Commit graph

1142 commits

Author SHA1 Message Date
Jouni Malinen
4ef1e644eb Determiner whether driver is wired at runtime based on capabilities
Do not use just the driver name for this since driver_ndis.c supports
both wired and wireless NDIS drivers and needs to indicate the driver
type after initialization.
2009-03-07 22:05:43 +02:00
Jouni Malinen
ed843aaa33 WMM-AC: Fix hostapd processing of ADDTS Request and add test code
Calculate the estimated medium time using integer variables since there
is no real need to use floating point arithmetics here. In addition,
make sure there is no division by zero regardless of how invalid the
request from the station is. Reject invalid parameters and refuse
requests that would take most of the bandwidth by themselves.

Add test code into wpa_supplicant mlme.c to allow WMM-AC negotiation to
be tested with driver_test.
2009-03-06 20:15:00 +02:00
Jouni Malinen
5c3dd4ebbe Enable WMM support in the test MLME code
This allows driver_test to be used to test WMM negotiation.
2009-03-06 17:28:00 +02:00
Jouni Malinen
9cf548c082 Allow PN531_PATH to be overriden from .config 2009-03-06 16:25:48 +02:00
Masashi Honma
e1ee6b600b WPS: Add support for NFC out-of-band mechanism
The new file wps_nfc.c and ndef.c implements NFC device independent
operation, wps_nfc_pn531.c implements NFC device dependent operation.

This patch is only for the following use case:
- Enrollee = wpa_supplicant
- Registrar = hostapd internal Registrar

Following NFC methods can be used:
- Enrollee PIN with NFC
- Registrar PIN with NFC
- unencrypted credential with NFC

Encrypted credentials are not supported.

Enrollee side operation:

Registrar side operation:

Example configuration.
CONFIG_WPS=y
CONFIG_WPS_NFC=y
CONFIG_WPS_NFC_PN531=y

I used NFC device "NXP PN531". The NFC device access method is
confidential, so I used outer library. Please download below files from
https://www.saice-wpsnfc.bz/index.php

[WPS NFC Library]
WpsNfcLibrary/WpsNfc.h
WpsNfcLibrary/WpsNfcType.h
WpsNfcLibrary/WpsNfcVersion.h
WpsNfcLibrary/linux/libnfc_mapping_pn53x.dll
WpsNfcLibrary/linux/wpsnfc.dll

[NFC Reader/Writer Kernel Driver]
NFCKernelDriver-1.0.3/linux/kobj/sonyrw.ko

<WiFi test>
The hostapd/wpa_supplicant with this patch passed below tests on
"Wi-Fi WPS Test Plan Version 1.6".
4.2.5 Add device using NFC Method with password token
(I used SONY STA instead of NXP STA.)

4.2.6 Add device using NFC Method with configuration token

5.1.9 Add to AP using NFC Method with password token
through internal registrar
(I used SONY AP instead of NXP AP.)

5.1.10 Add to AP using NFC Method with configuration token
through internal registrar
2009-03-06 16:16:22 +02:00
Jouni Malinen
7cc1b6c900 WPS: Add a workaround for TKIP/CCMP mixed mode credentials
Many deployed APs do not handle negotiation of security parameters well
when both TKIP and CCMP (or both WPA and WPA2) are enabled. The most
common end result seems to be ending up with the least secure option..

As a workaround, check whether the AP advertises WPA2/CCMP in Beacon
frames and add those options for the credential if needed. This allows
the client to select the most secure configuration regardless of how
broken the AP's WPS implementation is as far as auth/encr type
negotiation is concerned.
2009-03-05 21:39:39 +02:00
Jouni Malinen
77ac446621 Fix MLME build after WMM renames 2009-03-05 15:56:51 +02:00
Sam Leffler
a83d9c9652 Add build option CONFIG_TERMINATE_ONLASTIF
This makes wpa_supplicant terminate automatically if the configured
interface(s) disappear.
2009-03-02 21:57:00 +02:00
Sam Leffler
daa70d49de Add support for wpa_supplicant syslog output
Enable for build: CFLAGS += -DCONFIG_DEBUG_SYSLOG in .config
Enable at runtime: -s on command line
2009-03-02 21:40:44 +02:00
Jouni Malinen
049a292f89 Fix builds that need SHA256 or mod_exp, but not TLS functions 2009-02-27 17:46:40 +02:00
Jouni Malinen
f4c617ee4c WPS UFD: Add entry to ChangeLog 2009-02-26 22:10:50 +02:00
Jouni Malinen
116f7bb0a3 WPS UFD: Build OOB functionality only if UFD is enabled 2009-02-26 22:10:21 +02:00
Jouni Malinen
d5e2b2d274 WPS UFD: Use pre-configured DH keys only with OOB
The old behavior of generating new DH keys can be maintained for non-OOB
cases and only OOB (in this case, with UFD) will use the pre-configured
DH keys to allow the public key hash to be checked.
2009-02-26 22:09:35 +02:00
Jouni Malinen
7cbf51bbd8 WPS UFD: Remove oob_dev pointer from wps_context
This pointer and the especially the oob_dev->device_path does not remain
valid, so better not save it any longer than it is needed.
2009-02-26 22:07:55 +02:00
Jouni Malinen
390cd3105d WPS UFD: Make build conditional on CONFIG_WPS_UFD=y
Not all embedded devices have USB interface and it is useful to be able
to remove unneeded functionality from the binary. In addition, the
current implementation has some UNIX specific calls in it which may make
it not compile cleanly on all target systems.
2009-02-26 22:01:36 +02:00
Masashi Honma
46bdb83acd WPS: Add UFD support (USBA out-of-band mechanism)
This patch is only for the following use case:
- Enrollee = wpa_supplicant
- Registrar = hostapd internal Registrar

Following UFD methods can be used:
- Enrollee PIN with UFD
- Registrar PIN with UFD
- unencrypted credential with UFD

Encrypted credentials are not supported.

Enrollee side operation:
wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r

Registrar side operation:
./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 21:57:38 +02:00
Andriy Tkachuk
522b5b6ed3 WPS: Fix WEP key index to use 1..4 instead of 0..3
It seems that WFA WPS spec says that default key index should be 1 (not
0). I think this meas that WEP key indexes region is not from 0 to 3,
but from 1 to 4 in WPS. At least WRT610N implemented it this way.
2009-02-18 19:58:44 +02:00
Jouni Malinen
7c2849d2a0 Add BSS flags to scan results to indicate signal quality validity
These flags are used to mark which values (level, noise, qual) are
invalid (not available from the driver) and whether level is using dBm.
D-Bus interface will now only report the values that were available.
2009-02-18 13:40:38 +02:00
Andriy Tkachuk
4b195a1bc9 WPS: support WEP keys in hex characters format in received credentials
Attached patch makes wpa_supplicant support WEP keys in hex characters
format in received credentials from Registrars (tested with WRT610N).
2009-02-17 10:30:43 +02:00
Andriy Tkachuk
0632542b8b WPS: support registration with APs in WEP security mode
Attached patch fixes the issue when supplicant does not select APs in
WEP security mode for WPS registration.
2009-02-17 10:17:24 +02:00
Jouni Malinen
84992a8fb4 Updated to-do list for wpa_supplicant
No point in using time with Host AP driver optimizations anymore.
Note another race condition with 4-way handshake (and PTK config to
driver).
2009-02-16 20:50:55 +02:00
Jouni Malinen
caf3159831 Update nmake.mak to match with current files 2009-02-15 18:35:23 +02:00
Jouni Malinen
c511c8c6e0 Avoid using #ifdef inside printf string
This makes it easier to use a preprocessor macro for printf.
2009-02-15 14:35:30 +02:00
Daniel Mierswa
d94d4bafbb Improved 'make install' (use BINDIR/LIBDIR, install shared objects) 2009-02-15 14:22:50 +02:00
Daniel Mierswa
6301cc5d38 Allow the privsep driver to pass the set_country to the real driver 2009-02-15 14:13:27 +02:00
Jouni Malinen
ba2a573c5f Rename "broadcast SSID" to "wildcard SSID"
"Wildcard SSID" is the term used in IEEE Std 802.11-2007, so it is a
better name for the zero-length SSID used in Probe Request.
2009-02-14 22:21:17 +02:00
Jouni Malinen
6a1063e008 driver_nl80211: Add support for multi-SSID scan requests 2009-02-14 21:17:46 +02:00
Jouni Malinen
e76baaac0c Add support for multi-SSID scan requests
If the driver reports support for more than one SSID per scan request,
optimize scan_ssid=1 operations in ap_scan=1 mode. This speeds up
scanning whenever scan_ssid=1 is used since the broadcast SSID can be
included in every scan request and if driver supports more than two
SSIDs in the scan request, the benefits are even larger when multiple
networks have been configured with ap_scan=1.

This is also cleaning up wpa_supplicant_scan() function by moving code
around so that the SSID list is not processed unnecessarily if the
operation mode does not need this.
2009-02-14 20:59:26 +02:00
Jouni Malinen
fc2b7ed5f3 Add extended driver scan request command: driver_ops::scan2()
This can be used to provide support for scanning multiple SSIDs at a
time to optimize scan_ssid=1 operations. In addition, Probe Request IEs
will be available to scan2() (e.g., for WPS PBC scanning).
2009-02-14 17:01:32 +02:00
Jouni Malinen
362f781e1c Allow multiple driver wrappers to be specified on command line
For example, -Dnl80211,wext could be used to automatically select
between nl80211 and wext. The first driver wrapper that is able to
initialize the interface will be used.
2009-02-14 16:43:43 +02:00
Jouni Malinen
80bc75f135 New driver capability info: max number of scan SSIDs
The driver wrappers can now inform wpa_supplicant how many SSIDs can
be used in a single scan request (i.e., send multiple Probe Requests
per channel). This value is not yet used, but it can eventually be used
to allow a new scan command to specify multiple SSIDs to speed up
scan_ssid=1 operations. In addition, a warning could be printed if
scan_ssid=1 is used with a driver that does not support it
(max_scan_ssids=0).
2009-02-12 22:05:32 +02:00
Jouni Malinen
f6190d376d Removed an obsolete comment about use of external program for EAP 2009-02-11 22:35:27 +02:00
Jouni Malinen
ec1020512c wpa_gui-qt4: Add support for selecting between WEP open/shared key auth
Split the auth=none option into three: open, WEP, WEP with shared key to
allow the user specify WEP with shared key authentication. In addition,
fix static WEP key edits to be enabled only when using static WEP keys
(i.e., not for IEEE 802.1X).
2009-02-10 15:26:26 +02:00
Jouni Malinen
4225097c5a Fix test-sha256 build 2009-02-10 14:31:27 +02:00
Jouni Malinen
073ab58ff5 Fixed a copy-paste error in a function documentation 2009-02-10 11:45:17 +02:00
Helmut Schaa
c3f5b1e16d Send a dbus reply only if requested by the caller
wpa_supplicant should not send a dbus reply as response to a method call
if no reply was requested by the caller. Sending a reply even if not
requested is basically no problem but triggers dbus warnings like the
one below.

Feb  9 07:31:23 linux-gvjr dbus-daemon: Rejected send message, 2 matched
rules; type="error", sender=":1.129" (uid=0 pid=30228
comm="/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wp")
interface="(unset)" member="(unset)" error
name="fi.epitest.hostap.WPASupplicant.InvalidInterface"
requested_reply=0 destination=":1.128" (uid=0 pid=30226
comm="/usr/sbin/NetworkManager "))

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2009-02-09 19:45:06 +02:00
Jouni Malinen
53c256a476 Fix MinGW build with CONFIG_EAP_TNC=y
MinGW does not use -ldl so do not add this unconditionally.
2009-02-08 12:47:28 +02:00
Jouni Malinen
96c7c3072d Fix privsep build with CONFIG_CLIENT_MLME=y
Add wpa_supplicant_sta_free_hw_features() and wpa_supplicant_sta_rx()
for driver wrappers in wpa_priv.
2009-02-07 10:30:32 +02:00
Daniel Mierswa
716d543d5c Include wpabuf.o in wpa_priv build
If you choose to use CONFIG_PRIVSEP=y, the wpabuf functions seem to
miss. The attached patch is against trunk and should probably fix it.
2009-02-07 10:19:28 +02:00
Jouni Malinen
6dbcd00912 Removed CONFIG_EAP_WSC=dyn option
Build EAP-WSC dynamically does not make much sense and with the
dependencies to WPS code from number of places resolving this is not
trivial. It is simpler to just remove this option.
2009-02-07 10:09:49 +02:00
Pavel Roskin
4c2660c2b0 Fix building dynamic EAP peer modules
Strip directory name from the target in the pattern rule for dynamic
modules.  Remove dynamic modules on "make clean".
2009-02-07 10:05:23 +02:00
Jouni Malinen
e1c7954d5d Added CONFIG_WPS_UPNP for wpa_supplicant tests
For now, this is just an undocumented build option to make it possible
to build ../src/wps/*.o in a way that matches with hostapd needs.
2009-02-06 13:52:30 +02:00
Daniel Mierswa
b77eab282a Explicitly link against libdl when including TNC support
If you don't choose OpenSSL as TLS implementation and choose to enable
CONFIG_EAP_TNC you have to link against libdl. The OpenSSL libraries
implicitly link against them, so this might be a reason why it wasn't
noticed yet. I assume the same applies to hostapd.
2009-02-05 19:24:16 +02:00
Jouni Malinen
a7baefda28 Fixed eapol_test linking with CONFIG_IBSS_RSN=y 2009-02-05 18:20:26 +02:00
Jouni Malinen
42f1ee7d1f Fixed scan buffer increasing with WEXT
We can now handle up to 65535 byte result buffer which is the maximum
due to WEXT using 16-bit length field. Previously, this was limited to
32768 bytes in practice even through we tried with 65536 and 131072
buffers which we just truncated into 0 in the 16-bit variable.

This more or less doubles the number of BSSes we can received from scan
results.
2009-02-05 12:00:23 +02:00
Helmut Schaa
81e59f1070 Fix a segfault in wpa_supplicant_deinit
If wpa_supplicant is started with -u but the DBus service is already
registered wpa_supplicant will bail out. However, it will segfault
in wpa_supplicant_deinit because global->drv_priv wasn't allocated
yet.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2009-02-04 21:55:12 +02:00
Jouni Malinen
421b4ba50a Add CONFIG_DRIVER_NL80211 and clarify client MLME limitations
This is based on a patch from Pavel Roskin <proski@gnu.org>, but with
the WIRELESS_DEV part removed instead of moved since it does not apply
anymore. Additional note on client MLME limitations was also added.
2009-02-04 21:48:05 +02:00
Pavel Roskin
e7e9c46e55 Use better examples for MadWifi path in defconfig, clarify comments
MadWifi is unlikely to be in ../head relative to hostapd or
wpa_supplicant, as it would be inside the hostap git repository.
MadWifi sources are more likely to be in a directory called "madwifi"
and residing outside the hostap repository.  Using "madwifi" also
demonstrates that the top-level madwifi directory is needed.
2009-02-04 21:45:14 +02:00
Jouni Malinen
97642d73ee wpa_gui-qt4: Disable WPS tab in the same way as the menu item
Disable by default and only enable if the running wpa_supplicant has
support for WPS. This is based on a patch from Kel Modderman
<kel@otaku42.de>.
2009-02-01 22:02:32 +02:00
Jouni Malinen
1c5aeef0c2 Add comments on the new Broadcom driver not using driver_broadcom.c
The newer Broadcom driver ("hybrid Linux driver") supports Linux
wireless extensions and does not need (or even work) with the old
driver wrapper.
2009-01-30 21:34:40 +02:00
Jouni Malinen
3b2cf800af WPS: Lock AP Setup on multiple AP PIN validation failures
If a Registrar tries to configure the AP, but fails to validate the
device password (AP PIN), lock the AP setup after four failures. This
protects the AP PIN against brute force guessing attacks.
2009-01-23 21:57:43 +02:00
Jouni Malinen
a609915233 Allow WPS APs for PIN enrollment even without Selected Registrar
Some WPS APs do not set Selected Registrar attribute to 1 properly when
using an external Registrar. Allow such an AP to be selected for PIN
registration after couple of scan runs that do not find APs marked with
Selected Registrar = 1. This allows wpa_supplicant to iterate through
all APs that advertise WPS support without delaying connection with
implementations that set Selected Registrar = 1 properly.
2009-01-23 13:10:58 +02:00
Jouni Malinen
695e2b48e2 Documented interface for external WPS credential processing 2009-01-21 16:42:11 +02:00
Jouni Malinen
1cc84c1c6b Increased wpa_cli/hostapd_cli ping interval and made it configurable
The default interval is now 5 seconds (used to be 1 second for
interactive mode and 2 seconds for wpa_cli -a). The interval can be
changed with -G<seconds> command line option.
2009-01-20 21:12:00 +02:00
Jouni Malinen
adddffd129 Fixed MFP Association Comeback mechanism to use Timeout Interval IE
The separate Association Comeback Time IE was removed from IEEE 802.11w
and the Timeout Interval IE (from IEEE 802.11r) is used instead. The
editing on this is still somewhat incomplete in IEEE 802.11w/D7.0, but
still, the use of Timeout Interval IE is the expected mechanism.
2009-01-19 18:42:10 +02:00
Jouni Malinen
476621644c WPS: Add configurable option for processing credentials externally
The wps_cred_process option can be used to configure wpa_supplicant to
send received Credential attributes for external processing over
ctrl_iface and dbus. This allows external programs to update their
configuration when WPS is used to provision new networks.
2009-01-18 12:27:12 +02:00
Jouni Malinen
eca6e0a9a5 WPS: Provide the unparsed Credential attribute to cred_cb()
This makes it easier to pass the credential data to external programs
(e.g., Network Manager) for processing. The actual use of this data is
not yet included in hostapd/wpa_supplicant.
2009-01-17 22:17:12 +02:00
Jouni Malinen
f286077de2 WPS: Ignore credentials for unsupported authentication type
The current implementation does not support WPA/WPA2-Enterprise
credentials. Ignore any credential that is using unsupported
authentication type to avoid potential issues with partially configured
network blocks.
2009-01-17 21:45:51 +02:00
Jouni Malinen
7aab82b3fe Fixed WPS credential conversion to wpa_supplicant configuration
Must not set pairwise_cipher/group_cipher for non-WPA/WPA2 networks
since the configuration parser is going to reject such values. In
addition, should not limit group_cipher to just TKIP or TKIP|CCMP just
in case the AP is using WEP as the group cipher. Default group_cipher
value can be used for all cases.
2009-01-17 21:37:15 +02:00
Jouni Malinen
98f14041d0 IBSS RSN: Added key configuration 2009-01-17 18:14:41 +02:00
Jouni Malinen
0f057fb2c7 Added a separate ctx pointer for wpa_msg() calls in WPA supp
This is needed to allow IBSS RSN to use per-peer context while
maintaining support for wpa_msg() calls to get *wpa_s as the pointer.
2009-01-17 17:54:40 +02:00
Jouni Malinen
b9a2e577b4 IBSS RSN: Set the PSK based on network configuration 2009-01-17 17:47:25 +02:00
Jouni Malinen
4691fc7bc8 IBSS RSN: Set more hardcoded RSN IEs for now
This allows 4-way handshakes to be completed successfully.
2009-01-17 17:39:57 +02:00
Jouni Malinen
3146b2b961 IBSS RSN: Added couple of required WPA supplicant callback functions 2009-01-17 17:31:21 +02:00
Jouni Malinen
8be1844071 Process received EAPOL frames in IBSS RSN code if in IBSS mode 2009-01-17 17:25:11 +02:00
Jouni Malinen
53895c3b60 Disable per-BSSID authentication for RSN IBSS
RSN IBSS uses authentication per-STA and that is initialized separately,
so there is no need to enable the per-BSS like authentication that is
used with APs.
2009-01-17 16:41:47 +02:00
Jouni Malinen
a5da9c64c9 Save and restore wpa_gui state when session manager restarts the app
This makes wpa_gui remember whether it was only in the tray when the
session was terminated and starts only in the tray if session manager
restarts it automatically.
2009-01-17 13:45:05 +02:00
Jouni Malinen
da3c6a5e2b Fixed auth_send_eapol() to use correct ctx structure 2009-01-16 01:18:11 +02:00
Jouni Malinen
d0fc6e1211 Use a hardcoded RSN IE for testing to start Authenticator
This needs to be replaced with proper RSN IE from the peer STA (e.g.,
from Probe Response).
2009-01-16 01:11:50 +02:00
Jouni Malinen
e2d492dd08 Implement EAPOL sending callbacks for IBSS RSN 2009-01-16 00:56:31 +02:00
Jouni Malinen
11ef8d3578 Added initial step for IBSS RSN support
This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used
to enable RSN support for IBSS. This links in RSN Authenticator code
from hostapd and adds code for managing per-peer information for IBSS. A
new wpa_cli command or driver event can be used to request RSN
authentication with an IBSS peer. New RSN Authenticator and Supplicant
will be allocated for each peer.

The basic state machine setup code is included in this commit, but the
state machines are not properly started yet. In addition, some of the
callback functions are not yet complete.
2009-01-15 01:21:55 +02:00
Jouni Malinen
676ea3413d eapol_test: Allow generated RADIUS attributes to be replaced
Do not add the automatically generated RADIUS attributes NAS-IP-Address,
Calling-Station-Id, Framed-MTU, NAS-Port-Type, and Connect-Info if -N
option is used with the same attribute type. This allows these
attributes to be replaced without causing duplicate entries.
2009-01-13 21:33:09 +02:00
Jouni Malinen
540264a721 Removed wpa_sm dereference from pmksa_cache_list() 2009-01-13 20:22:42 +02:00
Jouni Malinen
93ea8ed034 Partial fix for test_wpa build 2009-01-13 19:37:22 +02:00
Kel Modderman
e0f6d3d9b5 wpa_gui-qt4: silence compile warning + wpsTab enable/disable
Fix compile warning by renaming gridLayout to wpsGridLayout in
wpagui.ui, it seems to be used internally.

/usr/bin/uic-qt4 eventhistory.ui -o .ui/ui_eventhistory.h
/usr/bin/uic-qt4 scanresults.ui -o .ui/ui_scanresults.h
/usr/bin/uic-qt4 wpagui.ui -o .ui/ui_wpagui.h
Warning: name gridLayout is already used
/usr/bin/uic-qt4 userdatarequest.ui -o .ui/ui_userdatarequest.h
/usr/bin/uic-qt4 networkconfig.ui -o .ui/ui_networkconfig.h

Also disable WPS tab if the running supplicant doesn't support that,
just as the WPS action menu is.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2009-01-11 21:44:07 +02:00
Jouni Malinen
76e2592190 Share the same radiotap helper implementation 2009-01-09 15:22:19 +02:00
Jouni Malinen
8383da8009 Fixed eapol_test build after RADIUS API changes (const) 2009-01-09 13:27:56 +02:00
Jouni Malinen
6f78f2fb3b Preparations for 0.6.7 release 2009-01-06 20:11:15 +02:00
Eygene Ryabinkin
dfa141b1b0 wpa_cli: Embed command usage into the wpa_cli_commands array
It is better to have command description around the command definitions:
the chances for omitting usage, forgotting to change/delete them, etc.
are smaller than for the separate usage statement. [Bug 290]

Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
2009-01-05 21:33:34 +02:00
Eygene Ryabinkin
40fd868c09 wpa_cli: Improve sensitive command detection for readline history
I had added flags to the every command description: just now the only
meaningful flag tells that this command has sensitive arguments and it
shouldn't be written to the disk.  I rewrote the logics for the search
for the sensitive commands: special procedure is now loops over all
commands and tries to see if command has sensitive data. [Bug 289]

Signed-off-by: Eygene Ryabinkin <rea-fbsd@codelabs.ru>
2009-01-05 21:07:54 +02:00
Eygene Ryabinkin
413653e839 wpa_cli: fix readline history cleaning
First of all, the history had not been written to the disk, since almost
all commands were cleaned up due to the error in the history cleaning:
the return value of the last os_strncasecmp() call was not compared to
zero, but was rather used as is.  So the condition was almost always
true and most commands were removed from the history.

The second problem was that the evaluation of the potentially sensitive
commands was started at the entry number 1, instead of very first entry.
2009-01-05 20:48:45 +02:00
Jouni Malinen
2c04820d80 Fixed a typo in usage help 2009-01-04 22:13:34 +02:00
Tomasz Wolniewicz
db803a3607 eapol_test: Add a universal way of adding extra RADIUS attributes
This change replaces -I and -i options (Chargeable-User-Identity) with a
new -N option that can add any RADIUS attribute into the Access-Request
messages without having to modify eapol_test for each new attribute.
2009-01-04 22:10:56 +02:00
Jouni Malinen
b39d1280a7 Silenced number of Doxygen warnings 2009-01-04 15:07:54 +02:00
Jouni Malinen
f565d71ac9 Remove wpa_gui from doxygen documentations
The *.ui.h were causing number of warnings and they do not need to be
included in documentation.
2009-01-04 14:58:47 +02:00
Jouni Malinen
f58b20ce66 Fixed IMAGE_PATH for doxygen run in root directory 2009-01-04 14:44:33 +02:00
Jouni Malinen
cd7aacbed4 Remove temporary Qt build directories from Doxygen run 2009-01-04 14:28:20 +02:00
Jouni Malinen
842e11d0bd Remove unwanted wpa_supplicant -> struct wpa_supplicant links
Replace " wpa_supplicant" with " %wpa_supplicant" except for
"struct wpa_supplicant". This makes it easier to write Doxygen comments
since there is no need to add the ugly '%' prefix to each instance of
wpa_supplicant text showing up.
2009-01-04 14:25:58 +02:00
Jouni Malinen
e857fb05df Resolve a Doxygen warning 2009-01-04 14:06:13 +02:00
Jouni Malinen
f1a3e81098 Fixed Doxygen function links
No need to use explicit @link command, but must include () after
function name (and in couple of cases, use the current function name).
2009-01-04 13:54:07 +02:00
Jouni Malinen
dcc03dbe78 Use NULL, not 0, when comparing a pointer 2009-01-03 21:01:20 +02:00
Jouni Malinen
d953d9ab80 Removed sparse destinations since "CC=cgcc make" works fine 2009-01-03 20:39:52 +02:00
Jouni Malinen
7e5ba1b916 Mark functions static if not used elsewhere and use proper prototypes 2009-01-03 20:38:42 +02:00
Jouni Malinen
c5adf528a2 Moved WPS Registrar initialization from EAP peer to wps_supplicant.c
This matches the style used in hostapd, i.e., Registrar is initialized
only once and callbacks are now processed in wps_supplicant.c.
2009-01-03 20:18:35 +02:00
Jouni Malinen
f90c86d4a3 Added Doxygen documentation for WPS code 2009-01-03 19:50:49 +02:00
Jouni Malinen
875f6d7b93 Create all doxygen docs from root directory to get proper path names
This updated all doxygen runs to use the same style that was used for
wpa_supplicant full documents. The full vs. fast configurations are now
otherwise identical apart from fast not generating dot files or
latex/pdf version of the documentation.
2009-01-03 09:59:12 +02:00
Jouni Malinen
a17df5fb8b Fixed number of doxygen warnings 2009-01-02 22:28:04 +02:00
Jouni Malinen
a4149765a2 Added more src subdirectories into doxygen docs 2009-01-02 22:27:17 +02:00
Jouni Malinen
4be048a8a6 Updated doxygen configuration files to work with new doxygen
The doxygen run is not exactly warning free yet, but this gets a step
closer to being able to produce something useful again.
2009-01-02 21:57:51 +02:00
Jouni Malinen
243869858a Initialize wpa_ie_len to 0 if WPA IE is not set on all paths
The new WPS code was not setting this in error case.
2009-01-02 21:50:22 +02:00
Jouni Malinen
79da74a20c WPS: Generate UUID based on MAC address, if not set
Generate a SHA1 hash -based UUID from the local MAC address if the UUID
was not configured. This makes it easier to prepare for WPS since there
is no need to generate an UUID.
2009-01-01 22:56:52 +02:00
Jouni Malinen
97d3497e29 MFP: Require MFP is it is enabled and AP scan shows support for it
When using ap_scan=1, we know before the association request that MFP
will be supported, so we can as well require it. This helps mac80211 in
configuring whether to enable MFP.
2008-12-31 17:53:31 +02:00
Andriy Tkachuk
d9f5626293 NEED_BASE64 for WPS
It looks like we need base64 routines when compiling WPS in hostapd
(used in src/wps/wps_registrar.c:910).
2008-12-26 16:40:27 +02:00
Jouni Malinen
cae93bdc9c Added a note about IEEE 802.11w/D7.0 update 2008-12-26 12:59:07 +02:00
Jouni Malinen
93b76319f1 Renamed Ping procedure into SA Query procedure per 802.11w/D7.0
This commit changes just the name and Action category per D7.0. The
retransmit/timeout processing in the AP is not yet updated with the
changes in D7.0.
2008-12-26 11:46:21 +02:00
Andriy Tkachuk
a6f06dabb2 Longer auth_timeout for WPS key_mgmt
It seems that for WPS registration we should use the same authentication
timeout as for ieee8021x, no? (See patch attached.) On slow platforms
public keys computation may take around 4-5 seconds (we actually stuck
on this issue).
2008-12-25 20:26:07 +02:00
Jouni Malinen
c674a55d71 Added a ChangeLog entry about the new Windows installer 2008-12-25 17:37:04 +02:00
Jouni Malinen
6207129af4 wpa_gui-qt4: Do not about new network adapters unless service is running
Skip the user prompt for adding a new network interface if wpa_gui is
not yet connected to wpasvc.
2008-12-25 17:32:51 +02:00
Jouni Malinen
a6f060d7ec Fixed control interface enabling for dynamically added interface
Set ctrl_interface to non-empty value in INTERFACE_ADD to avoid
ctrl_iface.c assuming the control interface is not to be enabled. This
fixes the dynamically added interface to use control interface.
2008-12-25 17:13:19 +02:00
Jouni Malinen
e40348080d Add Windows registry entries during installation
The NSIS installer will now add Windows registry entries for
wpa_supplicant during installation and removes them during
uninstallation. This allows wpa_gui to start wpasvc and add new
interfaces without requiring the user to do any manual registry
editing.
2008-12-25 16:59:37 +02:00
Jouni Malinen
9904b53d67 wpa_gui-qt4: Added support for adding new network interfaces
"Add interface" command in File menu can now be used to add a new
network interface to running wpa_supplicant (using INTERFACE_ADD control
interface command). In addition, the network interface is added into
Windows registry (with skip_on_error) for future use. This functionality
is currently enabled only for Windows builds. The user is also prompted
about the possibility of adding an interface if no interfaces are
enabled. This makes it easier to get started without having to touch
registry manually.
2008-12-25 16:38:09 +02:00
Jouni Malinen
f44b6b8c04 wpasvc: Add skip_on_error registry value to skip interfaces on error
This can be used to include binding information for multiple interfaces
in Windows registry and only use the ones that match with an available
network interface.
2008-12-24 20:39:32 +02:00
Jouni Malinen
4b4a8ae547 Added a mechanism for quering driver wrappers for available interfaces
The new INTERFACE_LIST global control interface command can be used to
request a list of all available network interfaces that could be used
with the enabled driver wrappers. This could be used to enable
interfaces automatically by external programs (e.g., wpa_gui).
2008-12-24 20:25:19 +02:00
Jouni Malinen
ac305589a3 Added support for global driver data (shared by multiple interfaces)
Driver wrappers can now register global_init() and global_deinit()
driver_ops handlers to get a global data structure that can be shared
for all interfaces. This allows driver wrappers to initialize some
functionality (e.g., interface monitoring) before any interfaces have
been initialized.
2008-12-22 22:24:31 +02:00
Jouni Malinen
e83a089818 Changed the example device_type value to be Computer/PC 2008-12-22 19:43:44 +02:00
Jouni Malinen
45832ddd4d Add Start menu shortcuts to wpa_gui and uninstall
In addition, make uninstall use confirm dialog to avoid accidental
uninstalls.
2008-12-21 19:50:39 +02:00
Jouni Malinen
44cd430f87 Fixed PBC overlap detection to handle case of missing UUID-E
UUID-E is not required to be present in Beacon frame, so we need to
accept scan results that do not have UUID-E as a valid PBC situation as
long as not more than one AP is in active PBC mode.
2008-12-21 17:28:01 +02:00
Jouni Malinen
8647475ebe wpa_gui-qt4: Added wpasvc start/stop functionality for Windows
wpa_gui will now ask user whether the wpasvc service should be started
if it is not running. In addition, File menu has items for starting and
stopping the service.
2008-12-21 14:28:45 +02:00
Jouni Malinen
56fac36e86 Silence a compiler warning 2008-12-21 12:26:32 +02:00
Jouni Malinen
f9e4465c42 Added more notes about WPS GUI scan operations and wpa_gui 2008-12-20 23:03:32 +02:00
Jouni Malinen
24c23d1b3c WPS: Added support for wildcard SSID matching in ap_scan=2 mode
Change association behavior to match with ap_scan=1 when WPS is used in
ap_scan=2 mode with wildcard SSID matching. In addition, allow hardcoded
BSSID to be used to select AP even if selected registrar attribute is
not present.
2008-12-20 22:55:02 +02:00
Jouni Malinen
3c1e276507 Fixed a typo in a comment 2008-12-20 21:51:34 +02:00
Jouni Malinen
ed8db67247 Register wpasvc service on install and unregister on uninstall 2008-12-20 20:49:58 +02:00
Jouni Malinen
798afa8162 Added Windows NSIS installer for wpa_supplicant 2008-12-20 20:40:23 +02:00
Jouni Malinen
2ae2d8aea4 Changed win_gui cross compilation to use cleaner Qt setup
A separate cross compiler mkspecs file (win32-x-g++) is now used to
configure all build options so the setup-mingw-cross-compiling hack is
not needed anymore. Furthermore, the MinGW setup is now on path, so no
need to specify extra PATH changes for it.
2008-12-20 17:50:13 +02:00
Jouni Malinen
a2b3a34bab IANA allocated EAP method type 51 to EAP-GPSK 2008-12-20 12:39:24 +02:00
Jouni Malinen
ad5302a1ca WPS: Added event callback for successfully completed registration 2008-12-19 22:34:18 +02:00
Jouni Malinen
469fc3a41f WPS: Added callback for failure-after-M2/M2D
This callback is now used to stop wpa_supplicant from trying to continue
using parameters (most likely, device password) that do not work in a
loop. In addition, wpa_gui can now notify user of failed registration.
2008-12-19 22:19:41 +02:00
Jouni Malinen
4b68290e77 WPS: Added event callback and M2D notification
The event callback will be used for various event messages and the M2D
notification is the first such message. It is used to notify wpa_gui
about Registrar not yet knowing the device password (PIN).
2008-12-18 21:58:42 +02:00
Jouni Malinen
9be0963605 Fixed global conf write to skip default values for uuid and os_version 2008-12-18 21:29:59 +02:00
Jouni Malinen
c3ece50446 Fixed PSK editing in wpa_gui (copy-paste bug in field names) 2008-12-18 20:03:24 +02:00
Jouni Malinen
f0477201bd WPS: Fixed deinit code for freeing config and registrar data
We need to be a bit more careful when removing the WPS configuration
block since wpa_s->current_ssid may still be pointing at it. In
addition, registrar pointer in wps_context will need to be cleared
since the context data is now maintained over multiple EAP-WSC runs.
Without this, certain WPS operations could have used freed memory.
2008-12-18 01:06:06 +02:00
Jouni Malinen
0ede75ae58 WPS: Added wpa_gui-qt4 support for BSS selection and AP PIN use
The specific AP (BSSID) can now be selected through scan results for
WPS (WPS pushbutton on the network configuration dialog). When a BSSID
is selected, AP device PIN (e.g., from a label) can be used to configure
the AP by acting as a Registrar.
2008-12-16 23:43:08 +02:00
Jouni Malinen
64a6f69362 Use less frequent polling when wpa_gui is hidden 2008-12-16 21:25:44 +02:00
Jouni Malinen
3d799c0b2c WPS: Added WPS support into wpa_gui-qt4
Currently, only Enrollee operations (both PBC and PIN) are supported.
2008-12-15 22:36:42 +02:00
Jouni Malinen
ff8a53a8d7 Use a fixed wps_msg prefix with WPS creds notification 2008-12-15 22:32:45 +02:00
Jouni Malinen
a524f05eb3 WPS: Added control interface notification for available WPS APs
Whenever new scan results include WPS AP(s) and the client is not
associated, send a notification message to control interface monitors.
This makes it easier for GUIs to notify the user about possible WPS
availability without having to go through the scan results.
2008-12-15 20:09:57 +02:00
Jouni Malinen
484957ae6c Fixed memory leak in WPS PBC overlap detection 2008-12-15 19:50:53 +02:00
Jouni Malinen
f4f2774a96 Fixed interoperability issue with PEAPv0 cryptobinding and NPS
Windows Server 2008 NPS gets very confused if the TLS Message Length is
not included in the Phase 1 messages even if fragmentation is not used.
If the TLS Message Length field is not included in ClientHello message,
NPS seems to decide to use the ClientHello data (excluding first six
octets, i.e., EAP header, type, Flags) as the OuterTLVs data in
Cryptobinding Compound_MAC calculation (per PEAPv2; not MS-PEAP)..

Lets add the TLS Message Length to PEAPv0 Phase 1 messages to get rid of
this issue. This seems to fix Cryptobinding issues with NPS and PEAPv0
is now using optional Cryptobinding by default (again) since there are
no known interop issues with it anymore.
2008-12-15 00:15:54 +02:00
Jouni Malinen
000a1de72b Cleaned up EAP-MSCHAPv2 key derivation
Changed peer to derive the full key (both MS-MPPE-Recv-Key and
MS-MPPE-Send-Key for total of 32 octets) to match with server
implementation.

Swapped the order of MPPE keys in MSK derivation since server
MS-MPPE-Recv-Key | MS-MPPE-Send-Key matches with the order specified for
EAP-TLS MSK derivation. This means that PEAPv0 cryptobinding is now
using EAP-MSCHAPv2 MSK as-is for ISK while EAP-FAST will need to swap
the order of the MPPE keys to get ISK in a way that interoperates with
Cisco EAP-FAST implementation.
2008-12-14 13:12:20 +02:00
Jouni Malinen
6e783c6da9 Added INT_RANGE parser for global configuration variables 2008-12-13 18:21:16 +02:00
Jouni Malinen
32896a0dd1 Use shared string parser for global configuration fields 2008-12-13 18:17:27 +02:00
Jouni Malinen
d7afb15a10 Share the same global config parser function for integer values 2008-12-13 18:04:43 +02:00
Jouni Malinen
55655636d8 First step in cleaning up global config parser: use parse_data array 2008-12-13 17:57:17 +02:00
Jouni Malinen
3c0b7aa4fe Added configuration of WPS device parameters for wpa_supplicant 2008-12-13 17:20:46 +02:00
Jouni Malinen
e33bbd8f4d driver_test: Optional support for using UDP socket
driver_test can now be used either over UNIX domain socket or UDP
socket. This makes it possible to run the test over network and makes it
easier to port driver_test to Windows.

hostapd configuration: test_socket=UDP:<listen port>
wpa_supplicant configuration: driver_param=test_udp=<dst IP addr>:<port>
2008-12-12 21:35:22 +02:00
Jouni Malinen
9e72e1d356 Workaround number of compiler warnings with newer MinGW version 2008-12-11 00:56:37 +02:00
Jouni Malinen
1edb9533f1 SHA256 is needed for EAP-AKA' and WPS 2008-12-11 00:48:13 +02:00
Jouni Malinen
315ce40a00 Renamed the 'alpha2' variable to 'country' to match with config string 2008-12-09 22:15:47 +02:00
Jouni Malinen
814e925dc4 Added documentation for the new 'country' configuration option 2008-12-09 22:13:35 +02:00
Luis R. Rodriguez
6d1584905c wpa_supplicant: Add support for setting of a regulatory domain
This adds support for setting of a regulatory domain to wpa_supplicant
drivers. It also adds regulatory domain setting for the nl80211 driver.
We expect an ISO / IEC 3166 alpha2 in the wpa configuration file as a
global.
2008-12-09 22:11:14 +02:00
Helmut Schaa
556f5a2a28 wpa_supplicant: print password field only if -K is given
Print the password field only if -K is given by using wpa_hexdump_ascii_key
instead of wpa_hexdump_ascii. Additionally mark the password field as key.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2008-12-09 21:56:47 +02:00
Jouni Malinen
13d9817dd0 Fixed a typo in wpa_supplicant manpage 2008-12-08 22:16:15 +02:00
Jouni Malinen
eef7d7a138 WPS: Added [WPS], [WPS-PIN], [WPS-PBC] flags for scan results 2008-12-08 20:57:59 +02:00
Jouni Malinen
9c9f869a05 Added EAP-FAST interop test results with Radiator 4.3.1 2008-12-07 20:27:43 +02:00
Jouni Malinen
a9d1364c5f Merged EAP-AKA' into eap_aka.c and added it to defconfig/ChangeLog 2008-12-07 19:24:56 +02:00
Jouni Malinen
a17322c345 Removed mac_addr from eapol_ctx to fix the eapol_test build 2008-12-03 19:53:31 +02:00
Jouni Malinen
8c37556cd1 Add a starting point for EAP-AKA' (draft-arkko-eap-aka-kdf-10)
This is just making an as-is copy of EAP-AKA server and peer
implementation into a new file and by using the different EAP method
type that is allocated for EAP-AKA' (50). None of the other differences
between EAP-AKA and EAP-AKA' are not yet included.

It is likely that once EAP-AKA' implementation is done and is found to
work correctly, large part of the EAP-AKA and EAP-AKA' code will be
shared. However, it is not reasonable to destabilize EAP-AKA
implementation at this point before it is clearer what the final
differences will be.
2008-12-02 20:12:49 +02:00
Jouni Malinen
30f5c941aa WPS: Added note about update_config and added WPS to ChangeLog 2008-11-30 17:48:45 +02:00
Jouni Malinen
bd034191ab WPS: Added initial documentation on using WPS with wpa_supplicant 2008-11-30 17:42:58 +02:00
Jouni Malinen
0a40ec6a90 Always clear EAP altAccept and altReject variables on new association
Previously, this was only done when the new connection is using
WPA-Personal. However, it looks like it was possible to trigger an
infinite busy loop if altAccept or altReject were left set to true and
an EAPOL frame is received (eapolEap is set to true). Clearing altAccept
and altReject for each association prevents this loop from happening in
the beginning of the next association.
2008-11-30 16:54:16 +02:00
Jouni Malinen
351f09a221 WPS: Added support for fragmented WPS IE in Beacon and Probe Response
Fragment WPS IE if needed to fit into the IE length limits in hostapd
and Reassemble WPS IE data from multiple IEs in wpa_supplicant.

In addition, moved WPS code from events.c into wps_supplicant.c to clean
up module interfaces.
2008-11-29 22:06:34 +02:00
Jouni Malinen
728fae1631 WPS: Added WPS into key_mgmt config write handler 2008-11-29 21:02:14 +02:00
Jouni Malinen
fcc60db4eb WPS: Added wpa_supplicant ctrl_iface commands to start WPS processing
New control interface commands WPS_PBC, WPS_PIN, and WPS_REG can be used
to start WPS processing. These add and select the WPS network block into
the configuration temporarily, i.e., there is no need to add the WPS
network block manually anymore.
2008-11-29 20:59:45 +02:00
Jouni Malinen
e237a6b0d7 Fixed wpa_config_parse_string() not to modify const string.
This allows wpa_config_set() to be used with const strings as the value.
2008-11-29 20:50:00 +02:00
Jouni Malinen
b01c18a8ef WPS: Set Request Type properly into WPS IE in ProbeReq/AssocReq 2008-11-29 13:38:03 +02:00
Jouni Malinen
7d7b8e960a WPS: Split wps_common.c into parts
To make it easier to find various functions, attribute functions were
split into wps_attr_{build,parse,process}.c.
2008-11-29 13:16:26 +02:00
Jouni Malinen
120bd30c34 WPS: Moved RF Bands processing into wps_dev_attr.c
This allows the RF Bands attribute to be configured and stored.
2008-11-29 12:59:43 +02:00
Jouni Malinen
c0d041d9a7 WPS: Moved ProbeReq/AssocReq WPS IE building into wps_common.c
This code and the related attributes are not specific to Enrollee
functionality, so wps_common.c is the correct location for them.
2008-11-29 12:44:02 +02:00
Jouni Malinen
7d7c918d97 WPS: Pass device data into wps_enrollee_build_probe_req_ie()
Use configured device data instead of hardcoded values to generate WPS
IE for Probe Request.
2008-11-29 12:19:30 +02:00
Jouni Malinen
398cfbf6be WPS: Moved mac_addr and uuid configuration into wps_context
There is no need to complicate EAPOL and EAP interfaces with WPS
specific parameters now that wps_context is passed through.
2008-11-28 20:44:47 +02:00
Jouni Malinen
116654ce24 WPS: Moved wps_context initialization into wps_supplicant.c
The wps_context data is now managed at wpa_supplicant, not EAP-WSC. This
makes wpa_supplicant design for WPS match with hostapd one and also
makes it easier configure whatever parameters and callbacks are needed
for WPS.
2008-11-28 20:32:13 +02:00
Jouni Malinen
bcbbc7af45 WPS: Merged two cred_cb variables into the same one
Previously, wpa_supplicant as Enrollee case was handled using a
different callback function pointer. However, now that the wps_context
structure is allocated for all cases, the same variable can be used in
all cases.
2008-11-28 20:02:32 +02:00
Jouni Malinen
fa201b694f WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c
This cleans up the internal interface between different modules and is
the first step in getting wpa_supplicant design closer to hostapd as far
as WPS is concerned.
2008-11-28 19:46:22 +02:00
Jouni Malinen
f855f923a7 WPS: Moved UUID configuration from phase1 into global config area 2008-11-26 20:47:24 +02:00
Jouni Malinen
ad08c3633c Added preliminary Wi-Fi Protected Setup (WPS) implementation
This adds WPS support for both hostapd and wpa_supplicant. Both programs
can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN
methods are supported.

Currently, hostapd has more complete configuration option for WPS
parameters and wpa_supplicant configuration style will likely change in
the future. External Registrars are not yet supported in hostapd or
wpa_supplicant. While wpa_supplicant has initial support for acting as
an Registrar to configure an AP, this is still using number of hardcoded
parameters which will need to be made configurable for proper operation.
2008-11-23 19:34:26 +02:00
Jouni Malinen
6e89cc438e Preparations for 0.6.6 release 2008-11-23 17:02:06 +02:00
Jouni Malinen
2bf6a16780 Added an attribution based on the original SSLeay license for OpenSSL. 2008-11-21 15:54:35 +02:00
Jouni Malinen
1ac2d4a9ee Fixed canceling of PMKSA caching with driver generated RSN IE
It looks like some Windows NDIS drivers (e.g., Intel) do not clear the
PMKID list even when wpa_supplicant explicitly sets the list to be
empty. In such a case, the driver ends up trying to use PMKSA caching
with the AP and wpa_supplicant may not have the PMK that would be needed
to complete 4-way handshake.

RSN processing already had some code for aborting PMKSA caching by
sending EAPOL-Start. However, this was not triggered in this particular
case where the driver generates the RSN IE. With this change, this case
is included, too, and the failed PMKSA caching attempt is cleanly
canceled and wpa_supplicant can fall back to full EAP authentication.
2008-11-21 15:31:25 +02:00
Jouni Malinen
76e6f26a94 Remove the unwanted Windows console from the Windows binary version of wpa_gui 2008-11-21 14:26:11 +02:00
Jouni Malinen
3b14fb0cab Silence printf() calls in wpa_gui to avoid stdout output from a GUI program 2008-11-21 14:05:37 +02:00
Jouni Malinen
8038591be2 wpa_gui: Add a PNG version of the tray icon for Windows binary build
It looks like Qt does not support SVG format by default on Windows and
it was not trivial to add the plugin into the build, so for now, build a
16x16 PNG icon file for Windows binary to avoid showing an invisible
icon in the tray.
2008-11-21 13:58:12 +02:00
Jouni Malinen
c31a11c962 Changed PEAPv0 cryptobinding to be disabled by default
There are some interoperability issues with Windows Server 2008 NPS, so
better disable cryptobinding use by default for now.
2008-11-20 12:49:34 +02:00
Carolin Latze
98842d51ec Separate OpenSSL engine configuration for Phase 2
I fixed the engine issue in phase2 of EAP-TTLS. The problem was that you
only defined one engine variable, which was read already in phase1. I
defined some new variables:

engine2
engine2_id
pin2

and added support to read those in phase2 wheres all the engine
variables without number are only read in phase1. That solved it and I
am now able to use an engine also in EAP-TTLS phase2.
2008-11-18 16:53:32 +02:00
Jouke Witteveen
e519314ee9 Add RoboSwitch driver interface for wpa_supplicant
Find attached the patch that creates a new driver: roboswitch. This
driver adds support for wired authentication with a Broadcom
RoboSwitch chipset. For example it is now possible to do wired
authentication with a Linksys WRT54G router running OpenWRT.

LIMITATIONS
- At the moment the driver does not support the BCM5365 series (though
adding it requires just some register tweaks).
- The driver is also limited to Linux (this is a far more technical
restriction).
- In order to compile against a 2.4 series you need to edit
include/linux/mii.h and change all references to "u16" in "__u16". I
have submitted a patch upstream that will fix this in a future version
of the 2.4 kernel. [These modifications (and more) are now included in
the kernel source and can be found in versions 2.4.37-rc2 and up.]

USAGE
- Usage is similar to the wired driver. Choose the interfacename of
the vlan that contains your desired authentication port on the router.
This name must be formatted as <interface>.<vlan>, which is the
default on all systems I know.
2008-11-18 16:30:32 +02:00
Jouni Malinen
cd35db9fef Updated userspace MLME instructions for current mac80211
Remove the old code from driver_wext.c since the private ioctl interface is
never going to be used with mac80211. driver_nl80211.c has an
implementation than can be used with mac80211 (with two external patches to
enable userspace MLME configuration are still required, though).
2008-11-18 15:45:25 +02:00
Jouni Malinen
0cf03892a4 OpenSSL 0.9.9 API change for EAP-FAST session ticket overriding API
Updated OpenSSL code for EAP-FAST to use an updated version of the
session ticket overriding API that was included into the upstream
OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is
needed with that version anymore).
2008-11-16 21:29:12 +02:00
Jouni Malinen
1e8b9d2889 Updated interop results for ACS 4.2 2008-11-16 11:30:34 +02:00
Kel Modderman
efd59c96d7 wpa_gui-qt4: tweak icon Makefile
Output the xpm icons in more convenient location.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-11-11 17:41:19 +02:00
Martin Michlmayr
65db6cad23 wpa_gui-qt4: FTBFS with GCC 4.4: missing #include
GCC 4.4 cleaned up some more C++ headers.  You always have to #include
headers directly and cannot rely for things to be included indirectly.

> g++ -c -pipe -O2 -Wall -W -D_REENTRANT -DCONFIG_CTRL_IFACE
-DCONFIG_CTRL_IFACE_UNIX -DQT_NO_DEBUG -DQT_GUI_LIB -DQT_CORE_LIB -DQT_SHARED
-I/usr/share/qt4/mkspecs/linux-g++ -I. -I/usr/include/qt4/QtCore
-I/usr/include/qt4/QtCore -I/usr/include/qt4/QtGui -I/usr/include/qt4/QtGui
-I/usr/include/qt4 -I. -I.. -I../../src/utils -I../../src/common -I.moc -I.ui -o
.obj/wpagui.o wpagui.cpp
> wpagui.cpp: In constructor 'WpaGui::WpaGui(QWidget*, const char*,
Qt::WFlags)':
> wpagui.cpp:98: error: 'printf' was not declared in this scope

From: Martin Michlmayr <tbm@cyrius.com>
Bug:  http://bugs.debian.org/505041

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-11-11 17:36:37 +02:00
Jouni Malinen
46690a3b9b Added an optional mitigation mechanism for certain attacks against TKIP by
delaying Michael MIC error reports by a random amount of time between 0 and
60 seconds if multiple Michael MIC failures are detected with the same PTK
(i.e., the Authenticator does not rekey PTK on first failure report). This
is disabled by default and can be enabled with a build option
CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config.

This may help in making a chopchop attack take much longer time by forcing
the attacker to wait 60 seconds before knowing whether a modified frame
resulted in a MIC failure.
2008-11-08 04:43:12 +02:00
Jouni Malinen
fa71a1d84a Fixed EAP-AKA RES Length field in AT_RES as length in bits, not bytes 2008-11-07 08:30:34 +02:00
Jouni Malinen
581a8cde77 Added support for enforcing frequent PTK rekeying
Added a new configuration option, wpa_ptk_rekey, that can be used to
enforce frequent PTK rekeying, e.g., to mitigate some attacks against TKIP
deficiencies. This can be set either by the Authenticator (to initiate
periodic 4-way handshake to rekey PTK) or by the Supplicant (to request
Authenticator to rekey PTK).

With both wpa_ptk_rekey and wpa_group_rekey (in hostapd) set to 600, TKIP
keys will not be used for more than 10 minutes which may make some attacks
against TKIP more difficult to implement.
2008-11-06 19:57:21 +02:00
Jouni Malinen
81eec387dd Added Milenage-GSM simulator for EAP-SIM
CONFIG_SIM_SIMULATOR=y in .config and password="Ki:OPc" in network config
to enable.
2008-11-06 04:21:32 +02:00
Jouni Malinen
2a24bb3199 Added Milenage USIM emulator for EAP-AKA (can be used to simulate test
USIM card with a known private key; enable with CONFIG_USIM_SIMULATOR in
.config and password="Ki:OPc:SQN" in network configuration).
2008-11-05 23:02:13 +02:00
Jouni Malinen
988ab690ac Preparations for 0.6.5 release 2008-11-01 17:20:25 +02:00
Jouni Malinen
8caa12b46c Added a comment about VS2008EE and updated WinPcap/OpenSSL versions 2008-11-01 14:46:00 +02:00
Jouni Malinen
e3e51d9f03 Fixed ctrl_iface BSS command to fetch scan results, if needed
This makes BSS command work line SCAN_RESULTS and allows wpa_gui to get
some scan results without explicit scan results even when using ap_scan=2.
2008-11-01 14:28:34 +02:00
Jouni Malinen
b6a55236ce Updated VS2005 project files with new and removed C files 2008-11-01 13:03:09 +02:00
Jouni Malinen
3fd0b8f196 Use os_snprintf() instead of snprintf() 2008-11-01 13:02:50 +02:00
Jouni Malinen
1add3c3387 Use the common ieee802_11_parse_elems() implementations for mlme.c 2008-10-29 21:57:01 +02:00
Jouni Malinen
308a4ec81a Verify fread(), fwrite(), and system() return values
These were starting to trigger compiler warning with recent glibc header
files and gcc.
2008-10-29 19:33:24 +02:00
Jouni Malinen
8de4f2e9ba Avoid some gcc 4.3 warnings about deprecated string conversions 2008-10-14 07:39:51 +03:00
Jouni Malinen
1073e0ce46 wpa_gui-qt4: Set EAP-FAST provisioning parameters if inner method is 'any' 2008-10-07 18:53:02 +03:00
Jouni Malinen
0930209dc2 Register a quick auth timeout if EAPOL fails to avoid long waits
This may be needed if the AP does not disconnect in case of EAP-FAST
unauthenticated provisioning (EAP-Failure). Adding the local short timeout
will speed up the process in such a case by reducing the wait (which can
often be up to 60 seconds).
2008-10-02 17:27:24 +03:00
Jouni Malinen
99a10f8d2c Added debug_timestamp option to Windows registry 2008-10-02 16:26:18 +03:00
Jouni Malinen
129b4d35d4 Set update_config=1 in the example Windows registry config 2008-10-02 14:12:32 +03:00
Jouni Malinen
c08b9180cd Save config after blob updates from EAP (if update_config=1)
This allows EAP-FAST PAC updates to be stored when using config blobs
instead of external files.
2008-10-02 14:10:53 +03:00
Jouni Malinen
5373c18233 wpa_gui-qt4: Fixed phase2 format for EAP-FAST GTC+MSCHAPv2 case 2008-10-02 14:09:43 +03:00
Jouni Malinen
2e8c9a27f5 Fixed a typo 2008-10-02 12:40:24 +03:00
Jouni Malinen
4edd453933 wpa_gui-qt4: Set EAP-FAST provisioning parameters 2008-10-02 12:39:31 +03:00
Jouni Malinen
be8b1f2eb0 wpa_gui-qt4: Unset string variables instead of setting them to ""
This allows identity (etc.) variables to be removed from configuration
which is different from setting them to an empty string. For example,
EAP-SIM and EAP-AKA can now be configured to use identity string generation
from SIM/USIM by clearing the identity string in wpa_gui.
2008-10-02 12:24:57 +03:00
Jouni Malinen
b56c0546b7 Extended ctrl_iface SET_NETWORK to allow variables to be unset
Setting the value of the SET_NETWORK command to NULL (without quotation)
unsets the variable, i.e., removes it from configuration file. This is
needed to allow GUI programs to clear variables, e.g., identity for
EAP-AKA/SIM.
2008-10-02 12:16:25 +03:00
Jouni Malinen
8de594965f wpa_gui-qt4: Added support for configuring Phase 2 method 2008-10-01 16:43:36 +03:00
Jouni Malinen
78ea9702c0 Add pcsc="" to configuration for EAP-SIM and EAP-AKA
This allows real SIM/USIM cards to be used by enabling PC/SC.
2008-10-01 14:44:24 +03:00
Kel Modderman
fc0db5c916 wpa_gui-qt4: add support for starting in system tray only
Allow application to be started in the system tray only when started with
the `-t' command line argument.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-10-01 09:48:11 +03:00
Kel Modderman
66897ae779 wpa_gui-qt4: clean up closeEvent handler
When the system tray icon is created, qApp's setQuitOnLastWindowClosed
property is set to false, therefore do _not_ ignore widget close events, or
else wpa_gui will refuse to exit when the window manager is logging out.

While at it, remove WpaGui::fileExit() and connect fileExitAction to
quit().

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-10-01 09:44:58 +03:00
Jouni Malinen
91a0548210 FT: Do not call wpa_ft_prepare_auth_request() if FT is not used
This saves some extra processing for the non-FT case if FT is built in, but
not used for the association.
2008-09-29 17:28:10 +03:00
Jouni Malinen
38fa763405 Added set_mode() handler for privsep 2008-09-29 17:09:26 +03:00
Dan Williams
ec5f180a24 Add an optional set_mode() driver_ops handler for setting mode before keys
A bug just got reported as a result of this for mac80211 drivers.

https://bugzilla.redhat.com/show_bug.cgi?id=459399

The basic problem is that since taking the device down clears the keys
from the driver on many mac80211-based cards, and since the mode gets
set _after_ the keys have been set in the driver, the keys get cleared
on a mode switch and the resulting association is wrong.  The report is
about ad-hoc mode specifically, but this could happen when switching
from adhoc back to managed mode.
2008-09-29 16:45:49 +03:00
Jouni Malinen
fa2ec7eb63 Silenced compiler warnings on size_t printf format and shadowed variables 2008-09-27 10:46:06 +03:00
Jouni Malinen
9cf32261ee Split wpa_supplicant_select_bss() into three and remove odd debug message
This function was getting way too long, so let's split it into WPA and
non-WPA cases as separate functions. In addition, remove the confusing
"Try to find non-WPA AP" debug message if a WPA-enabled AP is already
selected (as reported by Andriy Tkachuk).
2008-09-26 17:24:40 +03:00
Kel Modderman
89f97a1c8d Don't bother showing a status message when returning to the system tray,
but still show a one time tray message to indicate to the user that the
program is still running in the tray if they triggered the window manager
close button.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-09-26 15:42:12 +03:00
Kel Modderman
d70028d337 wpa_gui-qt4: remove lastWindowClosed() signal handler
Do not connect lastWindowClosed() to quit(), instead explicitly close the
application if File->Exit or window manager close button is activated.
This allows the tray app to avoid being closed with last visible window,
and launch scan and event history windows individually.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-09-25 21:12:08 +03:00
Bernard Gray
1019a696a7 wpa_gui-qt4: enhance svg icon
Enhance the wpa_gui-qt4 icon:

* removed unused layer
* moved spurious rectangle back where it belongs
* removed flat edge from top of the lower white glow object

Signed-off-by: Bernard Gray <bernard.gray@gmail.com>
2008-09-25 21:09:44 +03:00
Kel Modderman
1c63bd0c41 wpa_gui-qt4: add status fields to tray message
Add extra state status fields to the tray icon message bubble. Do not
display an empty message.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-09-25 21:06:32 +03:00
Andriy Tkachuk
488af690b6 Fix build with CONFIG_CLIENT_MLME, but without CONFIG_IEEE80211W
mlme.c: In function 'ieee80211_rx_mgmt_action':
mlme.c:1990: warning: implicit declaration of function
'ieee80211_rx_mgmt_ping_action'
...
mlme.o(.text+0x3007): In function `ieee80211_sta_rx':
/home/ant/hostap/hostap06/hostap/wpa_supplicant/mlme.c:1990: undefined reference
to `ieee80211_rx_mgmt_ping_action'
collect2: ld returned 1 exit status
2008-09-24 13:02:17 +03:00
Dan Nicholson
23e072374e Don't post scan results when initial scan is emtpy
When the initial scan is made, just the cached results from the driver
are used. If this is empty, it's useless to post the results since
another scan is being scheduled immediately. This just causes extra
processing from listeners for no gain.
2008-09-24 12:51:08 +03:00
Dan Nicholson
2064c2f985 Restore scan request settings if initial association failed
The scan path to initiate another scan if the initial association failed
was broken due to wpa_s->scan_req being zeroed earlier in
wpa_supplicant_scan(). This caused the second scan to bail out early
since it thought this was not a requested scan.
2008-09-24 12:48:33 +03:00
Jouni Malinen
76dca89295 Add a new auto-generated file to be ignored 2008-09-24 12:29:04 +03:00
Kel Modderman
b199b7e654 wpa_gui-qt4: add system tray support
Add system tray icon support to wpa_gui-qt4. The tray icon remains quiet
when the main dialog is visible, so it should not cause too much pain for
more conservative users of wpa_gui. The addition involves the following
changes:

* when closing wpa_gui via window manager close box, wpa_gui close event is
  ignored and it is minimised to system tray. A status message is displayed
  (or popup dialog box if tray messages are not supported) to provide a
  visual hint that the program is still running in the background.
* add File->Exit slot handler to facilitate application quit from main
  dialog
* provide a context menu with a short list of useful actions
* show/hide main dialog when icon is triggered (single click)
* ensure main dialog is visible when event handler or scan results is
  chosen from tray icon context menu
* show tray messages on connected and disconnected events, display a status
  message a few seconds after connected events

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-09-24 12:26:57 +03:00
Kel Modderman
0fae9ad39b wpa_gui-qt4: remove qPixmapFromMimeSource from ui files
When integrating the new art, this UI entry:

<pixmapfunction>qPixmapFromMimeSource</pixmapfunction>

Caused the following error:

.obj/wpagui.o: In function `Ui_WpaGui::setupUi(QMainWindow*)':
wpagui.cpp:(.text._ZN9Ui_WpaGui7setupUiEP11QMainWindow[Ui_WpaGui::setupUi(QMainWindow*)]+0xd3): undefined reference to `qPixmapFromMimeSource(QString const&)'
collect2: ld returned 1 exit status

Removing qPixmapFromMimeSource seems to have no unwanted side effects, and
allows successful build again. Research leads me to believe it depends on
Qt3Support, which we do not want.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-09-24 12:24:49 +03:00
Kel Modderman
62b86dba6e wpa_gui-qt4: use new svg as application icon
Enhance wpa_gui's appearance by integrating the new svg icon via a resource
file.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-09-24 12:22:50 +03:00
Kel Modderman
11caae9d1f wpa_gui-qt4: desktop entry file
A desktop entry file for wpa_gui.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-09-24 12:20:58 +03:00
Bernard Gray
99112a2d75 wpa_gui-qt4: add svg icon
Introducing an original wpa_gui icon, in svg format, with Makefile for
easy conversion to other icon formats. The icon is thanks to Bernard Gray.

Signed-off-by: Bernard Gray <bernard.gray@gmail.com>
Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-09-24 12:19:31 +03:00
Jouni Malinen
6572fc0d1b IEEE 802.11w: Use comeback duration to delay association 2008-09-01 11:49:51 +03:00
Jouni Malinen
c684525947 FT: Fixed FTIE for authentication after a failed association 2008-09-01 11:38:13 +03:00
Jouni Malinen
565861976d Added support for using SHA256-based stronger key derivation for WPA2
IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for
key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new
AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 22:57:28 +03:00
Jouni Malinen
5d22a1d5aa IEEE 802.11w: Added association ping
This updates management frame protection to use the assocition ping process
from the latest draft (D6.0) to protect against unauthenticated
authenticate or (re)associate frames dropping association.
2008-08-31 11:04:47 +03:00
Jouni Malinen
0b60b0aaad Updated MFP defines based on IEEE 802.11w/D6.0 and use new MFPC/MFPR
This adds most of the new frame format and identifier definitions from IEEE
802.11w/D6.0. In addition, the RSN IE capability field values for MFP is
replaced with the new two-bit version with MFPC (capable) and MFPR
(required) processing.
2008-08-30 14:59:39 +03:00
Jouni Malinen
1d8ce433c9 Internal X.509/TLSv1: Support SHA-256 in X.509 certificate digest 2008-08-16 11:21:22 +03:00
Jouni Malinen
1c8735848d nl80211: Preliminary code for usermode MLME support
This adds some parts needed to use usermode MLME with the current mac80211
(plus a patch to add a new cfg80211 command; not yet submitted to
wireless-testing). This version creates a monitor interface for management
frames and is able to send Probe Request frames during scan. However, it
looks like management frame reception is not yet working properly. In
addition, mlme_{add,remove}_sta() handlers are still missing.
2008-08-15 22:14:49 +03:00
Jouni Malinen
101533269f Fixed supported rates IE generation for Probe Response frames. 2008-08-15 22:10:41 +03:00
Jouni Malinen
c1e033b0bb IEEE Std 802.11r-2008 has been released, so update references 2008-08-15 11:25:24 +03:00
Jouni Malinen
d48ae45b73 Preparations for 0.6.4 release 2008-08-10 20:33:12 +03:00
Jouni Malinen
6724f4d07a Fixed MinGW build without CONFIG_NDIS_EVENTS_INTEGRATED defined 2008-08-10 18:11:41 +03:00
Jouni Malinen
3ff77e070d Fixed opportunistic key caching (OKC)
wpa_sm_set_config() can be called even if the network block does not
change. However, the previous version ended up calling
pmksa_cache_notify_reconfig() every time and this cleared the network
context from PMKSA cache entries. This prevented OKC from ever being used.

Do not call pmksa_cache_notify_reconfig() if the network context remains
unchanged to allow OKC to be used.
2008-08-03 20:16:59 +03:00
Dan Williams
93ef879f0f wext: fix maxrate calculation
When scan results got moved from wpa_scan_result -> wpa_scan_res, the
'maxrate' member was dropped from wpa_scan_res.  The D-Bus interface
used 'maxrate', which was replaced with wpa_scan_get_max_rate().
Unfortunately, wpa_scan_get_max_rate() returns 802.11 rate values
directly from the IE, where 'maxrate' was the rate in bits/second.  The
supplicant internally fakes an IE for wpa_scan_res from the value of
wpa_scan_result->maxrate, but interprets ->maxrate as an 802.11 rate
index.

As a side-effect, this fixes a soft-break of the D-Bus control API since
the wpa_scan_res change was introduced.
2008-07-15 20:07:50 +03:00
Michael Bernhard
886a807fb5 Make proactive key caching working again
Function 'wpa_sm_set_config' used the argument 'config' as the network
context which is a pointer to a local variable of the function
'wpa_supplicant_rsn_supp_set_config'.

This is one reason why no proactive key was generated. This network
context never matched with the network context saved in the pmksa cache
entries.

The structure 'rsn_supp_config' has already a member 'network_ctx' which
is now filled in by this patch with 'ssid'.

Signed-off-by: Michael Bernhard <michael.bernhard@bfh.ch>
2008-07-06 10:50:53 +03:00
Pavel Polischouk
9d6762cfca man wpa_supplicant: Clearly state which options are given per interface
Documentation appeared a little vague about which options are global and
which are tied to a particular interface. This leads to confusion when
using certain combinations of options, e.g. the command "wpa_supplicant
-c /etc/wpa_supplican.conf -u" will not do what is intuitively expected
from it - it will not read the config file given with -c option because
no -i option was given. This command is still valid because -u option is
used. The wpa_supplicant running like this will also not listen on any
control socket, because the socket file name is usually given in the
config file. This command line also happens to be the default in Fedora 9.
This patch does not try to change any behaviour, but rather document
these nuances clearly.
2008-06-18 11:52:20 +03:00
Jouni Malinen
3e2ad1b932 Fixed race condition between disassociation event and group key handshake
This avoids getting stuck in state where wpa_supplicant has canceled scans,
but the driver is actually in disassociated state. The previously used code
that controlled scan timeout from WPA module is not really needed anymore
(and has not been needed for past four years since authentication timeout
was separated from scan request timeout), so this can simply be removed to
resolved the race condition. As an extra bonus, this simplifies the
interface to WPA module.
[Bug 261]
2008-06-09 16:26:47 +03:00
Jouni Malinen
2eeaa5c9d0 EAP-PEAP: Moved the common peap_prfplus() function into a shared file 2008-06-09 10:32:12 +03:00
Jouni Malinen
3f5285e852 Added a preliminary nl80211/cfg80211 driver interface for wpa_supplicant
driver_nl80211.c is based on driver_wext.c and it is still using Linux
wireless extensions for many functions. Over time, the new driver interface
code should be modified to use nl80211/cfg80211 for everything.
2008-06-06 16:55:42 +03:00
Jouni Malinen
187bc466a3 Removed the 20% estimate on faster bignum routines
This was not accurate since this was mostly based on total runtime of an
eapol_test run. The real improvement in the bignum routines is much larger
(mayby twice as fast as before).
2008-06-06 10:30:43 +03:00
Jouni Malinen
b95394c66f Combined internal LibTomMath configuration into one option
CONFIG_INTERNAL_LIBTOMMATH_FAST=y in .config can now be used to enable all
optimized routines at a cost of about 4 kB. This is small enough increase
in size to justify simplified configuration.
2008-06-06 10:21:28 +03:00
Jouni Malinen
ec0205a87a Added an option to build internal LibTomMath with faster div routine
At the cost of about 1 kB of additional binary size, the internal
LibTomMath can be configured to include faster div routine to speed up DH
and RSA. This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_DIV=y in
.config.
2008-06-06 10:11:17 +03:00
Jouni Malinen
c5f5c91aeb Add faster, optional sqr routine for internal LibTomMath
At the cost of about 0.5 kB of additional binary size, the internal
LibTomMath can be configured to include faster sqr routine to speed up DH
and RSA. This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_SQR=y in
.config.
2008-06-05 18:33:46 +03:00
Dan Williams
1d3c75b3b6 Give adhoc associations a bit more time
Depending on how the driver implements IBSS searching and creation, it
may need to perform one or more scans before successfully completing the
association operation.  Therefore, increase the timeout for IBSS
association operations so that the supplicant doesn't interrupt the
driver as much.
2008-06-04 21:00:09 +03:00
Jouni Malinen
8ccc0402b2 Internal LibTomMath: add optional support for Montgomery reduction
Add a cost of about 2.5 kB of additional cost, the internal LibTomMath can
be configured to include fast exptmod routine to speed up DH and RSA.
This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_EXPTMOD=y in
.config.
2008-06-04 11:57:55 +03:00
Jouni Malinen
a8e16edc86 Introduced new helper function is_zero_ether_addr()
Use this inline function to replace os_memcmp(addr,
"\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0.
2008-06-03 18:08:48 +03:00
Dan Williams
7e1488494e Do not continually reschedule specific scans to help finding hidden SSIDs
In situations where the driver does background scanning and sends a
steady stream of scan results, wpa_supplicant would continually
reschedule the scan.  This resulted in specific SSID scans never
happening for a hidden AP, and the supplicant never connecting to the AP
because it never got found.  Instead, if there's an already scheduled
scan, and a request comes in to reschedule it, and there are enabled
scan_ssid=1 network blocks, let the scan happen anyway so the hidden
SSID has a chance to be found.
2008-06-03 11:37:48 +03:00
Jouni Malinen
d952d16df4 Internal TLS: Added support for parsing PKCS #8 formatted private keys
The internal TLS implementation can now use both PKCS #1 RSA private key
and PKCS #8 encapsulated RSA private key. PKCS #8 encrypted private key is
not yet supported.
2008-06-02 19:39:46 +03:00
Jouni Malinen
b5aebee49e Fixed dbus build without OpenSSL. 2008-06-02 18:45:45 +03:00
Jouni Malinen
ec717917e5 Fixed build without CONFIG_IEEE8021X_EAPOL, but with CONFIG_CTRL_IFACE 2008-05-30 18:43:06 +03:00
Jouni Malinen
1b52ea47e4 Added fragmentation support for EAP-TNC 2008-05-26 12:00:18 +03:00
Jouni Malinen
d9521c7438 Example configuration for EAP-TLS authentication using PKCS#11 TPM token 2008-05-23 19:41:05 +03:00
David Smith
61ee0f71bb Add support to wpa_supplicant configuring eap_peer for client cert and CA
cert on smartcard, plus handling phase2 auth with smartcard same as phase1.
2008-05-23 10:55:30 +03:00
David Smith
e403be0b12 Add setSmartcardModules DBus message to set pkcs11 and opensc options
This will be used by most importantly network manager to set smartcard
options at run time.
2008-04-28 17:15:56 +03:00
Henrik Brix Andersen
a6a89fea36 Fix compilation without IEEE8021X_EAPOL defined 2008-04-28 17:06:43 +03:00
Jouni Malinen
fe2b7dda02 Fixed fallback to full handshake when server rejects PAC-Opaque
The TLS client changes in ssl3_get_server_hello() were based on the
pre-RFC 5077 version of OpenSSL and they hardcoded s->hit to 1 in case
PAC-Opaque was used. This prevented fallback to full TLS handshake in case
the server rejected PAC-Opaque in ClientHello. The fixed version simplifies
ssl3_get_server_hello() and uses the new RFC 5077 functionality in OpenSSL
(ssl3_check_finished) to allow the state machine handle start of
abbreviated handshake based on the used ticket.
2008-04-15 17:24:06 +03:00
Jouni Malinen
d6888f9e37 PEAPv0: Added crypto_binding configuration option (part of phase1)
crypto_binding=# in phase1 network parameter can now be used to change the
PEAPv0 cryptobinding behavior (0 = do not use, 1 = optional (default),
2 = required).
2008-04-08 14:57:39 +03:00
Kel Modderman
0e5776f673 Remove the -w option from help output
Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-03-31 11:51:49 +03:00
Kel Modderman
7da6794022 Explain not all driver backends will be compiled into wpa_supplicant binary
Explain that wpa_supplicant supports a variety of drivers, but only a
subset of them are chosen at compile time.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-03-31 11:49:55 +03:00
Tomasz Wolniewicz
c454f57379 eapol_test: Allow client IP address to be specified
Allow the user to set the IP address of the eapol_test client. This if
very useful when you have a machine with many interfaces and want to use a
particular one for testing RADIUS connectivity. For instance when I run the
national eduroam proxy I can only connect to other server from a particular
address, an our machine happens to have several IPs. So if I want to run
connectivity tests, I must make sure that my test uses a particular
interface. The -A option allows one to set this).

(jm: cleaned up to use radius configuration structure instead of global
variable for the address and added IPv6 support)
2008-03-30 18:15:52 +03:00
Tomasz Wolniewicz
1e4b9da10c Chargeable-User-Identity (RFC 4372) in eapol_test
Implements the Chargable-User-Identity (CUI), as defined in RFC 4372.
Option "-i" causes the eapol_test to send a NUL CUI - which is a request to
send a CUI back. Capital "-I" allows to specify the value of the CUI.
This has been defined for cases where the client wants to reauthenticate.
2008-03-30 17:39:19 +03:00
Jouni Malinen
e7d8003358 EAP-PEAP: Fixed interop issues in key derivation with cryptobinding
It looks like Microsoft implementation does not match with their
specification as far as PRF+ label usage is concerned.. IPMK|CMK is derived
without null termination on the label, but the label for CSK derivation
must be null terminated.

This allows cryptobinding to be used with PEAPv0 in a way that
interoperates with Windows XP SP3 (RC2) and as such, this functionality is
now enabled as an optional addition to PEAPv0.
2008-03-19 16:58:06 +02:00
Jouni Malinen
0ac0e4df1c EAP-PEAP: Moved EAP-TLV processing into eap_peap.c
EAP-PEAP was the only method that used the external eap_tlv.c peer
implementation. This worked fine just for the simple protected result
notification, but extending the TLV support for cryptobinding etc. is not
trivial with such separation. With the TLV processing integrated into
eap_peap.c, all the needed information is now available for using
additional TLVs.
2008-03-18 11:26:17 +02:00
Masakazu Mokuno
b5a357b476 Add support for PS3 Linux wireless driver
This adds support for PS3 wireless to wpa_supplicant.

Although PS3 wireless driver is designed to conform the WEXT standard
as much as possible, unfortunately the wext driver wrapper of
wpa_supplicant can not support PS3 wireless fully because:

 - PS3 wireless driver uses private WEXT ioctls for accepting PSK of
   WPA-Personal from the userland.
   WEXT does not specify the way to do it.

 - The association and 4-way handshake are done by PS3 virtual
   wireless device. The guest OSes can not interfere it.

 - No EAPOL frames are allowed to go outside of the
   hypervisor/firmware nor come from. They are eaten by the firmware.

Thus I needed to make a new driver wrapper for PS3 wireless.

This patch can be applied against the latest 0.6.x tree.

Signed-off-by: Masakazu Mokuno <mokuno@sm.sony.co.jp>
2008-03-13 19:00:37 +02:00
Jouni Malinen
658d166297 FT: Use correct BSSID when deriving PTK and verifying MIC
The old version was using struct wpa_sm::bssid which is not necessarily
updated to point to the correct target address when doing over-the-air FT
since the address is used before the association has actually been
completed.
2008-03-12 11:20:20 +02:00
Ryan Hill
748e54937d The attached patch fixes a few build errors when compiling with GCC 4.3,
caused by a few missing header includes. It was done against 0.5.8, but
still applies to 0.5.10.
2008-03-12 09:39:25 +02:00
Jouni Malinen
502a293e30 TNC: Added TNC server support into documentation and ChangeLogs 2008-03-09 12:14:15 +02:00
Jouni Malinen
4f1c561725 TNC: Added support for using TNC with EAP-FAST 2008-03-09 11:21:01 +02:00
Jouni Malinen
8e888179e1 Make the "invalid group" error show up with default verbosity level 2008-03-06 22:49:46 +02:00
Dan Williams
d113aa91ca Fix qt3 wpa_gui build
When a WpaMsg item to the QValueList WpaMsgList, there's no constructor
that the QValueList can call.  This is a port of the fix from the stable
branch where it builds fine.
2008-03-05 18:30:01 +02:00
Dan Williams
cf7a576f67 Fix potential use-after-free in dbus byte array demarshaling code
The byte array code should be clearing its own pointer, not the string
array pointer.
2008-03-05 16:15:10 +02:00
Jouni Malinen
9474b3a4e4 Added a missing '#' to indicate a comment. 2008-03-05 16:06:43 +02:00
Jouni Malinen
c673c5fc0f Renamed local DBUS_VERSION define to avoid conflict with dbus 1.1 headers 2008-03-05 16:05:26 +02:00
Jouni Malinen
7914585fe0 EAP-FAST: Cleaned up TLV processing and added support for EAP Sequences
Number of TLVs were processed in groups and these cases were now separated
into more flexible processing of one TLV at the time. wpabuf_concat()
function was added to make it easier to concatenate TLVs. EAP Sequences are
now supported in both server and peer code, but the server side is not
enabled by default.
2008-02-27 17:59:34 -08:00
Jouni Malinen
a4819630f6 EAP-FAST: Added shared helper functions for building TLVs 2008-02-27 17:56:30 -08:00
Kel Modderman
eff06a7cdb Enhance manpage with use of emphasis instead of strong quote
The Debian package checker "lintian" was making noise about
wpa_supplicant.conf(5). It was caused by a line beginning with ', which is
apparently not liked by man(1).

I suggest the use of <emphasis>word</emphasis> where 'word' is used at the
moment.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-02-27 17:48:23 -08:00
Jouni Malinen
3b46a31ec7 Added files that cg-init excluded 2008-02-27 17:36:06 -08:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00