Commit graph

15 commits

Author SHA1 Message Date
Dan Williams
6aaac006af PMKSA: Make deauthentication due to cache entry removal more granular
Expiry can always trigger a deauthentication, but otherwise,
deauthentication should only happen when the *current* cache entry is
removed and not being replaced. It should not happen when the current
PMK just happens to match the PMK of the entry being removed, since
multiple entries can have the same PMK when OKC is used and these
entries are often removed at different times.

This fixes an issue where eviction of the oldest inactive entry due to
adding a newer entry to a full cache caused a deauthentication when the
entry being removed had the same PMK as the current entry.

Signed-hostap: Dan Williams <dcbw@redhat.com>
2012-11-25 21:39:19 +02:00
Dan Williams
0e502f97c5 PMKSA: Do not evict active cache entry when adding new ones
If the PMKSA cache is full (i.e., 32 candidates have been seen in scan
results and have not yet expired) then any additional entries can
potentially evict the current/active entry (if it is the oldest entry),
which triggers a pointless local deauthentication. The supplicant
shouldn't replace the current/active entry if it is still valid, but
instead the oldest entry that is *not* the current/active one.

Signed-hostap: Dan Williams <dcbw@redhat.com>
intended-for: hostap-1
2012-08-10 17:55:17 +03:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
96efeeb66b Use PMKSA cache entries with only a single network context
When looking for PMKSA cache entries to use with a new association, only
accept entries created with the same network block that was used to
create the cache entry.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-04 12:32:35 +02:00
Jouni Malinen
1323ee314e Move wpa_sm_remove_pmkid() call to PMKSA cache entry freeing
This makes it clearer that the PMKSA caching entry gets removed from
the driver regardless of how the internal entry from wpa_supplicant
gets cleared. In practice, this call was skipped only for the case
when the entry for the current AP was being updated, so the previous
version was likely to work with all drivers. Anyway, it is cleaner
to explicitly remove the old entry even in that case before the new
entry gets added.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-20 12:53:29 +02:00
Jouni Malinen
c3fea27274 Clear OKC-based PMKSA caching entries if PMK is changed
Whenever PMK gets changed (e.g., due to re-authentication), all PMKSA
caching entries that were created using the previous PMK needs to be
replaced. Previously, only the entry for the current AP was cleared.
Flush the other entries based on network_ctx matches to get rid of the
OKC entries. These entries can then be re-creating using OKC with the
new PMK.
2011-10-02 19:36:37 +03:00
Jouni Malinen
8a55f56453 RSN: Add a debug message when considing addition of OKC entry 2011-09-16 18:45:15 +03:00
Jouni Malinen
d8a790b922 Flush PMKSA cache entries and invalidate EAP state on network changes
If a network configuration block is removed or modified, flush
all PMKSA cache entries that were created using that network
configuration. Similarly, invalidate EAP state (fast re-auth).

The special case for OKC on wpa_supplicant reconfiguration
(network_ctx pointer change) is now addressed as part of the
PMKSA cache flushing, so it does not need a separate mechanism
for clearing the network_ctx values in the PMKSA cache.
2011-09-07 17:46:00 +03:00
Jouni Malinen
734baae0af Clear driver PMKSA cache entry on PMKSA cache expiration
If the driver maintains its own copy of the PMKSA cache, we need to
clear an entry from the driver whenever wpa_supplicant is dropping
an old PMKSA cache entry.
2011-09-07 16:31:09 +03:00
Jouni Malinen
03da66bd59 Remove src/crypto from default include path
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.
2009-11-29 23:04:43 +02:00
Jouni Malinen
13268290b6 Moved rsn_pmkid() into shared code to avoid duplication 2009-01-14 21:31:47 +02:00
Jouni Malinen
540264a721 Removed wpa_sm dereference from pmksa_cache_list() 2009-01-13 20:22:42 +02:00
Jouni Malinen
f5a51b58d4 Moved proto == RSN validation from pmksa_cache.c into the caller 2009-01-13 20:15:06 +02:00
Jouni Malinen
565861976d Added support for using SHA256-based stronger key derivation for WPA2
IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for
key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new
AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 22:57:28 +03:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00