Commit graph

734 commits

Author SHA1 Message Date
Anirban Sirkhell
1c79cdff20 Add wps_cancel to hostapd_cli help text
Commit 4c374cde2f added a new wps_cancel
command, but didn't add it to the usage text in hostapd_cli. Add an
entry for this command.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-24 19:02:56 +03:00
Jouni Malinen
065d2895b4 Add UNAUTH-TLS vendor specific EAP type
This EAP type uses a vendor specific expanded EAP header to encapsulate
EAP-TLS with a configuration where the EAP server does not authenticate
the EAP peer. In other words, this method includes only server
authentication. The peer is configured with only the ca_cert parameter
(similarly to other TLS-based EAP methods). This method can be used for
cases where the network provides free access to anyone, but use of RSN
with a securely derived unique PMK for each station is desired.

The expanded EAP header uses the hostapd/wpa_supplicant vendor
code 39068 and vendor type 1 to identify the UNAUTH-TLS method.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-22 22:34:11 +03:00
Jouni Malinen
597d5d1b11 hlr_auc_gw: Add SQLite database support for Milenage information
An SQLite database can now be used to manage the Milenage information
instead of a text file. The new hlr_auc_gw.txt document describes how
this is configured and used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 22:59:30 +03:00
Jouni Malinen
e43bd7a1b7 hlr_auc_gw: Return FAILURE if IMSI for AKA is not known
Instead of no response, send a FAILURE response as AKA-RESP-AUTH if the
requested IMSI is not known.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 22:08:23 +03:00
Jouni Malinen
6e4598755b Use os_strdup() instead of os_malloc() + os_memcpy()
It is simpler to use os_strdup() to copy strings even if the end results
end up being used as binary data with a separate length field.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 18:50:42 +03:00
Jouni Malinen
99be648c5d HS 2.0: Do not allow AP hs20=1 configuration without RSN
Hotspot 2.0 networks are required to use WPA2-Enterprise/CCMP, so
enforce this while validating hostapd configuration.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 12:55:12 +03:00
Avinash Patil
d8a085508c hostapd: Disable WPS 2.0 when WPA-TKIP only configuration is set
WSC 2.0 deprecates use of WPA (TKIP) and does not allow WPA/TKIP only
configuration (i.e., WPA2/CCMP needs to be enabled in mixed mode for
WPA/TKIP to be acceptable). Enforce this by disabling WPS if
configuration enables WPA/TKIP without WPA2/CCMP.

Signed-off-by: Avinash Patil <patila@marvell.com>
2012-08-17 19:21:40 +03:00
Jouni Malinen
26a379224c OpenSSL: Implement SHA256 HMAC functions using HMAC API
Use the OpenSSL HMAC implementation instead of the internal sha256.c
implementation of HMAC with SHA256.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 22:34:35 +03:00
Jouni Malinen
ab637dcb37 Move SHA256-based PRF function into a separate C file
This makes it easier to conditionally build in SHA256 functions based
on which TLS/crypto library is used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 22:24:11 +03:00
Jouni Malinen
030d062fac OpenSSL: Implement SHA1 HMAC functions using HMAC API
Use the OpenSSL HMAC implementation instead of the internal sha1.c
implementation of HMAC with SHA1.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:38:25 +03:00
Jouni Malinen
d6150094e0 Move SHA1-based PRF function into a separate C file
This makes it easier to conditionally build in SHA1 functions based
on which TLS/crypto library is used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:26:16 +03:00
Jouni Malinen
e40c86ad27 OpenSSL: Use library function for PBKDF2 passphrase-to-PSK
Use the OpenSSL PKCS5_PBKDF2_HMAC_SHA1() function instead of the
internal implementation in sha1-pbkdf2.c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:26:16 +03:00
Jouni Malinen
067ffa2696 Convert os_realloc() for an array to use os_realloc_array()
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-13 21:21:23 +03:00
Jouni Malinen
f9884c096a Convert os_zalloc() for an array to use os_calloc()
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-13 20:44:21 +03:00
Yoni Divinsky
eda070f14f Move WMM AC parameter parser into a common file
This allows the same implementation to be used for wpa_supplicant, too.

Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
2012-08-12 11:33:00 +03:00
Mahesh Palivela
9615994ea6 VHT: Add configuration of operating center frequency
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 19:54:54 +03:00
Mahesh Palivela
140e850a66 VHT: Add option for requiring use of VHT
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 19:53:24 +03:00
Mahesh Palivela
6c93c38d7c VHT: Document vht_oper_chwidth and fix indentation
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 19:44:16 +03:00
Jouni Malinen
179099e676 Replace non-ASCII characters with ASCII characters
There is no point to use non-ASCII characters in this file when
perfectly fine ASCII characters are available..

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-10 19:32:15 +03:00
Michael Braun
03a6a2e972 Add option to use netlink to create and remove VLAN interfaces
CONFIG_VLAN_NETLINK=y build option can now be used to replace the
ioctl()-based interface for creating and removing VLAN interfaces
with netlink-based interface.

Signed-hostap: M. Braun <michael-dev@fami-braun.de>
2012-08-10 14:09:05 +03:00
Michael Braun
a00237ceb8 Add hostapd configuration option to set VLAN naming scheme
Signed-hostap: M. Braun <michael-dev@fami-braun.de>
2012-08-10 14:09:03 +03:00
Dmitry Shmidt
905d699d5e Android: Enable CONFIG_IEEE80211N option for hostapd
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-08-09 23:19:12 +03:00
Jouni Malinen
e122bb70b8 hostapd: Add alternative format for configuring SSID
The new ssid2 parameter can be used as an alternative mechanism for
configuring SSID for hostapd. It uses the same formats that
wpa_supplicant uses in the configuration file for strings.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 16:27:40 +03:00
Jouni Malinen
986de33d5c Convert remaining SSID routines from char* to u8*
This makes it more explicit that the SSID is not a null terminated
C string.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 16:07:25 +03:00
Janusz Dziedzic
2d2398a11f edit: Add support for setting prompt string
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2012-08-05 20:46:34 +03:00
Xi Chen
d32d94dbf4 WNM: Add WNM-Sleep Mode implementation for AP
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-01 13:21:23 +03:00
Jay Katabathuni
26fac8b6a0 Interworking: Add Domain Name element (AP)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 22:25:19 +03:00
Jay Katabathuni
78bda93e83 Interworking: Add IP Address Type Availability element (AP)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 22:25:16 +03:00
Jay Katabathuni
550a3958f7 Interworking: Add Network Auth Type element (AP)
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 22:25:14 +03:00
Jouni Malinen
8342185012 HS 2.0: Add mechanism for disabling DGAF
disable_dgaf=1 in hostapd.conf can now be used to disable downstream
group-addressed forwarding (DGAF). In this configuration, a unique
GTK (and IGTK) is provided to each STA in the BSS to make sure the
keys do not match and no STA can forge group-addressed frames.

An additional mechanism in the AP needs to be provided to handle some
group-addressed frames, e.g., by converting DHCP packets to unicast
IEEE 802.11 frames regardless of their destination IP address and by
providing Proxy ARP functionality.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 18:23:52 +03:00
Jay Katabathuni
19a8ad9944 HS 2.0: Add Hotspot 2.0 Indication for AP
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 18:23:38 +03:00
Jay Katabathuni
159c89ab4f HS 2.0: Add configuration for Hotspot 2.0 AP support
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 18:23:11 +03:00
Jouni Malinen
8494623403 Fix a typo in a comment
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-30 17:55:41 +03:00
Mahesh Palivela
532b16c7a9 hostapd: Add IEEE 802.11ac VHT IEs into Beacon/Probe Response
IEEE 802.11ac VHT changes to include VHT IEs in Beacon and Probe
Response frames.

Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-06-30 13:57:52 +03:00
Mahesh Palivela
efe45d1471 hostapd: Initial IEEE 802.11ac (VHT) definitions
Add IEEE 802.11ac definitions for config, IEEE structures, constants.

Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-06-30 13:52:13 +03:00
Jouni Malinen
51ca03f470 WPS: Document NFC use cases with password/config token
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 21:28:49 +03:00
Jouni Malinen
ffdaa05a6b WPS: Add support for NCF password token from AP
The new hostapd ctrl_iface command WPS_NFC_TOKEN can now be used to
manage AP-as-Enrollee operations with NFC password token. WPS/NDEF
parameters to this command can be used to generate a new NFC password
token. enable/disable parameters can be used to enable/disable use of
NFC password token (instead of AP PIN) for external Registrars.

A preconfigured NFS password token can be used by providing its
parameters with new hostapd.conf fields wps_nfc_dev_pw_id,
wps_nfc_dh_pubkey, wps_nfc_dh_privkey, and wps_nfc_dev_pw. This use
will also depend on WPS_NFC_TOKEN enable/disable commands, i.e., the
configured NFS password token is disabled by default.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 19:43:29 +03:00
Jouni Malinen
3cf7a59d4f WPS: Add new mechanism for generation NFC configuration token
The new hostapd ctrl_iface command WPS_NFC_CONFIG_TOKEN can now be used
to fetch payload for an NFC configuration token so that an external
program can be used to write this on an NFC tag.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 13:25:48 +03:00
Jouni Malinen
bb45b6d79a WPS: Add new mechanism for communicating NFC tag read events
hostapd ctrl_iface can now be used to deliver payload from read
operation of an NFC tag. This allows operations without having to have
low-level NFC code within hostapd. For now, the new wps_nfc_tag_read
command can be used with NFC password tokens for the case where the AP
has an NFC device that is used to read an NFC tag from the station
Enrollee.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:13 +03:00
Jouni Malinen
bde7ba6caf RADIUS DAS: Validate Event-Timestamp
DAS will now validate Event-Timestamp value to be within an acceptable
time window (300 seconds by default; can be set using
radius_das_time_window parameter). In addition, Event-Timestamp can be
required in Disconnect-Request and CoA-Request messages with
radius_das_require_event_timestamp=1.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 17:43:36 +03:00
Baruch Siach
17706d1c76 hostapd: Return error value on configuration check failure
Don't count errors since the number isn't used anyway.

Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-06-16 20:30:28 +03:00
Baruch Siach
4929898dab hostapd: Remove redundant variable initialization
The 'errors' variable is initialized later anyway.

Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-06-16 20:26:51 +03:00
Jouni Malinen
b6668734ab WNM: Add advertisement of BSS max idle period
If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period
information to the (Re)Association Response frame from the AP and parse
this information on the station. For SME-in-wpa_supplicant case, add a
timer to handle periodic transmission of the keep-alive frame. The
actual request for the driver to transmit a frame is not yet
implemented.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-27 17:35:00 -07:00
Dmitry Shmidt
dfb42efb34 wpa_supplicant: Make Android makefiles available under the BSD license
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-05-14 20:34:24 -04:00
Jouni Malinen
ec4a5d32b1 Add ChangeLog entries from v1.0 release
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-10 22:12:07 +03:00
Jouni Malinen
b031338cf0 Add preliminary RADIUS dynamic authorization server (RFC 5176)
This adds the basic DAS mechanism to enable hostapd to be configured
to request dynamic authorization requests (Disconnect-Request and
CoA-Request). This commit does not add actual processing of the
requests, i.e., this will only receive and authenticate the requests
and NAK them regardless of what operation is requested.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-06 22:02:42 +03:00
Jouni Malinen
af35e7af7f hostapd: Allow addition of arbitrary RADIUS attributes
New configuration parameters radius_auth_req_attr and
radius_acct_req_attr can now be used to add (or override) RADIUS
attributes in Access-Request and Accounting-Request packets.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 20:19:56 +03:00
Jouni Malinen
86f6053aa2 hostapd: Add optional Chargeable-User-Identity request (RFC 4372)
radius_request_cui=1 configuration parameter can now be used to
configure hostapd to request CUI from the RADIUS server by including
Chargeable-User-Identity attribute into Access-Request packets.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 18:19:54 +03:00
Jouni Malinen
5daba48ca7 hlr_auc_gw: Use 5 bit IND for SQN updates
Change the SQN generation mechanism to use not time-based Profile 2
as described in 3GPP TS 33.102 Annex C.3.2. The previous implementation
used void IND (i.e.., all of SQN was SEQ1). The new default uses 5 bits
of SQN as IND. The length of IND can be configured on the command line
with the new -i<IND len in bits> parameter. -i0 would make hlr_auc_gw
behave in the same way as the previous implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-05 14:12:42 +03:00
Jouni Malinen
5336861301 hlr_auc_gw: Add support for updating Milenage file SQN
If the new command line argument -u is used, hlr_auc_gw will update
the Milenage file SQN numbers when exiting based on what was the last
SQN used during the process runtime.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-03 22:39:49 +03:00