Add support for Authentication negotiated over IEEE Std 802.1X
with key derivation function using SHA-384.
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
The new PTK migth need to be copied to another MLO STA entry, but that
operation should not modify the MLD MAC address of unrelated AP MLDs.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This makes the "Discovered new STA" entries in the debug log easier to
use when analyzing roaming cases with MLO.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow either a link address or the MLD MAC address of a non-AP MLD to
match the MAC address that is being used to identify a source or
destination of a frame for the MLO cases.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Make sta_find_mlo() more accurate by searching a non-AP MLD only from
the affialiated BSSs of the AP MLD instead of from any BSS. This might
help in some roaming cases where both the old and the new AP MLD have
their affiliated links in the BSS table.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
It is possible for there to be multiple STA entries (e.g., one for each
BSS) when a sniffer capture contains multiple associations using MLO.
For such cases, the new PTK information needs to be updated to all
existing STA entries to be able to find the latest TK when decrypting
following frames since the other STA entries might be located first when
trying to figure out how to decrypt a frame.
In addition to the PTK, copy the MLD MAC addresses to the other STA and
BSS entries to make sure the latest values are used when trying to
decrypt frames.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
Allow a single STA entry to be found for a non-AP MLD regardless of
which link MAC address was used to transmit/receive it.
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
If no Beacon or Probe Response frame has been seen in the capture, use
the IEs from EAPOL-Key msg 3/4 to set up BSS information.
Signed-off-by: Jouni Malinen <j@w1.fi>
wlantest used to ignore RSN/WPA/OSEN element in (Re)Association Request
frame if no Beacon frame had been seen from the AP before the
association exchange. This could result in not being able to derive keys
properly. Work around this by skipping that step if the BSS entry is not
yet complete.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds definitions for the 128-bit level Suite B AKM 00-0F-AC:11. The
functionality itself is not yet complete, i.e., this commit only
includes parts to negotiate the new AKM.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows Hotspot 2.0 OSEN connection to be analyzed more
conveniently. The frames from an OSEN association can now be decrypted
using an MSK file.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
