The following series of patches adds support for the basic Pre Association Security Negotiation (PASN) as defined in Draft 802.11az_D2.0. In short, PASN is a mechanism to establish security association and allow Management Frame Protection (MFP) prior to association. The patch set continues the work introduced in the previous patch set: "Preparations for Pre association Security Negotiation(PASN) Support" The first patches in the series introduce building block functions to compute the keys etc. and build/validate the PASN authentication frames. Since PASN intended to be used to establish a PTKSA between an non-AP station and an AP in an infrastructure networks, that can later be used for secure LTF measurement exchange, an implementation of a PTKSA is added to both wpa_supplicant and hostapd. Once all the prerequisites in place, the patch set adds support for PASN to the wpa_supplicant and hostapd, based on either the existence of a PMKSA for a base AKM (SAE or FILS), or key establishment using PASN authentication. To allow PASN functionality a Linux kernel with the following change is required (such as the latest mac80211-next): https://patchwork.kernel.org/patch/11359741/ Ilan Peer (14): PASN: Add some specification definitions PASN: Add functions to compute PTK, MIC and hash PASN: Add common authentication frame build/validation functions tests: Add module tests for PASN PTK derivation common: Add PASN parsing to ieee802_11_parse_extension() WPA: Add a function to get PMKSA cache entry WPA: Add PTKSA cache implementation WPA: Add PTKSA cache to wpa_supplicant for PASN PASN: Add support for PASN processing to the wpa_supplicant ctrl_iface: Add support for PASN authentication AP: Add support for configuring PASN WPA_AUTH: Add PTKSA cache to hostapd AP: Add support for PASN processing to the SME tests: Add PASN test coverage hostapd/Makefile | 10 + hostapd/config_file.c | 11 + hostapd/ctrl_iface.c | 4 + hostapd/defconfig | 5 + hostapd/hostapd.conf | 8 + src/ap/ap_config.c | 4 + src/ap/ap_config.h | 2 + src/ap/hostapd.h | 3 + src/ap/ieee802_11.c | 517 ++++++++++++- src/ap/sta_info.c | 20 + src/ap/sta_info.h | 20 + src/ap/wpa_auth.c | 30 + src/ap/wpa_auth.h | 3 + src/ap/wpa_auth_glue.c | 34 + src/ap/wpa_auth_ie.c | 7 + src/common/Makefile | 4 +- src/common/common_module_tests.c | 171 ++++- src/common/defs.h | 6 + src/common/ieee802_11_common.c | 4 + src/common/ieee802_11_common.h | 2 + src/common/ieee802_11_defs.h | 11 + src/common/ptksa_cache.c | 321 ++++++++ src/common/ptksa_cache.h | 84 ++ src/common/wpa_common.c | 669 ++++++++++++++++ src/common/wpa_common.h | 70 ++ src/common/wpa_ctrl.h | 3 + src/rsn_supp/wpa.c | 16 + src/rsn_supp/wpa.h | 16 + src/rsn_supp/wpa_ft.c | 2 + src/rsn_supp/wpa_i.h | 8 + tests/hwsim/example-hostapd.config | 2 + tests/hwsim/example-wpa_supplicant.config | 2 + tests/hwsim/hostapd.py | 17 + tests/hwsim/test_pasn.py | 344 +++++++++ tests/hwsim/wpasupplicant.py | 20 + wlantest/Makefile | 1 + wpa_supplicant/Makefile | 11 + wpa_supplicant/ctrl_iface.c | 95 +++ wpa_supplicant/defconfig | 3 + wpa_supplicant/events.c | 19 + wpa_supplicant/pasn_supplicant.c | 893 ++++++++++++++++++++++ wpa_supplicant/wpa_cli.c | 36 + wpa_supplicant/wpa_supplicant.c | 11 + wpa_supplicant/wpa_supplicant_i.h | 43 ++ wpa_supplicant/wpas_glue.c | 29 +- 45 files changed, 3585 insertions(+), 6 deletions(-) create mode 100644 src/common/ptksa_cache.c create mode 100644 src/common/ptksa_cache.h create mode 100644 tests/hwsim/test_pasn.py create mode 100644 wpa_supplicant/pasn_supplicant.c -- 2.17.1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
