The change to support fragmentation added extra function to generate the
EAP header, but forgot to remove the original code and ended up getting two
EAP headers and TNC flags field in the generated message. These header
fields need to be added only in the function that builds the final message
(and if necessary, fragments the data).
When scan results got moved from wpa_scan_result -> wpa_scan_res, the
'maxrate' member was dropped from wpa_scan_res. The D-Bus interface
used 'maxrate', which was replaced with wpa_scan_get_max_rate().
Unfortunately, wpa_scan_get_max_rate() returns 802.11 rate values
directly from the IE, where 'maxrate' was the rate in bits/second. The
supplicant internally fakes an IE for wpa_scan_res from the value of
wpa_scan_result->maxrate, but interprets ->maxrate as an 802.11 rate
index.
As a side-effect, this fixes a soft-break of the D-Bus control API since
the wpa_scan_res change was introduced.
Function 'wpa_sm_set_config' used the argument 'config' as the network
context which is a pointer to a local variable of the function
'wpa_supplicant_rsn_supp_set_config'.
This is one reason why no proactive key was generated. This network
context never matched with the network context saved in the pmksa cache
entries.
The structure 'rsn_supp_config' has already a member 'network_ctx' which
is now filled in by this patch with 'ssid'.
Signed-off-by: Michael Bernhard <michael.bernhard@bfh.ch>
Documentation appeared a little vague about which options are global and
which are tied to a particular interface. This leads to confusion when
using certain combinations of options, e.g. the command "wpa_supplicant
-c /etc/wpa_supplican.conf -u" will not do what is intuitively expected
from it - it will not read the config file given with -c option because
no -i option was given. This command is still valid because -u option is
used. The wpa_supplicant running like this will also not listen on any
control socket, because the socket file name is usually given in the
config file. This command line also happens to be the default in Fedora 9.
This patch does not try to change any behaviour, but rather document
these nuances clearly.
Added code to use suggested nl80211/cfg80211 API for setting MFP related
parameters. This is disabled by default since the API changes has not yet
been approved. The new commands can be enabled by defining
NL80211_MFP_PENDING (this will be removed once the API changes is
approved).
Just in case, do not use the not-yet-approved WEXT changes even if someone
where to build wpa_supplicant with IEEE 802.11w support unless this new
macro has been defined explicitly.
Added configuration of MFP related parameters with WEXT. The changes to
linux/wireless.h have not yet been applied to the Linux kernel tree, so the
code using them is still open to changes and is ifdef'ed out if
CONFIG_IEEE80211W is not set.
Add the support for the Linux wireless drivers which want to do
4-way handshake and need to know the PSK before the handshake.
Signed-off-by: Masakazu Mokuno <mokuno@sm.sony.co.jp>
Add the new flags which are supposed to be included in Linux 2.6.27
for the drivers which want to do 4-way handshake and to know PMK.
Signed-off-by: Masakazu Mokuno <mokuno@sm.sony.co.jp>
This new netdev is created by hwsim, not mac80211, and as such, it is
available all the time (i.e., can be UP before starting mac80211 netdevs)
and it will receive all frames regardless of the channel etc.
mac80211_hwsim is a Linux kernel module that can be used to simulate
arbitrary number of IEEE 802.11 radios for mac80211 on a single
device. It can be used to test most of the mac80211 functionality and
user space tools (e.g., hostapd and wpa_supplicant) in a way that
matches very closely with the normal case of using real WLAN
hardware. From the mac80211 view point, mac80211_hwsim is yet another
hardware driver, i.e., no changes to mac80211 are needed to use this
testing tool.
This avoids getting stuck in state where wpa_supplicant has canceled scans,
but the driver is actually in disassociated state. The previously used code
that controlled scan timeout from WPA module is not really needed anymore
(and has not been needed for past four years since authentication timeout
was separated from scan request timeout), so this can simply be removed to
resolved the race condition. As an extra bonus, this simplifies the
interface to WPA module.
[Bug 261]
driver_nl80211.c is based on driver_wext.c and it is still using Linux
wireless extensions for many functions. Over time, the new driver interface
code should be modified to use nl80211/cfg80211 for everything.
Don't cast pointers to int in definitions of PRISM2_HOSTAPD_RID_HDR_LEN
and PRISM2_HOSTAPD_GENERIC_ELEMENT_HDR_LEN. Use size_t instead. That's
actually what the code needs.
This was not accurate since this was mostly based on total runtime of an
eapol_test run. The real improvement in the bignum routines is much larger
(mayby twice as fast as before).
CONFIG_INTERNAL_LIBTOMMATH_FAST=y in .config can now be used to enable all
optimized routines at a cost of about 4 kB. This is small enough increase
in size to justify simplified configuration.
At the cost of about 1 kB of additional binary size, the internal
LibTomMath can be configured to include faster div routine to speed up DH
and RSA. This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_DIV=y in
.config.
This gets rid of potential warnings about buffer bounds errors. The earlier
code works fine, but it is not the cleanest way of using the struct wpa_ptk
definition for TK1/TK2.
At the cost of about 0.5 kB of additional binary size, the internal
LibTomMath can be configured to include faster sqr routine to speed up DH
and RSA. This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_SQR=y in
.config.
struct wpa_ie_hdr had separate fields for 24-bit OUI and 8-bit oui_type
for WPA/RSN selectors. {WPA,RSN}_SELECTOR_{GET,PUT} access these four
octets through oui and the "out-of-bounds" access for the fourth octet is
actually reading/writing oui_type. This works fine, but some tools complain
about the array bounds "failure". Since oui_type is never accessed
separately, the simplest fix is to just combine these into a single 4-octet
field.
Depending on how the driver implements IBSS searching and creation, it
may need to perform one or more scans before successfully completing the
association operation. Therefore, increase the timeout for IBSS
association operations so that the supplicant doesn't interrupt the
driver as much.
Since mac80211 requires that the device be !IFF_UP to change the mode
(and I think the old prism54 fullmac driver does too), do that. This
shouldn't harm fullmac devices since they can handle mode switches on
the fly and usually don't care about up/down that much.
Add a cost of about 2.5 kB of additional cost, the internal LibTomMath can
be configured to include fast exptmod routine to speed up DH and RSA.
This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_EXPTMOD=y in
.config.
In situations where the driver does background scanning and sends a
steady stream of scan results, wpa_supplicant would continually
reschedule the scan. This resulted in specific SSID scans never
happening for a hidden AP, and the supplicant never connecting to the AP
because it never got found. Instead, if there's an already scheduled
scan, and a request comes in to reschedule it, and there are enabled
scan_ssid=1 network blocks, let the scan happen anyway so the hidden
SSID has a chance to be found.
linux/wireless.h ends up including number of Linux kernel header files and
many of the definitions are conflicting with (or at least duplicating)
definitions in net/if.h.
mac80211 sends _both_ channel and frequency in it's scan results, with
frequency first and channel second (it's since been fixed to send
channel first and frequency second to work around this issue). This
results in wpa_supplicant getting the right value when the frequency
comes, but overwriting the value with '0' when the channel comes because
wpa_supplicant can't handle 5GHz channel numbers. So if a valid
previous SIOCGIWFREQ event came in, don't try to overwrite it.
The internal TLS implementation can now use both PKCS #1 RSA private key
and PKCS #8 encapsulated RSA private key. PKCS #8 encrypted private key is
not yet supported.