This is just making an as-is copy of EAP-AKA server and peer
implementation into a new file and by using the different EAP method
type that is allocated for EAP-AKA' (50). None of the other differences
between EAP-AKA and EAP-AKA' are not yet included.
It is likely that once EAP-AKA' implementation is done and is found to
work correctly, large part of the EAP-AKA and EAP-AKA' code will be
shared. However, it is not reasonable to destabilize EAP-AKA
implementation at this point before it is clearer what the final
differences will be.
This cleans up the internal interface between different modules and is
the first step in getting wpa_supplicant design closer to hostapd as far
as WPS is concerned.
This adds WPS support for both hostapd and wpa_supplicant. Both programs
can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN
methods are supported.
Currently, hostapd has more complete configuration option for WPS
parameters and wpa_supplicant configuration style will likely change in
the future. External Registrars are not yet supported in hostapd or
wpa_supplicant. While wpa_supplicant has initial support for acting as
an Registrar to configure an AP, this is still using number of hardcoded
parameters which will need to be made configurable for proper operation.
Find attached the patch that creates a new driver: roboswitch. This
driver adds support for wired authentication with a Broadcom
RoboSwitch chipset. For example it is now possible to do wired
authentication with a Linksys WRT54G router running OpenWRT.
LIMITATIONS
- At the moment the driver does not support the BCM5365 series (though
adding it requires just some register tweaks).
- The driver is also limited to Linux (this is a far more technical
restriction).
- In order to compile against a 2.4 series you need to edit
include/linux/mii.h and change all references to "u16" in "__u16". I
have submitted a patch upstream that will fix this in a future version
of the 2.4 kernel. [These modifications (and more) are now included in
the kernel source and can be found in versions 2.4.37-rc2 and up.]
USAGE
- Usage is similar to the wired driver. Choose the interfacename of
the vlan that contains your desired authentication port on the router.
This name must be formatted as <interface>.<vlan>, which is the
default on all systems I know.
delaying Michael MIC error reports by a random amount of time between 0 and
60 seconds if multiple Michael MIC failures are detected with the same PTK
(i.e., the Authenticator does not rekey PTK on first failure report). This
is disabled by default and can be enabled with a build option
CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config.
This may help in making a chopchop attack take much longer time by forcing
the attacker to wait 60 seconds before knowing whether a modified frame
resulted in a MIC failure.
This adds some parts needed to use usermode MLME with the current mac80211
(plus a patch to add a new cfg80211 command; not yet submitted to
wireless-testing). This version creates a monitor interface for management
frames and is able to send Probe Request frames during scan. However, it
looks like management frame reception is not yet working properly. In
addition, mlme_{add,remove}_sta() handlers are still missing.
driver_nl80211.c is based on driver_wext.c and it is still using Linux
wireless extensions for many functions. Over time, the new driver interface
code should be modified to use nl80211/cfg80211 for everything.
CONFIG_INTERNAL_LIBTOMMATH_FAST=y in .config can now be used to enable all
optimized routines at a cost of about 4 kB. This is small enough increase
in size to justify simplified configuration.
At the cost of about 1 kB of additional binary size, the internal
LibTomMath can be configured to include faster div routine to speed up DH
and RSA. This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_DIV=y in
.config.
At the cost of about 0.5 kB of additional binary size, the internal
LibTomMath can be configured to include faster sqr routine to speed up DH
and RSA. This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_SQR=y in
.config.
Add a cost of about 2.5 kB of additional cost, the internal LibTomMath can
be configured to include fast exptmod routine to speed up DH and RSA.
This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_EXPTMOD=y in
.config.
EAP-PEAP was the only method that used the external eap_tlv.c peer
implementation. This worked fine just for the simple protected result
notification, but extending the TLV support for cryptobinding etc. is not
trivial with such separation. With the TLV processing integrated into
eap_peap.c, all the needed information is now available for using
additional TLVs.
This adds support for PS3 wireless to wpa_supplicant.
Although PS3 wireless driver is designed to conform the WEXT standard
as much as possible, unfortunately the wext driver wrapper of
wpa_supplicant can not support PS3 wireless fully because:
- PS3 wireless driver uses private WEXT ioctls for accepting PSK of
WPA-Personal from the userland.
WEXT does not specify the way to do it.
- The association and 4-way handshake are done by PS3 virtual
wireless device. The guest OSes can not interfere it.
- No EAPOL frames are allowed to go outside of the
hypervisor/firmware nor come from. They are eaten by the firmware.
Thus I needed to make a new driver wrapper for PS3 wireless.
This patch can be applied against the latest 0.6.x tree.
Signed-off-by: Masakazu Mokuno <mokuno@sm.sony.co.jp>