used to establish a PTKSA between an non-AP
station and an AP in an infrastructure networks, that can
later be used for secure LTF measurement exchange, an implementation
of a PTKSA is added to both wpa_supplicant and hostapd.

Once all the prerequisites in place, the patch set adds support for
PASN to the wpa_supplicant and hostapd, based on either the existence
of a PMKSA for a base AKM (SAE or FILS), or key establishment using
PASN authentication.

To allow PASN functionality a Linux kernel with the following change
is required (such as the latest mac80211-next):

https://patchwork.kernel.org/patch/11359741/

Ilan Peer (14):
  PASN: Add some specification definitions
  PASN: Add functions to compute PTK, MIC and hash
  PASN: Add common authentication frame build/validation functions
  tests: Add module tests for PASN PTK derivation
  common: Add PASN parsing to ieee802_11_parse_extension()
  WPA: Add a function to get PMKSA cache entry
  WPA: Add PTKSA cache implementation
  WPA: Add PTKSA cache to wpa_supplicant for PASN
  PASN: Add support for PASN processing to the wpa_supplicant
  ctrl_iface: Add support for PASN authentication
  AP: Add support for configuring PASN
  WPA_AUTH: Add PTKSA cache to hostapd
  AP: Add support for PASN processing to the SME
  tests: Add PASN test coverage

 hostapd/Makefile                          |  10 +
 hostapd/config_file.c                     |  11 +
 hostapd/ctrl_iface.c                      |   4 +
 hostapd/defconfig                         |   5 +
 hostapd/hostapd.conf                      |   8 +
 src/ap/ap_config.c                        |   4 +
 src/ap/ap_config.h                        |   2 +
 src/ap/hostapd.h                          |   3 +
 src/ap/ieee802_11.c                       | 517 ++++++++++++-
 src/ap/sta_info.c                         |  20 +
 src/ap/sta_info.h                         |  20 +
 src/ap/wpa_auth.c                         |  30 +
 src/ap/wpa_auth.h                         |   3 +
 src/ap/wpa_auth_glue.c                    |  34 +
 src/ap/wpa_auth_ie.c                      |   7 +
 src/common/Makefile                       |   4 +-
 src/common/common_module_tests.c          | 171 ++++-
 src/common/defs.h                         |   6 +
 src/common/ieee802_11_common.c            |   4 +
 src/common/ieee802_11_common.h            |   2 +
 src/common/ieee802_11_defs.h              |  11 +
 src/common/ptksa_cache.c                  | 321 ++++++++
 src/common/ptksa_cache.h                  |  84 ++
 src/common/wpa_common.c                   | 669 ++++++++++++++++
 src/common/wpa_common.h                   |  70 ++
 src/common/wpa_ctrl.h                     |   3 +
 src/rsn_supp/wpa.c                        |  16 +
 src/rsn_supp/wpa.h                        |  16 +
 src/rsn_supp/wpa_ft.c                     |   2 +
 src/rsn_supp/wpa_i.h                      |   8 +
 tests/hwsim/example-hostapd.config        |   2 +
 tests/hwsim/example-wpa_supplicant.config |   2 +
 tests/hwsim/hostapd.py                    |  17 +
 tests/hwsim/test_pasn.py                  | 344 +++++++++
 tests/hwsim/wpasupplicant.py              |  20 +
 wlantest/Makefile                         |   1 +
 wpa_supplicant/Makefile                   |  11 +
 wpa_supplicant/ctrl_iface.c               |  95 +++
 wpa_supplicant/defconfig                  |   3 +
 wpa_supplicant/events.c                   |  19 +
 wpa_supplicant/pasn_supplicant.c          | 893 ++++++++++++++++++++++
 wpa_supplicant/wpa_cli.c                  |  36 +
 wpa_supplicant/wpa_supplicant.c           |  11 +
 wpa_supplicant/wpa_supplicant_i.h         |  43 ++
 wpa_supplicant/wpas_glue.c                |  29 +-
 45 files changed, 3585 insertions(+), 6 deletions(-)
 create mode 100644 src/common/ptksa_cache.c
 create mode 100644 src/common/ptksa_cache.h
 create mode 100644 tests/hwsim/test_pasn.py
 create mode 100644 wpa_supplicant/pasn_supplicant.c

-- 
2.17.1


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux