Commit graph

1226 commits

Author SHA1 Message Date
Jouni Malinen
70f8cc8ec8 Share the same enum for MFP configuration
The three existing enums were already depending on using the same
values in couple of places and it is just simpler to standardize on
one of these to avoid need for mapping between different enums for
the exact same thing.
2010-01-03 21:02:51 +02:00
Jouni Malinen
e049867788 More Doxygen documentation for the driver interface 2010-01-03 20:49:48 +02:00
Jouni Malinen
d1f9c410c1 Remove src/drivers/scan_helpers.c
Most of this file was already moved into wpa_supplicant/scan.c and
we can remove the file completely by having couple of small helper
functions copied to the remaining users outside core wpa_supplicant
code.
2010-01-03 20:27:32 +02:00
Jouni Malinen
9ba9fa07cc Move wpa_supplicant specific scan code away from src/drivers
This fits better in wpa_supplicant/scan.c. Couple of remaining
scan_helpers.c functions are currently used in driver wrappers,
but they can likely be removed in the future.
2010-01-03 18:48:11 +02:00
Jouni Malinen
baac649094 Add drv_event_eapol_rx() helper 2010-01-03 18:35:01 +02:00
Jouni Malinen
1d041bec84 Use generic driver event notification for AP mode assoc/disassoc 2010-01-03 18:22:22 +02:00
Jouni Malinen
a8e0505bf0 Use driver event, EVENT_EAPOL_RX, for EAPOL frame indication 2010-01-03 17:44:40 +02:00
Jouni Malinen
a70a5d6d06 Replace hostapd_notif_new_sta() with new driver event, EVENT_NEW_STA 2010-01-03 16:46:18 +02:00
Jouni Malinen
b38ddb0c50 driver_test: Add channel awareness for the MLME test code
This allows the MLME mode of driver_test to filter frames based on
the frequency on which they were sent and the frequency used by the
receiver.
2010-01-03 14:01:20 +02:00
Jouni Malinen
55777702cd Add driver API functionality for off-channel Action frames
This adds new commands and events for allowing off-channel Action
frame exchanges to be requested. This functionality is not yet used
and is only fully supported by driver_test.c at this point.
driver_nl80211.c has support for the remain-on-channel commands, but
the Action frame TX/RX part is still pending review for the kernel
code and as such, is not yet included here.
2010-01-03 13:57:51 +02:00
Jouni Malinen
d7c53e432b Sync with wireless-testing.git linux/nl80211.h 2010-01-03 13:56:18 +02:00
Jouni Malinen
7bfc47c34f Add driver ops for allocating interface addresses
This adds placeholder code for allowing the virtual interfaces to be
pre-allocated a MAC address before the interface type is known with
drivers that do not handle interface type changes.
2010-01-03 13:42:06 +02:00
Jouni Malinen
504e905c6e Add a driver op for enabling Probe Request reporting in station mode 2010-01-03 13:30:22 +02:00
Jouni Malinen
9646a8ab8b Remove unnecessary wpa_event_type typedef 2010-01-03 13:10:12 +02:00
Jouni Malinen
2a8b74163e Move struct hostapd_frame_info definition away from driver API
This is internal data structure for hostapd/AP functionality and does
not need to be defined in driver.h.
2010-01-03 12:37:02 +02:00
Jouni Malinen
3af1f9cb14 driver_test: Remove forgotten, unused prototypes 2010-01-03 12:36:32 +02:00
Jouni Malinen
0d9fc3d8bd Remove struct ieee80211_hdr dependency from EVENT_RX_FROM_UNKNOWN
It is simpler to just pass in u8* to the beginning of the header.
2010-01-03 12:17:20 +02:00
Jouni Malinen
a0e0d3bb15 Replace hostapd_probe_req_rx() with EVENT_RX_PROBE_REQ driver event 2010-01-03 12:11:44 +02:00
Jouni Malinen
245519e0cd Replace wpa_supplicant_sta_rx() call with driver event
Get rid of wpa_supplicant_sta_rx() and add a new driver event that is
marked to be used only with driver_test.c. In addition, remove this
functionality from privsep wrapper. This is only use for client mode
MLME testing with driver_test.c.
2010-01-03 11:50:26 +02:00
Jouni Malinen
8d923a4acf Only expire scanned BSSes based on new scan results
Get more information about scans when updating BSS table information.
This allows the missing-from-scans expiration rule to work properly
when only partial set of channels or SSIDs are being scanned.
2010-01-02 13:57:44 +02:00
Jouni Malinen
dc5a08c053 WPS: Fix Probe Request processing to handle missing attribute
WPS IE parsing for PBC mode did not check whether the UUID-E attribute
was included before dereferencing the pointer. This could result in the
AP crashing when processing and invalid Probe Request frame.
2010-01-01 23:38:51 +02:00
Jouni Malinen
291b60682a nl80211/wext: Hardcode all auth_algs as supported
There does not seem to be a driver interface for fetching auth_algs
capability, but this may be used by some external application, so
hardcode all auth_algs as supported for now.
2010-01-01 21:41:19 +02:00
Jouni Malinen
c2f5126941 WPS: Add Enrollee-seen event message and wpa_gui-qt4 Peers entry
This can be used to show active Enrollees in AP mode to make it
easier to provision a new device.
2009-12-28 16:24:04 +02:00
Jouni Malinen
2e8542756c Mark wpabuf_get_trace() static 2009-12-28 16:02:11 +02:00
Jouni Malinen
d2b8812921 Include header file to verify prototypes 2009-12-28 16:01:21 +02:00
Jouni Malinen
139a33f34e test: Register more complete set of channels and rates 2009-12-28 13:39:57 +02:00
Jouni Malinen
2fe17720aa test: Use previously requested BSSID when adding a new interface 2009-12-28 13:38:18 +02:00
Jouni Malinen
c6e8e8e41f nl80211: Add more debug prints for mode changes and interface add/remove 2009-12-28 13:25:17 +02:00
Jouni Malinen
4832ecd754 Add an option for driver wrappers to report operational frequency 2009-12-28 13:23:13 +02:00
Jouni Malinen
cd7d80f373 Allow Probe Request callbacks to terminate iteration 2009-12-28 13:14:58 +02:00
Jouni Malinen
1c08f8c0f0 Allocate Probe Response and Beacon buffers based on WPS IE length
This IE is of variable length and it is better to allocate the frame
buffer taking this length into account to prepare for future
additions.
2009-12-28 12:58:27 +02:00
Jouni Malinen
f0d126d339 Add ctrl_iface events for BSS added/removed 2009-12-28 00:42:51 +02:00
Jouni Malinen
f7c4783379 Split hostapd_interface_deinit() into deinit and free parts
This allows the driver interface to be deinitialized before
struct hostapd_data instance gets freed. This needs to be done so
that the driver wrapper does not maintain a context pointer to
freed memory.
2009-12-27 21:31:13 +02:00
Jouni Malinen
f78feb6a72 test: Add WPA_TRACE reference check for driver ctx
This will catch too early freeing of the context pointer before the
driver wrapper has been deinitialized.
2009-12-27 21:20:25 +02:00
Jouni Malinen
60ad2c7bef Fix a typo in a doxygen comment 2009-12-27 17:13:15 +02:00
Jouni Malinen
459489c99d eloop: Fix timeout handler to use local copy of func pointer
We need to copy not only the context pointers, but also the function
pointer before the timeout gets freed.
2009-12-26 14:30:50 +02:00
Jouni Malinen
719347511a Get rid of unnecessary typedefs for enums. 2009-12-26 10:35:08 +02:00
Jouni Malinen
81f4f6195e Include header files explicitly in *.c, not via header files 2009-12-26 00:31:51 +02:00
Jouni Malinen
6e6e8c31ff Replace src/ap/driver_i.h with non-inlined functions in ap_drv_ops.c 2009-12-26 00:21:22 +02:00
Jouni Malinen
8b06c1ed0d Remove ap_config.h dependency from driver_i.h
This adds explicit #include line for ap_config.h into the src/ap/*.c
files that actually use the definitions from there.
2009-12-26 00:12:25 +02:00
Jouni Malinen
6226e38d00 Rename some src/ap files to avoid duplicate file names
Doxygen and some build tools may get a bit confused about same file
name being used in different directories. Clean this up a bit by
renaming some of the duplicated file names in src/ap.
2009-12-26 00:05:40 +02:00
Jouni Malinen
1b56c26c40 Get rid of direct hostapd_for_each_interface() calls
src/ap/*.c must not call functions in hostapd or wpa_supplicant
directories directly, so avoid this by using a callback function
pointer.
2009-12-25 20:12:26 +02:00
Jouni Malinen
70db2ab308 Move rest of the generic AP mode functionality into src/ap 2009-12-25 20:06:07 +02:00
Jouni Malinen
481a11c94f test: Use more shared code for driver wrapper AP and station modes
This fixes AP mode use in wpa_supplicant with the
no-AP-driver-wrapper design.
2009-12-25 19:48:41 +02:00
Jouni Malinen
a911a6e61f Do not use virtual driver_ops for wpa_supplicant AP mode
Initialize struct hostapd_data driver context with the same driver
information that was initialized earlier during wpa_supplicant start.
This allows the AP mode operations to be completed directly with the
same calls in AP code without having to maintain a separate translation
layer between the AP and station mode driver context.
2009-12-25 19:47:08 +02:00
Jouni Malinen
a4f2110934 Clean up some of the hostapd.h function prototype definitions
Not all prototypes in hostapd.h really belong there. This is an initial
step in cleaning that up.
2009-12-25 14:20:35 +02:00
Jouni Malinen
0aef3ec832 Move hostapd_prune_associations() into ap/utils.c 2009-12-25 14:06:26 +02:00
Jouni Malinen
2586bc64d0 Move authentication server setup into separate file 2009-12-25 13:43:43 +02:00
Jouni Malinen
ad44e244b1 Move iapp.c into src/ap 2009-12-25 13:04:45 +02:00
Jouni Malinen
0e2d35c614 Move ctrl_iface_ap.c into src/ap 2009-12-25 12:25:55 +02:00
Jouni Malinen
64ee63a0d8 wired: Use os_*() wrappers more consistently
Need to allocate and free memory with same style to avoid WPA_TRACE
errors.
2009-12-25 11:54:02 +02:00
Jouni Malinen
65668bfb77 Add forgotten src/ap/utils.c file
Commit 32da61d9c9 was supposed to add
this file.
2009-12-25 01:31:28 +02:00
Jouni Malinen
9fdeaf8f3a WPS: Fix a memory leak if set_ie_cb() is not set
Skip WPS IE building for Beacon and Probe Response frames is set_ie_cb()
is not set. This fixes a memory leak and optimizes operations by not
allocating memory and building the WPS IEs unnecessarily.
2009-12-25 01:29:59 +02:00
Jouni Malinen
32da61d9c9 Move wps_hostapd.c into src/ap 2009-12-25 01:26:37 +02:00
Jouni Malinen
1057d78eb8 Move generic AP functionality implementation into src/ap
This code can be shared by both hostapd and wpa_supplicant and this
is an initial step in getting the generic code moved to be under the
src directories. Couple of generic files still remain under the
hostapd directory due to direct dependencies to files there. Once the
dependencies have been removed, they will also be moved to the src/ap
directory to allow wpa_supplicant to be built without requiring anything
from the hostapd directory.
2009-12-25 01:12:50 +02:00
Jouni Malinen
a2de634d1c Removed hostapd_new_assoc_sta() from driver wrapper API
This is not called directly by any of the driver wrappers anymore, so
the function can be removed from driver.h and drv_callbacks.c.
2009-12-24 23:30:32 +02:00
Jouni Malinen
14f7938660 Merge driver ops set_wps_beacon_ie and set_wps_probe_resp_ie
set_ap_wps_ie() is not used to set WPS IE for both Beacon and Probe
Response frames with a single call. In addition, struct wpabuf is used
instead of separate u8* and length fields. This avoids duplicated
allocation of the IEs and simplifies code in general.
2009-12-24 19:46:06 +02:00
Jouni Malinen
9aca440199 Drop WPA_TRACE reference before eloop timeout handler call
This avoids bogus error reports for cases where the timeout handler
frees the memory that was pointed to by the eloop timeout context.
2009-12-24 12:41:20 +02:00
Jouni Malinen
1b9eb51bbd Enable IPv6 support for libutils.a and libradius.a 2009-12-24 12:27:42 +02:00
Jouni Malinen
6aa9e7a64a Redesign struct hostapd_ip_addr to be of fixed size
This structure is embedded in some other structures and as such, it
would be nicer if this would not change its length based on build
options.
2009-12-24 12:26:47 +02:00
Jouni Malinen
64ce68fc42 Comment out CONFIG_IPV6 for now in RADIUS library build
This needs to be used consistently in order to get correct size for
struct hostapd_ip_addr.
2009-12-24 12:18:22 +02:00
Jouni Malinen
8a404b598d Add build rules for src/radius/libradius.a 2009-12-24 11:59:08 +02:00
Felix Fietkau
fbbfcbac29 hostapd: Add WDS (4-address frame) mode with per-station interfaces
This mode allows associated stations to use 4-address frames to allow
layer 2 bridging to be used. At least for the time being, this is only
supported with driver=nl80211.
2009-12-24 11:46:22 +02:00
Jouni Malinen
09eac1ac56 nl80211: Sync with wireless-testing.git linux/nl80211.h 2009-12-24 11:07:02 +02:00
Jouni Malinen
2a29f0d45c Rename EAP TLS variables to make server and peer code consistent 2009-12-24 00:16:58 +02:00
Jouni Malinen
5e5223bf29 trace: Show eloop unregistered handler function name/file/line 2009-12-22 01:52:48 +02:00
Jouni Malinen
94caf8cd62 trace: Filter out uninteresting functions from backtrace
This filters out the functions inside trace.c and functions before
main() since those are not relevant to the actual issue that is being
reported.
2009-12-22 01:29:15 +02:00
Jouni Malinen
a6ff0e0810 trace: Add active reference tracking
This WPA_TRACE=y additions allows components to register active references
to memory that has been provided to them as a pointer. If such an actively
referenced memory area is freed, tracer will report this as an error and
backtraces of both the invalid free and the location where this pointer
was marked referenced are shown.
2009-12-22 01:11:15 +02:00
Jouni Malinen
a698d28415 Check fread return value 2009-12-21 23:17:53 +02:00
Jouni Malinen
7bf127572c nl80211: Use couple more os_*() wrappers for allocation 2009-12-21 22:32:59 +02:00
Jouni Malinen
e62fb0a0de nl80211: Use os_* allocation wrappers to avoid WPA_TRACE issues 2009-12-21 22:21:10 +02:00
Jouni Malinen
c0e4dd9eeb WPS: Make Config Methods configurable for wpa_supplicant
This adds config_methods configuration option for wpa_supplicant
following the design used in hostapd. In addition, the string is
now parsed in common code from src/wps/wps_common.c and the list
of configurable methods include all the defined methods from
WPS 1.0h spec.
2009-12-21 15:59:25 +02:00
Jouni Malinen
b64576fcf5 WPS: Prefer PSK format if Enrollee does not advertise Display
Since an Enrollee that does not advertise display as one of the
Config Methods is unlikely to be able to show the ASCII passphrase
to the user, prefer PSK format with such an Enrollee to reduce key
derivation time. This can help with some low-powered devices that
would take long time to derive the PSK from the passphrase.
2009-12-21 12:58:02 +02:00
Jouni Malinen
f3f2eeba01 WPS: Add option for forcing Registrar to use PSK format in Credential
The use_psk_key parameter can now be used to force the Registrar to
use PSK format instead of ASCII passphrase when building a Credential
for the Enrollee. For now, this is not enabled, but it could be enabled
either based on external (to WPS) configuration or automatically set
based on some WPS attribute values from the Enrollee.
2009-12-21 12:46:19 +02:00
Jouni Malinen
f2f7d965b8 Add option libbfd support for tracing code
CONFIG_WPA_TRACE=y and CONFIG_WPA_TRACE_BFD=y can now be used to get
even more complete symbols (func/file/line and inline functions) for
backtraces.
2009-12-20 23:35:06 +02:00
Jouni Malinen
b763863d97 GnuTLS: Implement tls_connection_enable_workaround() 2009-12-20 22:08:54 +02:00
Jouni Malinen
9dd37a224b GnuTLS: Add support for piggybacked Application Data 2009-12-20 22:07:59 +02:00
Jouni Malinen
c9a7bbe5a8 GnuTLS: Define empty tls_connection_set_session_ticket_cb()
This allows EAP-FAST build to be completed even if it does not actually
work yet with GnuTLS.
2009-12-20 21:37:36 +02:00
Jouni Malinen
496c5d981e Use wpabuf with tls_connection_ia_send_phase_finished() 2009-12-20 21:33:32 +02:00
Jouni Malinen
2944656925 Allow TLS flags to be configured (allow MD5, disable time checks)
Undocumented (at least for the time being) TLS parameters can now
be provided in wpa_supplicant configuration to enable some workarounds
for being able to connect insecurely to some networks. phase1 and
phase2 network parameters can use following options:
tls_allow_md5=1
- allow MD5 signature to be used (disabled by default with GnuTLS)
tls_disable_time_checks=1
- ignore certificate expiration time

For now, only the GnuTLS TLS wrapper implements support for these.
2009-12-20 19:28:47 +02:00
Jouni Malinen
4a1e97790d GnuTLS: Report certificate validation failures with TLS alert
In addition, show more detailed reason for the failure in debug log.
2009-12-20 19:14:17 +02:00
Jouni Malinen
a86a7316a4 OpenSSL: Fix memleak in previous wpabuf changes on an error path 2009-12-20 19:12:59 +02:00
Jouni Malinen
2574634b7f Check TLS status on EAP server during handshake
The new TLS wrapper use may end up returning alert data and we need to
make sure here that it does not end up getting interpreted as success
due to non-NULL response.
2009-12-20 19:11:43 +02:00
Jouni Malinen
074be2332f GnuTLS: Use struct wpabuf for push/pull buffers 2009-12-20 18:31:56 +02:00
Jouni Malinen
81c85c069a Convert TLS wrapper to use struct wpabuf
This converts tls_connection_handshake(),
tls_connection_server_handshake(), tls_connection_encrypt(), and
tls_connection_decrypt() to use struct wpa_buf to allow higher layer
code to be cleaned up with consistent struct wpabuf use.
2009-12-20 18:17:55 +02:00
Jouni Malinen
94c3e91fc5 Add empty FIPS PRF wrapper for CryptoAPI 2009-12-20 18:14:20 +02:00
Jouni Malinen
8f431bc808 Add empty crypto_mod_exp() wrapper for CryptoAPI. 2009-12-20 18:13:42 +02:00
Jouni Malinen
de979ef18c Fix MinGW build: CertCreateCertificateContext() is now known 2009-12-20 18:10:10 +02:00
Jouni Malinen
f266d1a162 eloop_win: Fix build after eloop user_data removal 2009-12-20 17:48:55 +02:00
Jouni Malinen
f52ab9e6b0 Fix lastReqData freeing to use wpabuf_free() 2009-12-20 17:22:25 +02:00
Jouni Malinen
eeb04821ad wpabuf: Add WPA_TRACE code to validate correct freeing of wpabuf
Use an extra header to move the returned pointer to break os_free()
or free() of the returned value and verify that the correct magic
is present when freeing or resizing the wpabuf. Show backtrace on
invalid wpabuf use.
2009-12-20 13:11:31 +02:00
Jouni Malinen
859db534bf wpabuf: Allow wpabuf_resize(NULL, len) to be used
This matches with realloc() usage, i.e., allocate a new buffer if no
buffer was specified.
2009-12-20 12:52:54 +02:00
Jouni Malinen
c479e41f53 EAP-FAST server: Piggyback Phase 2 start with end of Phase 1
If Finished message from peer has been received before the server
Finished message, start Phase 2 with the same message to avoid extra
roundtrip when the peer does not have anything to send after the server
Finished message.
2009-12-20 11:39:45 +02:00
Jouni Malinen
1a1bf008cb WPS ER: Delay wpa_supplicant termination to allow unsubscription
Instead of forcefully deinitializing ER immediately, give it some
time to complete unsubscription and call eloop_terminate() only once
ER code has completed its work.
2009-12-19 23:47:54 +02:00
Jouni Malinen
e46338fc76 WPS ER: Unsubscribe from AP events whenever removing the AP entry
Store the subscription identifier during subscription process and use
this to unsubscribe from events when removing the AP.
2009-12-19 23:20:22 +02:00
Jouni Malinen
187533a4c5 WPS: Convert Registrar PIN list to use struct dl_list 2009-12-19 22:26:55 +02:00
Jouni Malinen
96f5234735 WPS ER: Convert lists to use struct dl_list 2009-12-19 22:14:06 +02:00
Jouni Malinen
45767a9597 WPS: Remove unused net_if copy 2009-12-19 21:58:00 +02:00
Jouni Malinen
eeb49f991b driver_test: Use OS wrappers consistently for memory allocation 2009-12-19 21:49:51 +02:00
Jouni Malinen
fb4baa688b Add memory allocation analyzer to verify OS wrapper use
WPA_TRACE=y builds will now verify that memory allocation in done
consistently using os_{zalloc,malloc,realloc,strdup,free} (i.e., no
mixing of os_* functions and unwrapper functions). In addition, some
common memory allocation issues (double-free, memory leaks, etc.) are
detected automatically.
2009-12-19 21:47:56 +02:00
Jouni Malinen
f45fb672cc eloop: Do not use printf() or fprintf() directly 2009-12-19 20:27:55 +02:00
Jouni Malinen
eaa3f04b97 eloop: Use struct dl_list for timeouts 2009-12-19 20:26:22 +02:00
Jouni Malinen
0456ea16d8 eloop: Remove global user data pointer
This is not really needed since all signal handlers can use a context
pointer provided during signal handler registration.
2009-12-19 19:22:16 +02:00
Jouni Malinen
2988796257 Fix RADIUS client to cancel IPv6 socket read notifications 2009-12-19 18:52:42 +02:00
Jouni Malinen
f481459f5e Fix RADIUS server deinit to cancel timeout for session removal 2009-12-19 18:52:15 +02:00
Jouni Malinen
930f704aac Add backtrace support for debugging
WPA_TRACE=y can now be used to enable internal backtrace support that
will provide more details about implementation errors, e.g., when some
resources are not released correctly. In addition, this will print out
a backtrace automatically if SIGSEGV is received.
2009-12-19 18:40:54 +02:00
Jouni Malinen
1489e11a94 Make struct radius_msg private to radius.c
This is internal data structure for RADIUS message handling and
external code should not touch it directly.
2009-12-19 17:26:57 +02:00
Jouni Malinen
aa235d2ef7 Convert RADIUS message code to use wpabuf internally 2009-12-19 17:12:07 +02:00
Jouni Malinen
9e7245bdb4 Change radius_msg_free() to free the buffer
Since all callers were freeing the buffer immediately anyway, move
this operation into radius_msg_free() to reduce code size.
2009-12-19 16:34:41 +02:00
Jouni Malinen
d94f86d85e RADIUS message initialization cleanup 2009-12-19 16:20:53 +02:00
Jouni Malinen
d04a96b0d6 Add documentation for RADIUS code and some minor cleanup 2009-12-19 16:13:06 +02:00
Jouni Malinen
a9f92c487f WPS: Remove parent pointer from advertisement state machine 2009-12-19 14:51:36 +02:00
Jouni Malinen
158aff0035 WPS: Convert struct advertisement_state_machine to use struct dl_list 2009-12-19 14:46:52 +02:00
Jouni Malinen
ea8f09acb2 WPS: Remove unused struct subscr_addr parent pointer 2009-12-19 14:30:49 +02:00
Jouni Malinen
f1de40f728 WPS: Convert struct wps_event_ to use struct dl_list 2009-12-19 14:29:01 +02:00
Jouni Malinen
ec32c29471 WPS: Convert struct subscription to use struct dl_list 2009-12-19 14:15:43 +02:00
Jouni Malinen
f98b440c47 WPS: Convert struct subscr_addr to use dl_list 2009-12-19 13:47:00 +02:00
Jouni Malinen
dacf478352 Add generic doubly-linked list implementation 2009-12-19 13:43:25 +02:00
Masashi Honma
1c9c03d08d Mac OS X: Fix driver_osx.c build 2009-12-18 21:25:21 +02:00
Snowpin Lee
649b28f9e6 ralink: Add WPS support 2009-12-18 21:04:11 +02:00
Jouni Malinen
a6fc4f3c82 Change Linux driver wrappers to use shared netlink receive code 2009-12-18 18:24:13 +02:00
Jouni Malinen
62d680c3ca netlink: Move more of the newlink/dellink parsing into shared code 2009-12-18 17:49:07 +02:00
Jouni Malinen
f37cf89ccb netlink: Use NLMSG_OK and NLMSG_NEXT macros 2009-12-18 17:22:35 +02:00
Jouni Malinen
08063178fb nl80211/wext: Share netlink new/del link event receive code 2009-12-18 17:11:54 +02:00
Jouni Malinen
e2d02c29b5 driver_nl80211/wext: Share netlink operstate send function
As an initial step in sharing netlink helper functions among driver
wrappers, create a new file for netlink code and move operstate send
function there.
2009-12-18 16:35:33 +02:00
Jouni Malinen
3b31db5199 Fix netlink payload length calculation
nlmsghdr length needs to be removed from payload length. [Bug 341]
2009-12-18 16:14:54 +02:00
Jouni Malinen
67f0112d83 driver_test: Fix AP mode to initialize bss_ctx for first interface 2009-12-16 16:01:54 +02:00
Jouni Malinen
cdc7f66bda Fix driver_nl80211.c build without CONFIG_CLIENT_MLME 2009-12-14 21:13:58 +02:00
Jouni Malinen
d986b1b6c1 OpenSSL: Silence "Failed to read possible Application Data"
This message from tls_connection_handshake() is not really an error in
most cases, so do not show it if there was indeed no Application Data
available (which is a normal scenario and not an indication of any
error).
2009-12-14 16:09:20 +02:00
Jouni Malinen
b57e086cc1 Mark management frame processing functions to use const buffer 2009-12-13 23:25:30 +02:00
Jouni Malinen
ba091c06c5 Mark ieee802_11_parse_elems() input and parsed elems const
In addition, re-order IE pointers and u8 length so that the shorter
length fields are together to allow compiler to optimize structure size.
2009-12-13 23:11:11 +02:00
Jouni Malinen
f8b1f69561 Use generic driver events for TX status and RX reporting
Replace driver wrapper calls to hostapd_tx_status(),
hostapd_rx_from_unknown_sta(), hostapd_mgmt_rx(), and
hostapd_mgmt_tx_cb() with new generic driver events
EVENT_TX_STATUS, EVENT_RX_FROM_UNKNOWN, and EVENT_RX_MGMT.

This cleans up lot of the driver wrapper code to be less dependent
on whether it is being used within wpa_supplicant AP mode or hostapd.
2009-12-13 23:05:39 +02:00
Jouni Malinen
1b648c7e1a nl80211: Remove some of the unnecessary conditional compilation
These functions can be built for both hostapd and wpa_supplicant.
2009-12-13 21:49:53 +02:00
Jouni Malinen
fcf0f87d97 Replace hostapd_button_pushed() with generic driver event 2009-12-13 21:21:10 +02:00
Jouni Malinen
1cd973d501 Replace hostapd_michael_mic_failure() with generic driver event 2009-12-13 21:17:11 +02:00
Jouni Malinen
85cc05110d driver_test: Merge drv->hapd into drv->ctx
A separate struct hostapd_data pointer is not really needed anymore
and the generic context pointer can be used instead.
2009-12-13 18:57:57 +02:00
Jouni Malinen
8043e72589 Add BSS ctx to if_add() driver op
This remove the need from driver_test.c to go through internal hostapd
structures to find the appropriate BSS when reporting events on secondary
BSSes.
2009-12-13 18:54:11 +02:00
Jouni Malinen
0de39516ae Map STA flags into values defined in driver.h
This removes need for including hostapd/sta_flags.h into driver
wrappers and removes any remaining dependencies between driver flags
and internal hostapd flags.
2009-12-13 11:35:39 +02:00
Jouni Malinen
60c8cfb4fb Remove usused flags parameter from sta_add() driver op 2009-12-13 11:05:22 +02:00
Jouni Malinen
c9b9e494fc driver_bsd: Fix build after previous commit 2009-12-12 23:55:09 +02:00
Jouni Malinen
af586419fd Add more WPA/IEEE 802.1X parameters into set_ieee8021x() driver op
This gets rid of the need to touch internal hostapd data structures
directly from the driver wrappers.
2009-12-12 23:50:29 +02:00
Jouni Malinen
ff2a74eeb1 driver_bsd: Fix build (eapol_sm.h is not needed anymore) 2009-12-12 23:33:43 +02:00
Jouni Malinen
e3bd3912ca Change set_ieee8021x driver op to use parameters structure
This makes it easier to extent the set of parameters passed to
this driver wrapper function.
2009-12-12 23:32:44 +02:00
Jouni Malinen
08fd8c15a0 Replace direct driver call to wpa_ft_rrb_rx() with driver event
This avoids need to include hostapd/wpa.h into the driver wrappers.
2009-12-12 22:43:26 +02:00
Jouni Malinen
c779b04ab6 driver_wired: Share multicast membership add/drop function 2009-12-12 22:18:37 +02:00
Jouni Malinen
caf005b0fe driver_wired: Remove unneeded conditional building blocks 2009-12-12 22:07:29 +02:00
Jouni Malinen
50b5bf4eda Remove obsolete Prism54.org driver support (driver_prism54.c)
The Prism54.org project seems have been dead for a while and it does not
look like this driver would ever be maintained again. Furthermore, it is
difficult to find a version that would work with the driver_prism54.c
wrapper and there is another driver for these card in the Linux kernel
tree.

The hostapd integration in driver_prism54.c is quite different from the
other driver wrappers and would require major effort to get it cleaned
up. Since there does not seem to be any real users for the cleaned up
version, there does not seem to be justification to spend this effort on
the wrapper. This old code is making it much more difficult to clean up
the driver interface and at this point, the best option seems to be to
remove the driver wrappers. Should someone really still need this, the
old code will continue to be available in hostapd 0.6.x.
2009-12-12 20:52:12 +02:00
Jouni Malinen
0531006644 driver_wired: Move STA entry processing away from driver wrapper
Get rid of hostapd/sta_info.h dependency by introducing a new driver
callback function for hostapd.
2009-12-12 20:39:25 +02:00
Jouni Malinen
7e683ceeb4 WPS: Handle Selected Registrar as a union of info from all Registrars
Instead of using the latest selected registrar change, collect selected
registrar information separately from all registrars and use the union
of this information when building the WPS IE for Beacon and Probe
Response frames.

Note: SetSelectedRegistrar UPnP action does not include a unique
identifier, so the ER matching routine is based only on the IP address
of the ER. In theory, there could be multiple ERs using the same IP
address (but different port or URL), so there may be some corner cases
that would not always match the correct ER entry at the AP. Anyway, this
is not really expected to occur in normal use cases and even if it did
happen, the selected registrar information is not any worse than it was
before when only the last change from any registrar for being
advertized.
2009-12-12 16:54:59 +02:00
Jouni Malinen
6a029035f5 WPS: Move POST URL validation into web_connection_parse_post()
This is more logical location for checking the URL and potentially
handling a call to another URL handler. In addition, return 404 error,
not invalid UPnP action, if the URL does not match.
2009-12-12 16:48:50 +02:00
Jouni Malinen
ed74dcd512 WPS: Remove an obsolete comment about UPnP actions and callbacks 2009-12-12 16:48:18 +02:00
Jouni Malinen
5e9c730a2b WPS: Remove unnecessary GetDevice and PutMessage callbacks
These callbacks can be handled internally within core WPS code, so there
is no need to go through wps_hostapd.c with a callback function that is
just calling back into the core WPS code.
2009-12-12 16:47:39 +02:00
Jouni Malinen
d0d45d8276 WPS: Remove unnecessary SetSelectedRegistrar callback
This can be handled internally within core WPS code, so there is no
need to go through wps_hostapd.c with a callback function that is just
calling back into the core WPS code.
2009-12-12 16:46:33 +02:00
Jouni Malinen
9008a3e44d Merge get_seqnum_igtk() driver op with get_seqnum()
IEEE 802.11w uses distinct key indexes (4 and 5) so the same
get_seqnum() handler can be used to fetch packet number for both
TKIP/CCMP and BIP(using IGTK).

Since the new get_seqnum_igtk() handler was not actually implemented by
any driver wrapper, this may also fix BIP/IGTK sequence number reporting
with driver_nl80211.c.
2009-12-11 00:15:54 +02:00
Jouni Malinen
90b8c4c5f8 Add Doxygen comments for rest of struct wpa_driver_ops members
All members have now at least minimal documentation.
2009-12-10 21:11:33 +02:00
Jouni Malinen
6fe8296197 Move vendor-specific IE type defines away from driver.h
These are generic IEEE 802.11 defines and do not really need to be in
the driver interface specific header file.
2009-12-10 12:27:46 +02:00
Jouni Malinen
15333707d5 Add more documentation for driver ops 2009-12-10 01:21:01 +02:00
Masashi Honma
bab31499fd EAP-TTLS/PAP: User-Password obfuscation for zero length password
The password in User-Password AVP is padded to a multiple of 16 bytes
on EAP-TTLS/PAP. But when the password length is zero, no padding is
added. It doesn't cause connectivity issue. In fact, I could connect
with hostapd RADIUS server with zero length password.

I think it's better for obfuscation to pad the 16 bytes data when the
password length is zero with this patch.
2009-12-09 23:42:54 +02:00
Jouni Malinen
3484a18a13 hostapd: Remove unused bridge_packets configuration option
There was code for configuring this, but no driver wrapper actually
implements the actual setting. Remove this for now to reduce potential
confusion and to simply the driver interface.
2009-12-09 22:06:43 +02:00
Jouni Malinen
fb7842aa51 Remove struct hostapd_rate_data from driver API
In addition to the bitrate, the only other variable in this structure
is used internally in hostapd. Move this structure into hostapd.h and
make the driver API use simpler data structure (array of bitrates).
2009-12-09 21:57:50 +02:00
Jouni Malinen
217e7eeaf0 Remove unused rate flags from driver use
These are not really used and can be removed to clean up the driver
interface definition. The only remaining flag (HOSTAPD_RATE_BASIC) can
be removed once the basic rate set indication can be handled
differently.
2009-12-09 21:38:14 +02:00
Jouni Malinen
22a7c9d735 Merge bss_add/bss_remove drivers ops into if_add/if_remove
if_add/if_remove can now be used as the generic driver ops for adding
and removing virtual interfaces of various types. In addition,
driver_nl80211.c is now including this code unconditionally, so that
the functions are not limited only for hostapd.
2009-12-09 16:49:28 +02:00
Jouni Malinen
b5996353e7 Remove unused if_update() driver op 2009-12-09 15:47:20 +02:00
Masashi Honma
2a91091e15 Fix driver_bsd.c build
On NetBSD 5.0.1, driver_bsd.c build fails with message below.

../src/drivers/driver_bsd.c: In function 'wpa_driver_bsd_associate':
../src/drivers/driver_bsd.c:1170: warning: implicit declaration of function 'wpa_driver_bsd_set_auth_alg'
../src/drivers/driver_bsd.c: At top level:
../src/drivers/driver_bsd.c:1204: error: static declaration of 'wpa_driver_bsd_set_auth_alg' follows non-static declaration
../src/drivers/driver_bsd.c:1170: error: previous implicit declaration of 'wpa_driver_bsd_set_auth_alg' was here
gmake: *** [../src/drivers/driver_bsd.o] Error 1

This patch solves this issue.
2009-12-07 21:35:35 +02:00
Jouni Malinen
644a8f2208 Remove unused phytype RX info variable 2009-12-06 18:54:58 +02:00
Jouni Malinen
5c90d47657 Move EAP-SIM DB conditional build into hostapd 2009-12-06 18:23:53 +02:00
Jouni Malinen
74784010af Remove conditional no-RADIUS build from src/radius
Make it responsibility of the src/radius user to handle conditional
build rules.
2009-12-06 17:53:59 +02:00
Jouni Malinen
ab7ddc74ad Move asn1_test.c into tests subdirectory and split it in two
The new test-asn1 and test-x509 tools are built using libraries
from src/{utils,crypto,tls}. Currently, cross dependencies between
crypto and tls are still preventing the test-x509 from being linked
properly.
2009-12-06 16:45:36 +02:00
Jouni Malinen
0e574b07f8 Move hlr_auc_gw into hostapd directory
This is a separate program and is used mainly with hostapd, so it is
better to move this into the hostapd subdirectory now that Milenage
code has already been moved into src/crypto. Milenage was the only
generic component in hlr_auc_gw.
2009-12-06 16:33:19 +02:00
Jouni Malinen
912321e935 Add rules for building src/tls/libtls.a and use it with eap_example
eap_example is now using src/crypto/libcrypto.a and src/tls/libtls.a
instead of providing own rules for building the files for these
components. TLS library selection is temporarily disabled for
eap_example (it will be built using internal crypto/TLS), but the
configuration option for this will eventually be restored with a new
libcrypto.a configuration option.
2009-12-06 16:27:54 +02:00
Jouni Malinen
e77e0a8320 Include functionality to support EAP-FAST unconditionally
Clean up the internal TLS implementation by removing conditional
build blocks for (mostly) EAP-FAST specific functionality. This
will increase the size a big for non-EAP-FAST builds, but is quite
helpful in making src/tls/libtls.a with single build options. If
the potential size reduction is considered significant in the future,
this can be reconsider with a more library compatible way (e.g.,
external file with registration function, etc.).
2009-12-06 16:20:32 +02:00
Jouni Malinen
1a70777868 Remove unneeded CONFIG_INTERNAL_X509 and NEED_SHA256 defines 2009-12-06 16:19:13 +02:00
Jouni Malinen
be473f3f09 Split crypto_internal.c into parts to clean up build
This makes it easier to make src/libcrypto.a and only link in
code that is really used.
2009-12-06 14:37:46 +02:00
Jouni Malinen
507d87930c Fix rsn_preauth_scan_result() inline wrapper for no-EAP builds 2009-12-06 14:29:12 +02:00
Jouni Malinen
4bb1228e1c Use thin archives to allow libraries to be merged
This allows libeap.a and libeap.so to be built by merging in multiple
libraries from src subdirectories. In addition, this avoids wasting
extra space and time for local builds.
2009-12-06 13:49:31 +02:00
Jouni Malinen
f721aed4b1 Increase EAP server extra room for encryption overhead (for GnuTLS)
This fixes issues with some GnuTLS versions that seem to be adding
quite a bit of extra data into TLS messages. The EAP server code is
now using the same 300 byte extra room that was already used in the
EAP peer implementation.
2009-12-06 12:02:28 +02:00
Jouni Malinen
127608152e Move EAP method registration away from src/eap_{peer,server}
This makes it easier to make a library out of EAP methods without
losing possiblity of binary size optimization by linker dropping
unreferenced code.
2009-12-06 11:28:41 +02:00
Jouni Malinen
2d106f21aa Remove unnecessary defines
The following defines are not really needed in most places, so
remove them to clean up source code and build scripts:
EAP_TLS_FUNCS
EAP_TLS_OPENSSL
EAP_TLS_GNUTLS
CONFIG_TLS_INTERNAL
2009-12-05 22:51:08 +02:00
Jouni Malinen
36ee258db7 Add forgotten files into libcrypto.a 2009-12-05 22:25:50 +02:00
Jouni Malinen
631afd993f Add rules for building src/crypto as a library
For now, this is hardcoded to support only the internal crypto
implementation.
2009-12-05 22:03:46 +02:00
Jouni Malinen
6a230ba274 Add build rules for building a library from src/utils files
This is an initial step on providing an alternative build system that
uses libraries from src subdirectories.
2009-12-05 21:39:41 +02:00
Jouni Malinen
953f83439b Move Milenage test code into the new tests directory 2009-12-05 21:14:08 +02:00
Jouni Malinen
43df4cc2ca Move milenage.[ch] into src/crypto 2009-12-05 21:00:52 +02:00
Jouni Malinen
1801bd7fae Move base64 test code into a new tests subdirectory 2009-12-05 20:43:07 +02:00
Jouni Malinen
a95795ad61 nl80211: Add extra IEs into IBSS join request
This allows RSN IE to be added into Beacon and Probe Response frames
when using RSN IBSS.
2009-12-04 22:20:59 +02:00
Jouni Malinen
5cc4d64bf2 nl80211: Add support for IBSS networks 2009-12-04 00:15:32 +02:00
Jouni Malinen
362bd35f2d Add more Doxygen documentation for RADIUS server implementation 2009-12-02 21:29:32 +02:00
Jouni Malinen
d72aad942b nl80211: Clear BSS state mismatches with deauth as a workaround
There seem to be some cases in which wpa_supplicant and
cfg80211/mac80211 seem to have different understanding on
authentication/association state. Since cfg80211/mac80211 is very strict
on when it accepts new authentication/association/scan commands, try our
best at clearing such state mismatches by explicitly deauthenticating
from BSSes with which the driver claims we are associated with if we do
not have local information about such association.
2009-12-02 17:54:57 +02:00
Jouni Malinen
e6b8efeba0 nl80211: Add debug prints for BSS status in scan results
Print what the kernel believes the current BSS status (authenticated
or associated) is in scan results. In addition, check whether this
matches with the state that wpa_supplicant believes the driver to be
in.

This does not change the actual behavior, but will provide information
that will help in debugging potential issues where cfg80211/mac80211
seems to get into a different state from wpa_supplicant. In addition,
this provides an easy location for a workaround that could be added to
clear cfg80211/mac80211 state for unknown BSSes.
2009-12-02 16:45:31 +02:00
Jouni Malinen
e0e14a7bc3 Move internal EAPOL authenticator defines into their own file
This is an initial step in further cleaning up the EAPOL authenticator
use to avoid requiring direct accesses to the internal data structures.
For now, number of external files are still including the internal
definitions from eapol_auth_sm_i.h, but eventually, these direct
references should be removed.
2009-11-29 23:16:04 +02:00
Jouni Malinen
03da66bd59 Remove src/crypto from default include path
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.
2009-11-29 23:04:43 +02:00
Jouni Malinen
ffa2a30e33 Add Makefile for the new src/eapol_auth directory 2009-11-29 20:21:25 +02:00
Jouni Malinen
b60d6f61e4 Make HOSTAPD_DUMP_STATE configurable with CONFIG_NO_DUMP_STATE
This removes the hardcoded definition from Makefile and cleans up
source code by moving the mail HOSTAPD_DUMP_STATE blocks into separate
files to avoid conditional compilation within files.
2009-11-29 20:18:47 +02:00
Jouni Malinen
281c950be4 Move EAPOL authenticator state machine into src/eapol_auth
This is now completely independent from hostapd-specific code, so
it can be moved to be under the src tree.
2009-11-29 20:03:28 +02:00
Jouni Malinen
2773ca093e Replace eap_type_text() with EAP server methods function
While this may not include knowledge of all EAP methods since this
depends on build configuration, it is better to not have to include
ieee802_1x.h into eapol_sm.c.
2009-11-29 18:57:15 +02:00
Jouni Malinen
0c3abf8d22 Add driver wrapper callback for WPS push button pressed
This avoids the need to include ../hostapd/wps_hostapd.h into the
driver wrappers.
2009-11-29 18:18:02 +02:00
Jouni Malinen
b8be7f5c03 driver_prism54: Use hostapd_notif_disassoc() instead of private copy 2009-11-29 18:13:15 +02:00
Jouni Malinen
67470d5112 Remove some unneeded header file inclusions 2009-11-29 18:07:08 +02:00
Jouni Malinen
bcd154c343 Include sta_flags.h explicitly, not via sta_info.h 2009-11-29 18:00:39 +02:00
Jouni Malinen
90973fb2fd Remove src/common from default header file path
This makes it clearer which files are including header from src/common.
Some of these cases should probably be cleaned up in the future not to
do that.

In addition, src/common/nl80211_copy.h and wireless_copy.h were moved
into src/drivers since they are only used by driver wrappers and do not
need to live in src/common.
2009-11-29 17:51:55 +02:00
Jouni Malinen
6ae9318536 Split scan processing for RSN preauthentication into parts
This avoids passing the raw scan results into the RSN code and by
doing so, removes the only dependency on src/drivers from the
src/rsn_supp code (or from any src subdirectory for that matter).
2009-11-29 17:06:03 +02:00
Jouni Malinen
120158cc8b Move uuid_gen_mac_addr() from uuid.c into src/wps
This removes the only src/crypto dependency from src/utils files.
2009-11-29 13:15:32 +02:00
Jouni Malinen
197ef6abef nl80211: Remove unneeded header file: ieee802_11_common.h
driver_nl80211.c does not use anything from this header file.
2009-11-29 13:06:44 +02:00
Jouni Malinen
fc4e2d9501 HT: Remove unneeded struct ht_cap_ie wrapper
It is simpler to just use the HT Capabilities IE payload structure
as-is.
2009-11-29 13:04:21 +02:00
Jouni Malinen
3a328c8133 Remove unused/unneeded IEEE 802.11n definitions 2009-11-29 12:43:23 +02:00
Jouni Malinen
be8eb8ab3e Fix AP mode HT Capabilities IE to use A-MPDU Parameters from the driver
Instead of using hardcoded maximum A-MPDU length of 64 kB and no
restrictions on minimum MPDU Start Spacing, use the correct values
reported by the driver.
2009-11-29 12:21:26 +02:00
Jouni Malinen
a49148fd55 Rename HT Capabilities IE fields to match with IEEE Std 802.11n-2009 2009-11-29 12:02:29 +02:00
Jouni Malinen
15ef92d3cc Complete Doxygen documentation for RADIUS client
No more warnings from Doxygen about missing documentation from
radius_client.[ch].
2009-11-29 11:48:28 +02:00
Jouni Malinen
93704f8f95 Remove unused RADIUS client reconfig function
This is not actually used at all and it looks like the rules for
maintaining the old/new RADIUS configuration are not very clear in the
case the RADIUS client configuration did not change. Consequently, it
is better to just remove this for now and if similar functionality is
ever needed, redesign it to be easier to use without causing hard to
find issues with using freed memory.

Simpler approach to reconfiguring the RADIUS client would involve
just deinitializing the old context unconditionally and initializing
a new one whenever the configuration could have changed.
2009-11-28 23:04:35 +02:00
Jouni Malinen
5843e1c9a6 Move acct_interim_interval away from RADIUS client configuration
This is not used at all inside RADIUS client and as such, it belongs
into hostapd configuration.
2009-11-28 23:03:20 +02:00
Jouni Malinen
df1e24aceb Improved Doxygen documentation for RADIUS client code 2009-11-28 23:00:29 +02:00
Jouni Malinen
8d5aca73bb Fix doxygen file level comments 2009-11-28 21:34:14 +02:00
Jouni Malinen
e8f5625c45 Fix doxygen file level comments 2009-11-28 21:14:36 +02:00
Jouni Malinen
ed45947e9b WPS: Update couple of missed Primary Device Type uses 2009-11-26 11:54:37 +02:00
Jouni Malinen
96750ea5e5 WPS: Clean up Primary Device Type handling
Use shared functions for converting Primary Device Type between binary
and string formats. In addition, use array of eight octets instead of a
specific structure with multiple fields to reduce code complexity.
2009-11-26 11:39:29 +02:00
Jouni Malinen
8e2c104fa1 Resolve some sparse warnings
Mainly, this is including header files to get definitions for functions
which is good to verify that the parameters match. None of these are
issues that would have shown as incorrect behavior of the program.
2009-11-25 00:57:00 +02:00
Jouni Malinen
ec8d20187d Remove obsoleted get_scan_results() driver_ops
This has now been replaced with get_scan_results2() in every
in-tree driver.
2009-11-23 21:33:37 +02:00
Jouni Malinen
c2e8d0a092 Remove deprecated scan and set_probe_req_ie driver_ops
These have been replaced with scan2 driver_ops that provides all
parameters in a single call.
2009-11-23 21:13:46 +02:00
Jouni Malinen
4a867032ae Remove deprecated driver_ops handlers
This gets rid of previously deprecated driver_ops handlers set_wpa,
set_drop_unencrypted, set_auth_alg, set_mode. The same functionality
can be achieved by using the init/deinit/associate handlers.
2009-11-23 20:22:38 +02:00
Jouni Malinen
e90bba4c59 Add cleared deprecation notes on iwl,ndiswrapper,madwifi(sta) wrappers
These driver wrappers should not be used anymore; WEXT should be used
instead. However, there may still be users stuck on older kernel versions
that may require driver specific wrappers, so the source code still
remains in the repository.
2009-11-23 17:08:59 +02:00
Jouni Malinen
642187d6bf Merge set_key and hapd_set_key driver_ops into a single function 2009-11-23 16:58:32 +02:00
Jouni Malinen
fd7a5dd15f Move HOSTAPD_MTU definition into driver_hostap.c
This moves the MTU definition into driver_hostap.c since it was really
meant to be specific to this driver. Since this was the last remaining
definition in hostapd_defs.h, remove that header file as unnecessary.
2009-11-23 16:21:07 +02:00
Jouni Malinen
0715247aa8 Remove unneeded set-MTU operation from drivers
This code was copied from driver_hostap.c where it is used with the
special wlan#ap interface. It was not supposed to be used to change
the MTU for a normal data interface.
2009-11-23 16:17:41 +02:00
Jouni Malinen
d994a9b54e Move definitions away from hostapd_defs.h
Clean up definitions to reduce need to include header files from the
hostapd directory into files under the src subdirectories.
2009-11-23 16:14:39 +02:00
Jouni Malinen
c1bb3e0a62 nl80211: Build some client functionality unconditionally
Even though this makes the hostapd version a bit larger, the code will
be easier to maintain with the reduced number of complex ifdef blacks.
2009-11-23 15:40:29 +02:00
Jouni Malinen
dbb2618300 nl80211: Remove last remaining WEXT code
Clean up driver_nl80211.c by gettign rid of the last remaining WEXT use.
This requires that a recent mac80211 version is used to get full protection
in station mode via the authorized flag (IEEE 802.1X PAE).
2009-11-23 15:30:05 +02:00
Jouni Malinen
5d67487244 Merge set_beacon driver_ops into a single one
Clean up driver interface by merging hostapd and wpa_supplicant
specific set_beacon driver_ops into a single one. In addition,
merge set_beacon_int into to the same operation.
2009-11-23 15:26:05 +02:00
Jouni Malinen
3c2166d63c WPS: Do not try to send byebye advertisements if socket is not valid
If initialization fails, we could potentially try to sendto() on -1
socket which would fail. No point in doing that, so just return early
from the function.
2009-11-21 22:00:33 +02:00
Jouni Malinen
3617d81a70 Fix a typo in a comment 2009-11-21 21:13:19 +02:00
Jouni Malinen
55d0b0831e OpenSSL: Remove unneeded MinGW CryptoAPI compat code
The current MinGW/w32api versions seem to provide all the needed CryptoAPI
functions, so the code for loading these dynamically from the DLL can be
removed.
2009-11-21 20:33:41 +02:00
Jouni Malinen
e3992c3381 GnuTLS: Fix compilation with newer GnuTLS versions
Avoid duplicate defination of TLS_RANDOM_SIZE and TLS_MASTER_SIZE.
2009-11-21 20:23:58 +02:00
Jouni Malinen
6d798e8b7e Fix strict aliasing issue with the internal SHA-1 implementation
Need to define the workspace buffer properly to allow compiler to handle
strict aliasing between the incoming unsigned char[64] buffer as an u32
array. The previous version built with strict aliasing enabled can
result in SHA-1 producing incorrect results and consequently, with
4-way handshake failing.

This is based on a report and patch from Dan Williams <dcbw@redhat.com>
but with a different type (the union) used as a fix to avoid needing
extra type casting.

Discovered as part of the investigation of:

https://bugzilla.redhat.com/show_bug.cgi?id=494262#c32

if sha1 is built with gcc without turning off strict aliasing, it will
fail to correctly generate the hashes and will fail its own testcases as
well.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2009-11-21 20:17:24 +02:00
Jouni Malinen
11ff95783e WPS ER: Deinitialize protocol instance with STA after completion
In addition, remove the WPS ER Enrollee entry 10 seconds after
successful completion of the protocol run.
2009-11-21 18:39:12 +02:00
Jouni Malinen
a34a330706 WPS ER: Use random event identifier in event URL
This avoids some issues in cases where the ER has been started and
stopped multiple times on the same address and an AP may have stored
multiple event notification addresses for the same ER. The random
identifier allows the ER to filter out unexpected messages from further
processing.
2009-11-21 18:15:37 +02:00
Jouni Malinen
3f6dc111ff WPS: Cleanup subscription URL list handling
Do not give the allocated memory to the subscription code since it was
not using it as-is anyway. This makes it easier to understand who owns
the allocation an is responsible of freeing it. This may potentially
fix some memory leaks on error paths.
2009-11-21 18:06:02 +02:00
Jouni Malinen
ec72bd0c77 WPS ER: Move SSDP functionality into a separate file 2009-11-21 17:26:23 +02:00
Jouni Malinen
e694b34474 WPS ER: Add more AP information into the ctrl_interface message
This allow wpa_gui to show AP BSSID, WPS State (configured/unconfigured),
and primary device type.
2009-11-21 13:34:23 +02:00
Jouni Malinen
c3016248f4 WPS ER: Fetch AP's M1 to learn device type and WPS state 2009-11-21 13:13:02 +02:00
Jouni Malinen
52a45d20dd WPS ER: Use (addr,UUID) as the key for AP entries
This allows multiple WPS AP instances to be supported per IP address.
2009-11-21 12:51:40 +02:00
Jouni Malinen
7a082a83f0 WPS ER: Stop AP unlink loop on match
There is no need to continue through the list after this, since the
same AP entry can only be listed once.
2009-11-21 12:18:24 +02:00
Jouni Malinen
6a1e492a81 WPS ER: Move STA entry unlinking into a separate function 2009-11-21 12:18:03 +02:00
Jouni Malinen
7c04d5ec6c WPS ER: Fix AP entry freeing on timeout
Must unlink the entry first before trying to remove it to avoid
leaving behind pointers to freed memory.
2009-11-21 12:12:49 +02:00
Jouni Malinen
b3f371cabf WPS ER: Refresh ER data on WPS_ER_START when already started
This sends out the AP and Enrollee notifications for all tracked
devices and generates a new SSDP search to find more APs.
2009-11-20 21:57:30 +02:00
Jouni Malinen
7c009db2a6 WPS ER: Fix Enrollee entry freeing on timeout
Must unlink the entry first before trying to remove it to avoid
leaving behind pointers to freed memory.
2009-11-20 21:56:39 +02:00
Jouni Malinen
a3c6598fcd Add 'none' driver as an option for wpa_supplicant
This can be used, e.g., with WPS ER when no network interface is
actually used for IEEE 802.1X or wireless operations.
2009-11-20 21:12:49 +02:00
Jouni Malinen
4bdd556886 WPS: Fix MAC Address inside Credential be that of Enrollee's
The WPS 1.0h specification is quite unclear on what exactly should be
used as the MAC Address value in the Credential and AP Settings. It
looks like this should after all be the MAC Address of the Enrollee,
so change Registrar implementation to use that address instead of the
AP BSSID.

In addition, add validation code to the Enrollee implementation to
check the MAC Address value inside Credential (and also inside AP Settings)
to make sure it matches with the Enrollee's own address. However, since
there are deployed implementations that do not follow this interpretation
of the spec, only show the mismatch in debug information to avoid breaking
interoperability with existing devices.
2009-11-19 00:31:57 +02:00
Jouni Malinen
62fa124ce2 nl80211/SME: Use reassociation when roaming within the ESS 2009-11-17 19:25:05 +02:00
Jouni Malinen
33417cd75c WPS ER: Clear WPS protocol run on PutMessage failure 2009-11-15 22:56:39 +02:00
Jouni Malinen
2c073ad43d WPS ER: Deinit WPS protocol data when freeing AP entry 2009-11-15 22:53:10 +02:00
Jouni Malinen
cef4652f2c WPS ER: Use learnt AP settings to build credentials for an Enrollee 2009-11-15 22:46:30 +02:00
Jouni Malinen
e64dcfd54b WPS ER: Add command for fetching current AP settings 2009-11-15 22:27:06 +02:00
Jouni Malinen
82b857ec0b WPS: Determine the OpCode based on message type attribute (UPnP)
This allows WSC_ACK and WSC_NACK to be processed correctly in the AP
when operating as an Enrollee with an ER over UPnP transport.
2009-11-15 22:23:49 +02:00
Jouni Malinen
f6d23cfd9e WPS ER: Do not try to process AP Settings in proxied M7 to ER
In this case, the Enrollee is not an AP, so do not try to process
AP Settings in M7.
2009-11-15 18:54:37 +02:00
Jouni Malinen
564cd7fa2c WPS ER: Add preliminary PBC support
This will need some additional code in wps_er_pbc() to handle PBC mode
enabling for a single AP only. For now, this can only be expected to work
when the ER is connected to a single AP.
2009-11-15 18:46:03 +02:00
Jouni Malinen
5d34ab644d WPS ER: Only send Enrollee notification on Probe Request and M1
No need to do this for M3..M7 or NACK/ACK/Done messages.
2009-11-15 18:29:19 +02:00
Jouni Malinen
b78bc3a37e WPS ER: Add ctrl_iface notifications for AP/Enrollee add/remove 2009-11-15 12:07:27 +02:00
Jouni Malinen
462adee5fe WPS ER: Store AP UUID in binary format for future use 2009-11-15 11:07:20 +02:00
Jouni Malinen
fcac668faa WPS: Use a dummy WSC_ACK as WLANEvent as the initial event if needed
UPnP device architecture specification requires all evented variables to
be included in the initial event message after subscription. Since this
can happen before we have seen any events, generated a dummy event
(WSC_ACK with all-zeros nonces) if needed.
2009-11-15 01:11:28 +02:00
Jouni Malinen
44577e4c2e WPS: Send SSDP byebye notifications when stopping UPnP advertisements
This will notify control points of the services going away and allows
them to notice this without having to wait timeout on the
initial advertisements.
2009-11-15 00:46:58 +02:00
Jouni Malinen
d806a5588e WPS: Remove derivation of management keys
MgmtAuthKey and MgmtEncKey were not used for anything and are unlikely
to ever be used, so better remove the code to reduce binary size.
2009-11-14 14:18:15 +02:00
Jouni Malinen
00785aba71 WPS: Remove unused WFA WLANConfig Service actions
This removes following WFA WLANConfig Service actions and the related
state variables: GetAPSettings, SetAPSettings, DelAPSettings,
GetSTASettings, SetSTASettings, DelSTASettings, RebootAP,
ResetAP, RebootSTA, ResetSTA.

While WFA WLANConfig Service version 1.0 claims that some of these are
mandatory to implement for an AP, there are no known implementations
supporting these actions neither in an AP/proxy or an External Registrar
that would use them. These are unlikely to be supported in the future
either and as such, it is just simpler to get rid of them to clean up
the implementation and reduce code size.
2009-11-14 14:08:58 +02:00
Jouni Malinen
7ec2e26ddf WPS ER: Fix Op-Code for WSC_{ACK,NACK,Done}
When using UPnP transport, the Op-Code is not included, but the WPS
frame processing will need this. Generate a matching Op-Code based
on the message type.
2009-11-13 22:40:27 +02:00
Jouni Malinen
ed835e539b WPS: Fix AP to proxy WSC_NACK to ER 2009-11-13 22:40:07 +02:00
Jouni Malinen
04f5d74077 WPS: Fix OpCode when proxying WSC_ACK or WSC_NACK from ER
Previously, WSC_MSG was hardcoded for every message from ER, but
this needs to be changed based on message type to send a valid
message to the Enrollee via EAP transport.
2009-11-13 22:29:31 +02:00
Jouni Malinen
72df2f5fc6 WPS ER: Add PIN configuration and SetSelectedRegistrar call
New PINs can now be added to WPS ER. This results in the ER code
using SetSelectedRegistrar to modify AP state so that Enrollees
will be able to notice the actice registrar more easily.
2009-11-13 22:07:11 +02:00
Jouni Malinen
d64d9ddf6c WPS: Fix http_link_update() to nul terminate the result 2009-11-13 22:05:11 +02:00
Jouni Malinen
ecc6d04b89 WPS ER: Add PutWLANResponse generation and transmission
This allows the M2D message to be transmitted as a response to the
Enrollee via the proxying AP.
2009-11-12 01:24:50 +02:00
Jouni Malinen
b345031997 WPS ER: Add STA/Enrollee entries and start processing EAP messages
This keeps STA/Enrollee entries up to date and sets up registration
protocol session. M1 is processed and M2D generated, but the there
is no code yet to transmit the response back to the AP with
PutWLANResponse.
2009-11-11 23:50:17 +02:00
Felix Fietkau
6980c19127 hostapd: fix AP mode initialization for nl80211
Always bring down the wlan interface, even when not changing the
BSSID, the interface also needs to be down for changing its type
from managed to AP mode.
2009-11-11 16:47:01 +02:00
Jouni Malinen
dc6d9ac250 WPS ER: Parse WLANEvent notifications and send HTTP response
The receive Probe Request and EAP-WSC notifications are now parsed
(including the TLVs in them) and contents is shown in the debug log.
Actual processing of the received information is still missing (TODO
comments indicate the needed functionality).
2009-11-11 00:23:22 +02:00
Jouni Malinen
feae037c25 driver_prism54: Use os_zalloc instead of malloc to clear memory
This will make sure the full buffer is initialized even if some
fields were not explicitly set.
2009-11-10 17:08:33 +02:00
Jouni Malinen
6689218ec7 Fix comparison to use correct symbol name (__rand vs. rand)
rand would be the address of rand() function and never NULL. The previous
version could have crashed on invalid AKA-AUTS command. Though, these
commands are only from hostapd which sends valid requests and as such,
the actual issue did not show up.
2009-11-10 16:51:59 +02:00
Jouni Malinen
69856fadf7 Add wpa_msg_ctrl() for ctrl_interface-only messages
This is like wpa_msg(), but the output is directed only to
ctrl_interface listeners. In other words, the output will not be
shown on stdout or in syslog.

Change scan result reporting to use wpa_msg_ctrl() for
CTRL-EVENT-SCAN-RESULTS message at info level and wpa_printf() at
debug level to avoid showing scan result events in syslog in the
common configuration used with NetworkManager.
2009-11-10 15:59:41 +02:00
Jouni Malinen
efa6481438 WPS: Fixed printf size_t warning on 32-bit builds 2009-11-10 11:30:11 +02:00
Jouni Malinen
097c7b3723 WPS ER: Subscribe to UPnP events
This adds code to start a HTTP server and to subscribe to UPnP events
from each discovered WPS AP. The event messages are received, but there
is not yet any code to actually parse the contents of the event.
2009-11-09 20:01:50 +02:00
Jouni Malinen
875a4e5936 WPS: Read HTTP request within HTTP server code
This removes HTTP related code from wps_upnp_web.c and makes it easier
to use HTTP server functionality for new uses (e.g., WPS ER).
2009-11-08 22:33:34 +02:00
Jouni Malinen
b905c4a398 WPS: Add HTTP server module
Clean up code so that UPnP implementation does not need to include all
the HTTP functionality. In addition, make it easier to share HTTP server
functionality with other components in the future.
2009-11-08 17:26:55 +02:00
Jouni Malinen
585774f28a WPS ER: Fetch and parse device description 2009-11-08 16:46:03 +02:00
Jouni Malinen
0b40d03394 WPS: Move generic UPnP XML helper functionality into a separate file 2009-11-08 14:06:01 +02:00
Jouni Malinen
092794f480 WPS: Add HTTP client module to clean up code
Instead of implementing HTTP client functionality inside
wps_upnp_event.c, use a generic HTTP client module to do this. The HTTP
client code can now be shared more easily for other purposes, too.
2009-11-08 12:35:37 +02:00
Jouni Malinen
b02ee4a228 WPS: Mark functions static
These functions are used only within wps_upnp_event.c.
2009-11-07 17:04:19 +02:00
Jouni Malinen
e9bcfebfce WPS: Add initial part of External Registrar functionality
This is the first step in adding support for using wpa_supplicant as a
WPS External Registrar to manage APs over UPnP. Only the device
discovery part is implemented in this commit.
2009-11-07 12:41:01 +02:00
Jouni Malinen
08eb154db5 Fix MCS set field to be based on driver info
Instead of using hardcoded Rx MCS bitmask (indexes 0..15 enabled),
use the real information from the driver capabilities.
2009-11-05 12:38:47 +02:00
Jouni Malinen
5a641ae01e Use type-punning to avoid breaking strict aliasing rules
While the actual use here would be unlikely to be broken by any C
optimization, it is better to use explicit union construction to let
gcc know about the aliasing and avoid warnings from gcc 4.4.
2009-11-05 12:11:49 +02:00
Jouni Malinen
0ae7b08691 Work around some gcc 4.4 strict-aliasing warnings
gcc 4.4 ends up generating strict-aliasing warnings about some very common
networking socket uses that do not really result in a real problem and
cannot be easily avoided with union-based type-punning due to struct
definitions including another struct in system header files. To avoid having
to fully disable strict-aliasing warnings, provide a mechanism to hide the
typecast from aliasing for now. A cleaner solution will hopefully be found
in the future to handle these cases.
2009-11-04 19:49:14 +02:00
Jouni Malinen
eb999fefcb Add Xcode project file for building wpa_supplicant 2009-11-02 19:37:46 +02:00
Andriy Tkachuk
72ffc08242 WPS: SelectedRegistrar expiration for internal PIN registrar
Though we have such a timeout when handling SetSelectedRegistrar UPnP
message from an external registrar, it looks like we don't have one when
the internal registrar is activated for PIN connection. Thus we set the
SelectedRegistrar flag when AP is activated for PIN connection but we
never reset it - not by some timeout, nor when registration succeeds.
This lead to situations where AP everlastingly declare that it is
activated for WPS PIN connection when in reality it is not.

Use the same timeout (and also success with PIN) to clear the selected
registrar flag when using internal registrar, too.
2009-11-01 22:19:02 +02:00
Jouni Malinen
2e71444516 WPS: Abort ongoing PBC protocol run if session overlap is detected
If PBC session overlap is detected during an ongoing PBC protocol run,
reject the run (if M8, i.e., credentials, have not yet been sent). This
provides a bit longer monitoring time at the Registrar for PBC mode to
catch some cases where two Enrollees in PBC mode try to enroll
credentials at about the same time.
2009-11-01 21:59:30 +02:00
Oleg Kravtsov
63330c6832 WPS: Add PBC overlap and timeout events from WPS module
This provides information about PBC mode result from the WPS Registrar
module. This could be used, e.g., to provide a user notification on the
AP UI on PBC failures.
2009-11-01 21:26:13 +02:00
Jouni Malinen
7e3a67514f WPS: Use Config Error 12 to indicate PBC overlap in M2D
If PBC session overlap is detected between button press on the registrar
and M1 is reception, report session overlap with the Config Error
attribute in M2D to the Enrollee.
2009-11-01 20:57:36 +02:00
Jouni Malinen
e5fc45d7ae Fix dbus build without EAP 2009-10-22 11:11:53 -07:00
Jouni Malinen
08d38568df Move shared MD5/SHA-1 internal definitions into header files 2009-10-17 12:55:12 +03:00
Jouni Malinen
1e8c857abe Move shared DES definitions into a header file 2009-10-17 12:53:27 +03:00
Jouni Malinen
f1739bac4f Move PKCS# {1,5,8} functionality into separate files
This functionality fits better with src/tls (i.e., internal TLS
implementation), so move it there to make crypto_internal.c more
of a wrapper like other crypto_*.c files.
2009-10-17 12:48:55 +03:00
Jouni Malinen
3af9f2983c TLS: Replace set_key helpers to return key instead of status code
The status code was not being used anyway, so it is simpler to
just return the key as is done in crypto functions.
2009-10-17 12:15:46 +03:00
Jouni Malinen
3f4ed97a70 Add support for PKCS #5 encrypted PKCS #8 keys with internal crypto
Private keys can now be used in either unencrypted or encrypted
PKCS #8 encoding. Only the pbeWithMD5AndDES-CBC algorithm (PKCS #5)
is currently supported.
2009-10-17 12:06:36 +03:00
Jouni Malinen
506b45ed22 Add DES-CBC support into internal crypto implementation 2009-10-17 12:05:06 +03:00
Jouni Malinen
8ef74414fc Internal TLS: Add support for unencrypred PKCS#8 private keys in PEM
Recognize the PEM header "BEGIN PRIVATE KEY" as base64-decode the data
to be able to use PEM encoded, unencrypted PKCS#8 private keys with the
internal TLS implementation. Previously, only DER encoding of the
PKCS#8 private key was supported.
2009-10-16 22:00:45 +03:00
Jouni Malinen
43fb529750 Add AP mode WPA status into ctrl_iface 2009-10-16 18:35:45 +03:00
Jouni Malinen
20bd9547a1 Add ctrl_iface events for AP mode STA connect/disconnect
These are used to notify ctrl_iface monitors when a STA completes
connection (the port becomes authorized) and when a STA disconnects.
2009-10-16 17:51:49 +03:00
Jouni Malinen
278da1b52a openssl: Allow build with OpenSSL 0.9.7
OpenSSL 0.9.7 does not include get_rfc3526_prime_1536() function, so
provide that functionality internally if needed. In addition, make
sha256_vector() building depend on whether SHA256 support is included
in the OpenSSL library. This with CONFIG_INTERNAL_SHA256=y in .config
allows OpenSSL without SHA256 support to be used.
2009-10-16 15:57:17 +03:00
Jouni Malinen
d8130bdf13 openssl: Mark openssl_digest_vector() static 2009-10-16 15:54:52 +03:00
Masashi Honma
9b336bcef0 DragonFly BSD: Fix driver_bsd.c build
Both hostapd/wpa_supplicant compilation fails on DragonFly BSD.

This patch solves this issue.

I have tested only compilation. Not functionality.
Because I don't have any device which can work on DragonFly BSD.
2009-10-12 09:56:57 +03:00
Jouni Malinen
6d6f4bb87f nl80211: Work around mac80211 limitation on (re)auth when authenticated
mac80211 does not currently allow (re)authentication when we are already
authenticated. In order to work around this, force deauthentication if
nl80211 authentication command fails with EALREADY. Unfortunately, the
workaround code in driver_nl80211.c alone is not enough since the
following disconnection event would clear wpa_supplicant authentication
state. To handle this, add some code to restore authentication state
when using userspace SME.

This workaround will hopefully become unnecessary in some point should
mac80211 start accepting new authentication requests even when in
authenticated state.
2009-10-12 09:39:55 +03:00
Jouni Malinen
34c9910dc7 Fix EAP-AKA server build without EAP-SIM 2009-10-11 22:23:05 +03:00
Jouni Malinen
38b462868c Clean up crypto makefile segments
Reorganize the TLS/crypto library segments into a single set of blocks
for each library instead of multiple locations handling library-specific
operations. Group crypto functionality together and get wpa_supplicant
and hostapd Makefile closer to eachother in order to make it easier to
eventually move this into a shared makefile.
2009-10-11 22:04:29 +03:00
Jouni Malinen
f042122a57 Allow the internal DH implementation to be overridden
Crypto library wrappers can now override the internal DH (group 5)
implementation. As a starting point, this is done with OpenSSL. The
new mechanism is currently available only for WPS (i.e., IKEv2 still
depends on the internal DH implementation).
2009-10-11 19:17:22 +03:00
Jouni Malinen
dd01b1ff9d Include only the used DH groups in the build
This reduces the binary size by 3 kB or so when WPS is included in
the build, but IKEv2 is not.
2009-10-11 15:24:40 +03:00
Jouni Malinen
b3ad11bb80 nl80211: Add parsing of NL80211_BSS_SEEN_MS_AGO into scan results 2009-10-01 17:53:22 +03:00
Jouni Malinen
d942a79e6a nl80211: Recognize NL80211_CMD_TRIGGER_SCAN events
Replace "nl80211: Ignored unknown event (cmd=33)" with
"nl80211: Scan trigger" to make debug output clearer. We do not
currently do anything with this event apart from showing it in
the debug log.
2009-10-01 13:58:17 +03:00
Jouni Malinen
ebf214e670 NSS: Implement TLS PRF using new TLS extractor interface
This allows NSS to be used to derive EAP-TLS/PEAP/TTLS keying material.
NSS requires a patch from
https://bugzilla.mozilla.org/show_bug.cgi?id=507359
to provide the new API. In addition, that patch needs to be modified to
add the 16-bit context length value in SSL_ExportKeyingMaterial() only if
contextlen != 0 in order to match with the EAP-TLS/PEAP/TTLS use cases.
This issue seems to be coming from the unfortunate incompatibility in
draft-ietf-tls-extractor-07.txt (draft-ietf-tls-extractor-00.txt would
have used compatible PRF construction).

At this point, it is unclear how this will be resolved eventually, but
anyway, this shows a mechanism that can be used to implement EAP key
derivation with NSS with a small patch to NSS.
2009-09-30 20:12:32 +03:00
Author: Johannes Berg
1c766b094a nl80211: Fix a typo in set_sta_vlan()
The VLAN interface index needs to use NL80211_ATTR_STA_VLAN. It was
adding a duplicate NL80211_ATTR_IFINDEX.
2009-09-30 19:23:52 +03:00
Jouni Malinen
289ffc2b61 Add preliminary version of NSS TLS/crypto wrapper for wpa_supplicant
This brings in the first step in adding support for using NSS
(Mozilla Network Security Services) as the crypto and TLS library
with wpa_supplicant. This version is able to run through EAP-PEAP
and EAP-TTLS authentication, but does not yet implement any
certificate/private key configuration. In addition, this does not
implement proper key fetching functions either, so the end result
is not really of much use in real world yet.
2009-09-29 01:21:09 +03:00
Masashi Honma
f335c69e14 DragonFly BSD: Fix wired IEEE 802.1X
On DragonFly BSD, wired IEEE 802.1X fails with this message:
ioctl[SIOC{ADD/DEL}MULTI]: Invalid argument

This patch solves this issue.

I have tested with these:
OS : DragonFly BSD 2.4.0
EAP : EAP-TLS
Switch : Cisco Catalyst 2950
2009-09-28 16:10:02 +03:00
Masashi Honma
40e107c129 Mac OS X: Fix wired IEEE 802.1X 2009-09-26 19:29:03 +03:00
Jouni Malinen
2aa5f84709 nl80211: Use defines for NL80211_KEY_CIPHER values 2009-09-15 11:23:48 +03:00
Jouni Malinen
d723bab4b3 Revert "nl80211: Share the same routine for NL80211_ATTR_KEY_CIPHER setup"
This reverts commit 5aa9cb5cca.

The nested key attribute is using different attribute values
(NL80211_KEY_* vs. NL80211_ATTR_KEY_*), so cannot share the same routine
for these purposes..
2009-09-15 11:21:25 +03:00
Jouni Malinen
5aa9cb5cca nl80211: Share the same routine for NL80211_ATTR_KEY_CIPHER setup 2009-09-15 10:54:41 +03:00
Johannes Berg
0194fedb46 driver_nl80211: Fix MLME key settings for static WEP
Current wpa_supplicant has a bug with WEP keys, it adds a zero-length
sequence counter field to netlink which the kernel doesn't accept.

Additionally, the kernel API slightly changed to accept keys only when
connected, so we need to send it the keys after that. For that to work
with shared key authentication, we also include the default WEP TX key
in the authentication command.

To upload the keys properly _after_ associating, add a new flag
WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE indicating that the driver
needs the keys at that point and not earlier.
2009-09-15 10:48:30 +03:00
Jouni Malinen
611ed49118 Add parsed information from WPS IE(s) into scan results
This makes it easier for external programs to show WPS information
since they do not need to parse the WPS IE themselves anymore.
2009-09-11 17:14:49 +03:00
Jouni Malinen
e9a2bca6f5 WPS: Add parsing of AP Setup Locked attribute 2009-09-11 17:13:59 +03:00
Jouni Malinen
6e4f461270 Fix driver_test for hostapd
Commit 0b55b934ee broke this by not
initializing drv->ap = 1 in hostapd case since the mode updating
code ended up unlinking the socket file. Setting drv->ap = 1
removes the mode change and as such, unlinking of the socket file.
2009-09-11 16:45:34 +03:00
Jouni Malinen
abad3ccb1e Convert WPS IE concat routine to a generic helper
This may also be needed in wpa_supplicant and potentially for other
IE types, too.
2009-09-11 16:36:59 +03:00
Jouni Malinen
630a843f59 driver_test: Update BSS data when using wpa_supplicant AP mode 2009-09-11 00:22:35 +03:00
Jouni Malinen
0b55b934ee driver_test: Implement set_mode for wpa_supplicant AP deinit 2009-09-11 00:17:35 +03:00
Jouni Malinen
86e9f093a0 driver_test: Preliminary support for wpa_supplicant AP functionality 2009-09-10 17:41:29 +03:00
Jouni Malinen
5d5b99ecd3 driver_test: Share the same deinit() for hostapd and wpa_supplicant 2009-09-10 17:03:51 +03:00
Jouni Malinen
c6f726748d driver_test: Merge socket_dir into test_dir 2009-09-10 16:52:03 +03:00
Jouni Malinen
5ae8964079 driver_test: Some additional merging of send_mlme 2009-09-10 16:48:10 +03:00
Jouni Malinen
133032e7bd driver_test: Claim AP mode capability for wpa_supplicant 2009-09-10 16:30:35 +03:00
Jouni Malinen
ac48db0f2b driver_test: Build most of code in unconditionally
It is simpler to just build in all the test driver code regardless
of whether this is for hostapd or wpa_supplicant (which will eventually
get AP mode support with driver_test, too).
2009-09-10 16:28:47 +03:00
Jouni Malinen
41aeddf99a driver_test: Merge wpa_supplicant and hostapd data structures
There is no real need to keep these in separate data structures with
different names.
2009-09-10 16:18:04 +03:00
Alex Badea
7598210b79 radius_server: clean up completed sessions sooner
radius_server_encapsulate_eap() resets sess->eap->if->eap{Success,Fail}
to FALSE, such that the completion condition is never true.

The net effect is that completed sessions would linger for
RADIUS_SESSION_TIMEOUT seconds.

Signed-off-by: Alex Badea <vamposdecampos@gmail.com>

Previously, the default settings allowed 100 sessions in 60 seconds.
With this fix, the default limit is now 100 sessions per 10 seconds.
[Bug 329]
2009-09-09 23:54:03 +03:00
Jouni Malinen
2678509dec WPS: Store device info and make it available through AP ctrl_iface
Store a copy of device attributes during WPS protocol run and make it
available for external programs via the control interface STA MIB
command for associated stations. This gives access to device name and
type which can be useful when showing user information about associated
stations.
2009-09-07 22:09:13 +03:00
Jouni Malinen
52eb293dd2 WPS: Add support for AP reconfiguration with wps_reg
wpa_supplicant can now reconfigure the AP by acting as an External
Registrar with the wps_reg command. Previously, this was only used
to fetch the current AP settings, but now the wps_reg command has
optional arguments which can be used to provide the new AP
configuration. When the new parameters are set, the WPS protocol run
is allowed to continue through M8 to reconfigure the AP instead of
stopping at M7.
2009-09-06 13:58:15 +03:00
Jouni Malinen
7da2c5276d nl80211: Ignore connect/roam/disconnect events when using SME
Getting double association/disassociation events can get core code
confused, so better filter out the extra events.
2009-09-04 16:39:41 +03:00
Zhu Yi
cfaab58007 nl80211: Connect API support
If the driver does not support separate authentication and association
steps, use the connect API instead.
2009-09-03 21:31:29 +03:00
Zhu Yi
da72a1c1ae nl80211: Add connect/disconnect event processing 2009-09-03 20:39:59 +03:00
Zhu Yi
93d1140077 nl80211: Check whether the driver support separate auth/assoc commands
This is an initial step in adding support for the new connect command.
For now, we just add the capability query. The actual use of the new
command will be added separately.
2009-09-03 20:36:09 +03:00
Zhu Yi
8d6ca17813 nl80211: Use defines for cipher suite selectors 2009-09-03 20:21:18 +03:00
Masashi Honma
80cc6bf6d0 OpenBSD: wired IEEE 802.1X for OpenBSD
This is a patch for OpenBSD wired IEEE 802.1X. This is only for wired,
not wireless, because OpenBSD uses wpa_supplicant only on wired now.

http://www.openbsd.org/cgi-bin/cvsweb/ports/security/wpa_supplicant/

I have tested with these.
OS : OpenBSD 4.5
EAP : EAP-TLS
Switch : CentreCOM 8724SL
2009-08-26 23:40:51 +03:00
Masashi Honma
fe23eb5696 WPS: Aggregate deinit calls in WPS OOB
In WPS OOB, deinit_func() is called from 3 locations.
This patch aggregates these to one.
2009-08-26 23:34:54 +03:00
Witold Sowa
3a57305f10 Fix a bug with ap_rx_from_unknown_sta() recursion
ap_rx_from_unknown_sta was going into infinite recursion,
or could even crash because of corrupted pointer cast.
2009-08-26 20:18:24 +03:00
Jouni Malinen
335ce76b1c nl80211: Use two sockets to avoid mixing command replies with events
Previously, both the command replies and unsolicited events were
received from the same socket. This could cause problems if an event
message is received between a command and the response to that command.
Using two sockets avoids this issue.
2009-08-26 12:10:50 +03:00
Jouni Malinen
5cd89c26f9 Disable PMTU discovery for RADIUS packets (sent them without DF)
When Linux has Path MTU discovery enabled, it sets by default the DF bit
on all outgoing datagrams, also UDP ones. If a RADIUS message is bigger
than the smallest MTU size to the target, it will be discarded.

This effectively limits RADIUS messages to ~ 1500 Bytes, while they can
be up to 4k according to RFC2865. In practice, this can mean trouble
when doing EAP-TLS with many RADIUS attributes besides the EAP-Message.
[Bug 326]
2009-08-23 21:32:27 +03:00
Stefan Winter
a2fbf12524 Disable PMTU discovery for RADIUS packets (sent them without DF)
When Linux has Path MTU discovery enabled, it sets by default the DF bit
on all outgoing datagrams, also UDP ones. If a RADIUS message is bigger
than the smallest MTU size to the target, it will be discarded.

This effectively limits RADIUS messages to ~ 1500 Bytes, while they can
be up to 4k according to RFC2865. In practice, this can mean trouble
when doing EAP-TLS with many RADIUS attributes besides the EAP-Message.
[Bug 326]
2009-08-23 21:21:25 +03:00
Jouni Malinen
ad469aecc1 Reject X.509 certificate strings with embedded NUL characters
These could, at least in theory, be used to generate unexpected common
name or subject alternative name matches should a CA sign strings with
NUL (C string termination) in them. For now, just reject the certificate
if an embedded NUL is detected. In theory, all the comparison routines
could be made to compare these strings as binary blobs (with additional
X.509 rules to handle some exceptions) and display NUL characters
somehow. Anyway, just rejecting the certificate will get rid of
potential problems with the C string getting terminated and it should
not really be used in certificates, so this should not break valid use
cases.
2009-08-23 21:00:38 +03:00
Jouni Malinen
9932c17fc8 Sync with linux/nl80211.h from wireless-testing.git 2009-08-18 11:33:40 +03:00
Jouni Malinen
1ba787b954 Remove unneeded aes_i.h inclusion from number of places
The BLOCK_SIZE define can be made more specific by using AES_ prefix and
by moving it to aes.h. After this, most aes-*.c do not really need to
include anything from the internal aes_i.h header file. In other words,
aes_i.h can now be used only for the code that uses the internal AES
block operation implementation and none of the code that can use AES
implementation from an external library do not need to include this
header file.
2009-08-17 20:27:25 +03:00
Jouni Malinen
04b6b3ed51 Verify that EAPOL-Key MIC generation succeeds
This can now fail, e.g., if trying to use TKIP in FIPS mode.
2009-08-16 22:35:15 +03:00
Jouni Malinen
7a215dfc2b Verify that RC4 operation succeeds 2009-08-16 22:28:40 +03:00
Jouni Malinen
108f9dd49b Fix crypto_cipher_init() EVP initialization
Better not specify EVP_CIPHER again for the second init call since that
will override key length with the default value. The previous version
was likely to work since most use cases would be likely to use the
default key length. Anyway, better make this handle variable length
ciphers (mainly, RC4), too, just in case it is needed in the future.
2009-08-16 22:26:59 +03:00
Jouni Malinen
7cba52d852 Use OpenSSL for RC4 instead of internal implementation 2009-08-16 22:26:13 +03:00
Jouni Malinen
ac73690c06 Move RC4 into crypto.h as a replaceable crypto function
This allows crypto library wrappers to override the internal RC4
implementation in the same way as can already be done for other crypto
algorithms.
2009-08-16 20:13:14 +03:00
Jouni Malinen
8ef1683115 Remove rc4() wrapper
This is not really of that much use since rc4_skip() can be used as
easily. In addition, rc4 has caused some symbol conflicts in the past,
so it is easier to live without that as an exported symbol.
2009-08-16 19:57:50 +03:00
Jouni Malinen
1d5ed36e7c Fix build with non-FIPS capable OpenSSL 2009-08-16 19:56:33 +03:00
Jouni Malinen
c5f6ad5766 Verify CHAP/MSCHAPv2 return code
Check the return code in some (but not yet all) places where the
functions from ms_funcs.c are used.
2009-08-16 19:07:57 +03:00
Jouni Malinen
ff916b9df7 Allow non-FIPS MD5 to be used with TLS PRF even in FIPS mode
This is allowed per FIPS1402IG.pdf since the TLS PRF depends fully on
both MD5 and SHA-1.
2009-08-16 18:56:48 +03:00
Jouni Malinen
be299ca4ce Pass digest return value to CHAP/MSCHAPv2 caller 2009-08-16 18:38:35 +03:00
Jouni Malinen
76f04b38b0 Preliminary support for FIPS mode operation with OpenSSL
wpa_supplicant can now be built with FIPS capable OpenSSL for FIPS mode
operation. Currently, this is only enabling the FIPS mode in OpenSSL
without providing any higher level enforcement in wpa_supplicant.
Consequently, invalid configuration will fail during the authentication
run. Proper configuration (e.g., WPA2-Enterprise with EAP-TLS) allows
the connection to be completed.
2009-08-16 14:24:22 +03:00
Jouni Malinen
6d503f67e3 Pass error values from digest calls to ms_funcs callers
These function calls can now fail, so better let the caller know if that
happened.
2009-08-16 14:18:59 +03:00
Jouni Malinen
1430ba9b7e OpenSSL: Use library version of SHA256
There is no need to use the internal SHA256 implementation when using
OpenSSL.
2009-08-16 14:15:36 +03:00
Jouni Malinen
4b77bf2a40 OpenSSL: Use EVP_Digest*() functions
Instead of using low level, digest-specific functions, use the generic
EVP interface for digest functions. In addition, report OpenSSL errors
in more detail.
2009-08-16 14:12:06 +03:00
Jouni Malinen
0a5d68aba5 Make hash functions return error value
Some crypto libraries can return in these functions (e.g., if a specific
hash function is disabled), so we better provide the caller a chance to
check whether the call failed. The return values are not yet used
anywhere, but they will be needed for future changes.
2009-08-16 14:06:00 +03:00
Jouni Malinen
e1ffdfc18b Enable SHA256 digest support in OpenSSL
This is needed to allow X.509 certificates with SHA256 digest to be
used. [Bug 323]
2009-08-16 10:25:13 +03:00
Jouni Malinen
1b8409a0a5 Support PEM format RSA private key with internal TLS implementation 2009-08-16 09:34:21 +03:00
Masashi Honma
d43430d43d NetBSD: Fix wired IEEE 802.1X problem
On NetBSD 5.0, when I use wired 802.1X, "Invalid argument" occurs
on SIOCADDMULTI ioctl and 802.1X fails.

I tried FreeBSD code, but "Address family not supported by protocol family"
occurs on SIOCADDMULTI ioctl and 802.1X fails, too.

This patch solves this issue.

I have tested with these:
OS : NetBSD 5.0
EAP : EAP-MD5
Switch : CentreCOM 8724SL
2009-08-15 20:59:16 +03:00
Jouni Malinen
ba30964b60 Force rebuilding of src/drivers between hostapd and wpa_supplicant
This is a (hopefully) temporary workaround to allow the same source code
tree to be used for building hostapd and wpa_supplicant without having
to manually force recompilation of some files. Currently, some of the
driver wrapper files need to be built separately for hostapd and
wpa_supplicant (#ifdef's in the files based on AP functionality).

This is somewhat racy as far as parallel make execution is concerned,
i.e., it may be necessary to run "make -j#" twice (plain "make" works
fine. Since this is supposed to be a temporary workaround, there is not
much point in trying to fix this with any more complex make processing.
2009-08-14 20:40:37 +03:00
Johannes Berg
e7cd16cac5 Create a common drivers makefile snippet
Instead of having all driver stuff collected across wpa_supplicant
and hostapd, create a common snippet that they both include and
that handles the build configuration.
2009-08-14 19:53:27 +03:00
Jouni Malinen
6b23b70445 Avoid a theoretical integer overflow in base64_encode()
If base64_encode() were to be used with a huge data array, the
previous version could have resulted in overwriting the allocated
buffer due to an integer overflow as pointed out in
http://www.freebsd.org/cgi/query-pr.cgi?pr=137484. However, there
are no know use cases in hostapd or wpa_supplicant that would do that.
Anyway, the recommended change looks reasonable and provides additional
protection should the base64_encode() function be used for something
else in the future.
2009-08-13 16:36:41 +03:00
Johannes Berg
4c9e03e0b2 Crypto build cleanup: remove CONFIG_NO_AES_*
Instead of using a defines and conditional building of AES parts,
move the conditional functionality into separate files.
2009-08-13 11:40:28 +03:00
Johannes Berg
6b5c4c3359 Remove some more crypto ifdef, fix a few small bugs 2009-08-13 11:28:03 +03:00
Johannes Berg
27da6d4a0e Crypto build cleanup: remove CONFIG_NO_AES_ENCRYPT
Instead of using a define and conditional building of AES parts,
move the AES encryption routines into a separate file.
2009-08-13 11:21:32 +03:00
Johannes Berg
381fcbc9f4 Crypto build cleanup: remove CONFIG_NO_AES_DECRYPT
Instead of using a define and conditional building of AES parts,
move the AES decryption routines into a separate file.
2009-08-13 11:16:21 +03:00
Johannes Berg
18abe7acb0 Crypto build cleanup: remove CONFIG_NO_PBKDF2
Instead of using a define and conditional building of sha1.c parts,
move the PBKDF2 implementation into a separate file.
2009-08-11 20:31:39 +03:00
Johannes Berg
d9feab18fc Crypto build cleanup: remove CONFIG_NO_TLS_PRF
Instead of using a define and conditional building of sha1.c parts,
move the TLS PRF implementation into a separate file.
2009-08-11 20:24:06 +03:00
Johannes Berg
6f693b5d0b Crypto build cleanup: remove CONFIG_NO_T_PRF
Instead of using a define and conditional building of sha1.c parts,
move the T-PRF implementation into a separate file.
2009-08-11 20:19:37 +03:00
Johannes Berg
05edfe2994 Crypto build cleanup: remove NEED_FIPS186_2_PRF
Instead of using a define and conditional building of crypto wrapper
parts, move the FIPS 186-2 PRF implementation into separate files.
2009-08-11 20:06:23 +03:00
Johannes Berg
ad01a5315e Crypto build cleanup: remove INTERNAL_MD5
Instead of using a define and conditional building of md5.c parts,
move the internal-MD5 into a separate file.
2009-07-28 21:36:13 +03:00
Johannes Berg
bd4e28950d Crypto build cleanup: remove INTERNAL_MD4
In addition, rename md4.c to md4-internal.c to match in style with
SHA-1 conditionally built internal implementation.
2009-07-28 21:27:02 +03:00
Johannes Berg
598a792d8c Crypto build cleanup: remove INTERNAL_SHA256
Instead of using a define and conditional building of sha256.c parts,
move the internal-SHA256 into a separate file.
2009-07-28 21:20:04 +03:00
Johannes Berg
246157cba6 Crypto build cleanup: remove INTERNAL_AES
In addition, rename aes.c to aes-internal.c to match in style with
SHA-1 conditionally built internal implementation.
2009-07-28 21:09:57 +03:00
Johannes Berg
657f038102 Crypto build cleanup: remove INTERNAL_DES
In addition, rename des.c to des-internal.c to match in style with
SHA-1 conditionally built internal implementation.
2009-07-28 21:00:44 +03:00
Johannes Berg
928a50a355 Crypto build cleanup: remove INTERNAL_SHA1
Instead of using a define and conditional building of sha1.c parts,
move the internal-SHA-1 into a separate file.
2009-07-28 20:47:04 +03:00
Johannes Berg
849ef835a7 nl80211: Fix WEP key configuration
Current wpa_supplicant has a bug with WEP keys, it adds a zero-length
sequence counter field to netlink which the kernel doesn't accept.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2009-07-26 21:22:55 +03:00
Johannes Berg
7a47d567cf hostapd: fix auth encryption
hostapd currently tries to encrypt all auth frames,
except for "OPEN" and "SHARED with transaction 3".
This means that it will send an encrypted "unknown
auth algorithm" reply for all other algorithsm. Fix
this by changing the logic to only encrypt shared
key auth frames with transaction 3.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2009-07-26 21:15:47 +03:00
Jon Loeliger
2e8eac2d67 Allow wpa_supplicant to use libnl-2.0
Change existing CONFIG_LIBNL20 compatibility code in
driver_nl80211.c to be used by both wpa_supplicant
and hostapd, but take care of nl_handle too now.

Propagate CONFIG_LIBNL20 out of .config file and onto
CFLAGS in the Makefile.

Use libnl-gen now too.

Signed-off-by: Jon Loeliger <jdl@bigfootnetworks.com>
---
2009-07-25 17:21:52 +03:00
Ryuji
1c5a1aa51c Fix EAP-TNC peer memory leak on an error path 2009-06-30 19:39:13 +03:00
Jouni Malinen
064bb8232c Add root .gitignore file to cleanup ignore lists
This removes need for local configuration to ignore *.o and *~
and allows the src/*/.gitignore files to be removed (subdirectories
will inherit the rules from the root .gitignore).
2009-06-29 21:47:19 +03:00
Jouni Malinen
f141be0caf EAP-SIM peer: Remove AT_NOTIFICATION from Notification response
This attribute is not supposed to be used in the response frame (i.e.,
it is only in the EAP-Request/SIM-Notification frame) per RFC 4186
chapters 10.1 and 9.9. This is a minor bug since the server is required
to ignore the contents of the EAP-Response/SIM-Notification during
protected result indication per chapter 6.2.

EAP-AKA peer was already following the similar specification in RFC 4187,
but this was somehow missed in the EAP-SIM peer implementation.
2009-06-29 21:42:29 +03:00
Jouni Malinen
2b16c01c4e Rename variable to avoid gcc warning about shadowed names 2009-06-29 21:26:48 +03:00
Jouni Malinen
3fed6f2504 Replace hostapd_wps_probe_req_rx() with more generic ProbeReq notifier
The driver wrappers should not need to include wps_hostapd.h, so let's
make this easier by introducing a driver callback for reporting Probe
Request frames.
2009-06-12 17:31:43 +03:00
Jouni Malinen
efe22727da X.509: Add parsing of alternative name to internal TLS implementation
The alternative name extensions are now parsed, but the actual values
are not yet used for alt. subject name matching.
2009-06-11 23:47:35 +03:00
Jouni Malinen
4625a47f4b WPS: Change wpa_supplicant wps_reg to not send out M8
Since we do not currently support changing the AP settings received
from M7, there is no point in actually sending out the M8 that would
likely trigger the AP to reconfigure itself and potentially reboot.
For now, we just receive the AP settings in M7 and add a local network
configuration block based on those, but NACK the message. This makes
wps_reg work like wps_pin, but by using the AP PIN instead of a client
PIN.
2009-06-10 15:53:35 +03:00
Roy Marples
a5b73cc49d driver_bsd.c: Use new MLME method of association.
Old way does not work with all drivers on NetBSD and FreeBSD are
also using this so should be a safe change. [Bug 312]

Signed-off-by: Roy Marples <roy@marples.name>
2009-05-29 22:41:43 +03:00
Roy Marples
66d4085f0a driver_bsd.c: Reduce code duplication between hostapd and wpa_supplicant
Add generic functions to get/set 80211 vars, set 80211 params and
get/sid ssid.
Change NetBSD defines to match the ioctl used for portability.
Check size we're copying into instead of assuming IFNAMSIZ.

Signed-off-by: Roy Marples <roy@marples.name>
2009-05-29 22:38:55 +03:00
Jouni Malinen
92e63aafdc bsd: Get rid of printf size_t warnings with 64-bit builds 2009-05-29 22:34:07 +03:00
Karl Hiramoto
a35187e71a hostapd: nl80211 retry creating a interface if it fails the first time
If hostapd segfaults, or is killed with -9, or the interface already exists,
when the interface is created, it will fail.

Configuration file: /tmp/hostapd/hostapd.conf
Failed to create interface mon.wlan0_0.
Using interface wlan0_0 with hwaddr 00:13:01:01:08:0a and ssid 'IG_0405_LAN'
Failed to set beacon head/tail or DTIM period
Failed to create interface wlan0_1.

Try to remove the interface and re-create it before aborting.
2009-05-29 21:48:19 +03:00
Dan Williams
2976121955 wext: disconnect at init and deinit
To ensure the supplicant starts and ends with a clean slate (keys are
already cleaned up at init and deinit time), force a null BSSID and
bogus SSID to ensure the driver isn't connected to anything.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2009-05-27 21:01:26 +03:00
Dan Williams
87d01acfeb wext: Fix deauthentication to do IW_MLME_DEAUTH prior to disconnect
4853d5ac84 had a small bug in the order
of these function calls in _wext_deauthenticate() (_disassociate()
did have the correct order). The deauthentication frame is supposed
to go out (if driver supports that) before we disconnect more
forcefully.
2009-05-27 20:57:29 +03:00