Version attribute processing details are not described in the WPS spec,
but it is safer to allow minor version to change and only refuse to
process the message if major version is different from ours. This
matches with the behavior used in the Intel reference implementation.
It looks like we don't set correspondent Device Password ID attribute in
M2 message during PBC registration. Without it TG185n STA was not able
to connect to our AP in PBC mode. Attached patch fixes this.
The madwifi driver has interface to set probe request ie.
Attached patch will enable the functionality.
I could see probe request includes WSC IE with this patch.
We can now handle up to 65535 byte result buffer which is the maximum
due to WEXT using 16-bit length field. Previously, this was limited to
32768 bytes in practice even through we tried with 65536 and 131072
buffers which we just truncated into 0 in the 16-bit variable.
This more or less doubles the number of BSSes we can received from scan
results.
I am terribly sorry, but because of a lack of testing equipment the
patch was submitted not properly tested.
Because the chipset documentation is not publicly available all
behaviour has to be found out by experimentation. The other day, I
made some incorrect assumptions based on my findings.
I do believe the attached patch does support the whole RoboSwitch line
(5325, 5350, 5352, 5365 and others). It is a drop-in substitution for
my previous submission.
The RoboSwitch driver of wpa_supplicant had one shortcoming: not
supporting the 5365 series. I believe the patch attached fixes this
problem.
Furthermore it contains a small readability rewrite. It basically is an
explicit loop-rollout so that the wpa_driver_roboswitch_leave style
matches that of wpa_driver_roboswitch_join.
If the bind() on /tmp/wpa_ctrl_<pid>_<in-proc-counter> fails with
EADDRINUSE, there is an existing socket file with the name we are trying
to create. Since getpid() is unique, there cannot be another process
using that socket and we can just unlink the file and try again. This
can speed up client connection if wpa_cli is killed without allowing it
to clean up the socket file. [Bug 288]
This adds mostly feature complete external Registrar support with the
main missing part being proper support for multiple external Registrars
working at the same time and processing of concurrent registrations when
using an external Registrar.
This code is based on Sony/Saice implementation
(https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill
(Atheros) to make it more suitable for hostapd design and embedded
systems. Some of the UPnP code is based on Intel's libupnp. Copyrights
and licensing are explained in src/wps/wps_upnp.c in more detail.
We must not replace M1 with M2D as the last_msg since we need M1 to
validate a possible M2 after M2D. Since M2D and ACK/NACK replies do not
include Authenticator attribute, we can just ignore M2D as far as
updating last_msg is concerned.
External Registrar in Vista may include NULL termination in the Network
Key when encoding an ASCII passphrase for WPA/WPA2-PSK. As a workaround,
remove this extra octet if present.
If a Registrar tries to configure the AP, but fails to validate the
device password (AP PIN), lock the AP setup after four failures. This
protects the AP PIN against brute force guessing attacks.
This optional configuration parameter can be used to override AP
Settings attributes in M7 similarly to extra_cred option for Credential
attribute(s) in M8.
Buffalo WHR-G125 Ver.1.47 seems to send EAP-WPS packets with too short
EAPOL header length field (14 octets regardless of EAP frame length).
This is fixed in firmware Ver.1.49, but the broken version is included
in many deployed APs. As a workaround, fix the EAPOL header based on the
correct length in the EAP packet. This workaround can be disabled with
eap_workaround=0 option in the network configuration.
Some WPS APs do not set Selected Registrar attribute to 1 properly when
using an external Registrar. Allow such an AP to be selected for PIN
registration after couple of scan runs that do not find APs marked with
Selected Registrar = 1. This allows wpa_supplicant to iterate through
all APs that advertise WPS support without delaying connection with
implementations that set Selected Registrar = 1 properly.
WPS spec is not very specific on the presentation used for the DH
values. The Public Key attribute is described to be 192 octets long, so
that could be interpreted to imply that other places use fixed length
presentation for the DH keys. Change the DH derivation to use fixed
length bufferd by zero padding them from beginning if needed. This can
resolve infrequent (about 1/256 chance for both Public Key and Shared
Key being shorter) interop issues.
This is needed to allow external Registrar (at least the implementation
in Windows Vista) to configure the Enrollee.
With this patch and my previous patch (for wps.c) , I could pass "Wi-Fi
WPS Test Plan Version 1.0 [5.1.4. Add to AP using PIN Config method and
PASS PHRASE through wired external registrar]".
I can't pass the "Wi-Fi WPS Test Plan Version 1.0 [5.1.4. Add to AP
using PIN Config method and PASS PHRASE through wired external
registrar]". The wpa_supplicant-0.6.7 can't recoginize the testbed
AP(BCM94704AGRRev-E.2.4) as WPS PIN AP. Because after PIN entered, the
AP sends Selected Registrar attribute=0 and not send Device Password ID
attribute.
The proposed change as-is removed validation of Selected Registrar
attribute completely. However, that part is not included in this commit
since it can cause problems for environments with multiple WPS-enabled
APs. Another workaround for this will be considered in wpa_supplicant
scanning process (e.g., start trying to use WPS with APs that do not set
Selected Registrar to TRUE after couple of scan runs that do not find
any APs with Selected Registrar TRUE).
This operation can now be moved into an external program by configuring
hostapd with wps_cred_processing=1 and skip_cred_build=1. A new
ctrl_iface message (WPS-REG-SUCCESS <Enrollee MAC addr> <UUID-E>) will
be used to notify external programs of each successful registration and
that can be used as a tricker to move from unconfigured to configured
state.
The separate Association Comeback Time IE was removed from IEEE 802.11w
and the Timeout Interval IE (from IEEE 802.11r) is used instead. The
editing on this is still somewhat incomplete in IEEE 802.11w/D7.0, but
still, the use of Timeout Interval IE is the expected mechanism.
This makes it easier to pass the credential data to external programs
(e.g., Network Manager) for processing. The actual use of this data is
not yet included in hostapd/wpa_supplicant.
This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used
to enable RSN support for IBSS. This links in RSN Authenticator code
from hostapd and adds code for managing per-peer information for IBSS. A
new wpa_cli command or driver event can be used to request RSN
authentication with an IBSS peer. New RSN Authenticator and Supplicant
will be allocated for each peer.
The basic state machine setup code is included in this commit, but the
state machines are not properly started yet. In addition, some of the
callback functions are not yet complete.
This is needed for airo driver to work correctly and no other driver
seems to care, so the change is safe to make. This has been in number of
distro releases for a long time and no issues have been reported.
