Commit graph

297 commits

Author SHA1 Message Date
Jouni Malinen
4cb0dcd92d Fix IEEE 802.11r key derivation function to match with the standard
IEEE Std 802.11r-2008, 8.5.1.5.2 starts the 'i' counter from 1, not 0.
Note: this breaks interoperability with previous versions. [Bug 303]
2009-03-19 15:46:00 +02:00
Jouni Malinen
c5aaa01562 Detach ctrl_iface monitor if the client socket is removed
No need to wait for 10 errors when using UNIX domain socket; we can
detach the client immediately on ENOENT.
2009-03-17 16:56:30 +02:00
Jouni Malinen
babfbf15cc FT: Add RIC Request generation and validation (but not processing)
This adds first part of FT resource request as part of Reassocition
Request frame (i.e., FT Protocol, not FT Resource Request Protocol).
wpa_supplicant can generate a test resource request when driver_test.c
is used with internal MLME code and hostapd can verify the FTIE MIC
properly with the included RIC Request.

The actual RIC Request IEs are not processed yet and hostapd does not
yet reply with RIC Response (nor would wpa_supplicant be able to
validate the FTIE MIC for a frame with RIC Response).
2009-03-09 20:45:17 +02:00
Jouni Malinen
58d1f6d189 Fix EAP-FAST only build to include the needed EAPOL implementation 2009-03-08 11:29:31 +02:00
Jouni Malinen
c472ef754d driver_ndis: Add PAE group address to the multicast address
This is done with wired interfaces to fix IEEE 802.1X authentication
when the authenticator uses the group address (which should be happening
with wired Ethernet authentication).

This allows wpa_supplicant to complete wired authentication successfully
on Vista with a NDIS 6 driver, but the change is likely needed for
Windows XP, too.
2009-03-07 23:10:41 +02:00
Jouni Malinen
4ef1e644eb Determiner whether driver is wired at runtime based on capabilities
Do not use just the driver name for this since driver_ndis.c supports
both wired and wireless NDIS drivers and needs to indicate the driver
type after initialization.
2009-03-07 22:05:43 +02:00
Jouni Malinen
ed843aaa33 WMM-AC: Fix hostapd processing of ADDTS Request and add test code
Calculate the estimated medium time using integer variables since there
is no real need to use floating point arithmetics here. In addition,
make sure there is no division by zero regardless of how invalid the
request from the station is. Reject invalid parameters and refuse
requests that would take most of the bandwidth by themselves.

Add test code into wpa_supplicant mlme.c to allow WMM-AC negotiation to
be tested with driver_test.
2009-03-06 20:15:00 +02:00
Jouni Malinen
5c3dd4ebbe Enable WMM support in the test MLME code
This allows driver_test to be used to test WMM negotiation.
2009-03-06 17:28:00 +02:00
Jouni Malinen
9cf548c082 Allow PN531_PATH to be overriden from .config 2009-03-06 16:25:48 +02:00
Masashi Honma
e1ee6b600b WPS: Add support for NFC out-of-band mechanism
The new file wps_nfc.c and ndef.c implements NFC device independent
operation, wps_nfc_pn531.c implements NFC device dependent operation.

This patch is only for the following use case:
- Enrollee = wpa_supplicant
- Registrar = hostapd internal Registrar

Following NFC methods can be used:
- Enrollee PIN with NFC
- Registrar PIN with NFC
- unencrypted credential with NFC

Encrypted credentials are not supported.

Enrollee side operation:

Registrar side operation:

Example configuration.
CONFIG_WPS=y
CONFIG_WPS_NFC=y
CONFIG_WPS_NFC_PN531=y

I used NFC device "NXP PN531". The NFC device access method is
confidential, so I used outer library. Please download below files from
https://www.saice-wpsnfc.bz/index.php

[WPS NFC Library]
WpsNfcLibrary/WpsNfc.h
WpsNfcLibrary/WpsNfcType.h
WpsNfcLibrary/WpsNfcVersion.h
WpsNfcLibrary/linux/libnfc_mapping_pn53x.dll
WpsNfcLibrary/linux/wpsnfc.dll

[NFC Reader/Writer Kernel Driver]
NFCKernelDriver-1.0.3/linux/kobj/sonyrw.ko

<WiFi test>
The hostapd/wpa_supplicant with this patch passed below tests on
"Wi-Fi WPS Test Plan Version 1.6".
4.2.5 Add device using NFC Method with password token
(I used SONY STA instead of NXP STA.)

4.2.6 Add device using NFC Method with configuration token

5.1.9 Add to AP using NFC Method with password token
through internal registrar
(I used SONY AP instead of NXP AP.)

5.1.10 Add to AP using NFC Method with configuration token
through internal registrar
2009-03-06 16:16:22 +02:00
Jouni Malinen
7cc1b6c900 WPS: Add a workaround for TKIP/CCMP mixed mode credentials
Many deployed APs do not handle negotiation of security parameters well
when both TKIP and CCMP (or both WPA and WPA2) are enabled. The most
common end result seems to be ending up with the least secure option..

As a workaround, check whether the AP advertises WPA2/CCMP in Beacon
frames and add those options for the credential if needed. This allows
the client to select the most secure configuration regardless of how
broken the AP's WPS implementation is as far as auth/encr type
negotiation is concerned.
2009-03-05 21:39:39 +02:00
Jouni Malinen
77ac446621 Fix MLME build after WMM renames 2009-03-05 15:56:51 +02:00
Sam Leffler
a83d9c9652 Add build option CONFIG_TERMINATE_ONLASTIF
This makes wpa_supplicant terminate automatically if the configured
interface(s) disappear.
2009-03-02 21:57:00 +02:00
Sam Leffler
daa70d49de Add support for wpa_supplicant syslog output
Enable for build: CFLAGS += -DCONFIG_DEBUG_SYSLOG in .config
Enable at runtime: -s on command line
2009-03-02 21:40:44 +02:00
Jouni Malinen
049a292f89 Fix builds that need SHA256 or mod_exp, but not TLS functions 2009-02-27 17:46:40 +02:00
Jouni Malinen
f4c617ee4c WPS UFD: Add entry to ChangeLog 2009-02-26 22:10:50 +02:00
Jouni Malinen
116f7bb0a3 WPS UFD: Build OOB functionality only if UFD is enabled 2009-02-26 22:10:21 +02:00
Jouni Malinen
d5e2b2d274 WPS UFD: Use pre-configured DH keys only with OOB
The old behavior of generating new DH keys can be maintained for non-OOB
cases and only OOB (in this case, with UFD) will use the pre-configured
DH keys to allow the public key hash to be checked.
2009-02-26 22:09:35 +02:00
Jouni Malinen
7cbf51bbd8 WPS UFD: Remove oob_dev pointer from wps_context
This pointer and the especially the oob_dev->device_path does not remain
valid, so better not save it any longer than it is needed.
2009-02-26 22:07:55 +02:00
Jouni Malinen
390cd3105d WPS UFD: Make build conditional on CONFIG_WPS_UFD=y
Not all embedded devices have USB interface and it is useful to be able
to remove unneeded functionality from the binary. In addition, the
current implementation has some UNIX specific calls in it which may make
it not compile cleanly on all target systems.
2009-02-26 22:01:36 +02:00
Masashi Honma
46bdb83acd WPS: Add UFD support (USBA out-of-band mechanism)
This patch is only for the following use case:
- Enrollee = wpa_supplicant
- Registrar = hostapd internal Registrar

Following UFD methods can be used:
- Enrollee PIN with UFD
- Registrar PIN with UFD
- unencrypted credential with UFD

Encrypted credentials are not supported.

Enrollee side operation:
wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r

Registrar side operation:
./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 21:57:38 +02:00
Andriy Tkachuk
522b5b6ed3 WPS: Fix WEP key index to use 1..4 instead of 0..3
It seems that WFA WPS spec says that default key index should be 1 (not
0). I think this meas that WEP key indexes region is not from 0 to 3,
but from 1 to 4 in WPS. At least WRT610N implemented it this way.
2009-02-18 19:58:44 +02:00
Jouni Malinen
7c2849d2a0 Add BSS flags to scan results to indicate signal quality validity
These flags are used to mark which values (level, noise, qual) are
invalid (not available from the driver) and whether level is using dBm.
D-Bus interface will now only report the values that were available.
2009-02-18 13:40:38 +02:00
Andriy Tkachuk
4b195a1bc9 WPS: support WEP keys in hex characters format in received credentials
Attached patch makes wpa_supplicant support WEP keys in hex characters
format in received credentials from Registrars (tested with WRT610N).
2009-02-17 10:30:43 +02:00
Andriy Tkachuk
0632542b8b WPS: support registration with APs in WEP security mode
Attached patch fixes the issue when supplicant does not select APs in
WEP security mode for WPS registration.
2009-02-17 10:17:24 +02:00
Jouni Malinen
84992a8fb4 Updated to-do list for wpa_supplicant
No point in using time with Host AP driver optimizations anymore.
Note another race condition with 4-way handshake (and PTK config to
driver).
2009-02-16 20:50:55 +02:00
Jouni Malinen
caf3159831 Update nmake.mak to match with current files 2009-02-15 18:35:23 +02:00
Jouni Malinen
c511c8c6e0 Avoid using #ifdef inside printf string
This makes it easier to use a preprocessor macro for printf.
2009-02-15 14:35:30 +02:00
Daniel Mierswa
d94d4bafbb Improved 'make install' (use BINDIR/LIBDIR, install shared objects) 2009-02-15 14:22:50 +02:00
Daniel Mierswa
6301cc5d38 Allow the privsep driver to pass the set_country to the real driver 2009-02-15 14:13:27 +02:00
Jouni Malinen
ba2a573c5f Rename "broadcast SSID" to "wildcard SSID"
"Wildcard SSID" is the term used in IEEE Std 802.11-2007, so it is a
better name for the zero-length SSID used in Probe Request.
2009-02-14 22:21:17 +02:00
Jouni Malinen
6a1063e008 driver_nl80211: Add support for multi-SSID scan requests 2009-02-14 21:17:46 +02:00
Jouni Malinen
e76baaac0c Add support for multi-SSID scan requests
If the driver reports support for more than one SSID per scan request,
optimize scan_ssid=1 operations in ap_scan=1 mode. This speeds up
scanning whenever scan_ssid=1 is used since the broadcast SSID can be
included in every scan request and if driver supports more than two
SSIDs in the scan request, the benefits are even larger when multiple
networks have been configured with ap_scan=1.

This is also cleaning up wpa_supplicant_scan() function by moving code
around so that the SSID list is not processed unnecessarily if the
operation mode does not need this.
2009-02-14 20:59:26 +02:00
Jouni Malinen
fc2b7ed5f3 Add extended driver scan request command: driver_ops::scan2()
This can be used to provide support for scanning multiple SSIDs at a
time to optimize scan_ssid=1 operations. In addition, Probe Request IEs
will be available to scan2() (e.g., for WPS PBC scanning).
2009-02-14 17:01:32 +02:00
Jouni Malinen
362f781e1c Allow multiple driver wrappers to be specified on command line
For example, -Dnl80211,wext could be used to automatically select
between nl80211 and wext. The first driver wrapper that is able to
initialize the interface will be used.
2009-02-14 16:43:43 +02:00
Jouni Malinen
80bc75f135 New driver capability info: max number of scan SSIDs
The driver wrappers can now inform wpa_supplicant how many SSIDs can
be used in a single scan request (i.e., send multiple Probe Requests
per channel). This value is not yet used, but it can eventually be used
to allow a new scan command to specify multiple SSIDs to speed up
scan_ssid=1 operations. In addition, a warning could be printed if
scan_ssid=1 is used with a driver that does not support it
(max_scan_ssids=0).
2009-02-12 22:05:32 +02:00
Jouni Malinen
f6190d376d Removed an obsolete comment about use of external program for EAP 2009-02-11 22:35:27 +02:00
Jouni Malinen
ec1020512c wpa_gui-qt4: Add support for selecting between WEP open/shared key auth
Split the auth=none option into three: open, WEP, WEP with shared key to
allow the user specify WEP with shared key authentication. In addition,
fix static WEP key edits to be enabled only when using static WEP keys
(i.e., not for IEEE 802.1X).
2009-02-10 15:26:26 +02:00
Jouni Malinen
4225097c5a Fix test-sha256 build 2009-02-10 14:31:27 +02:00
Jouni Malinen
073ab58ff5 Fixed a copy-paste error in a function documentation 2009-02-10 11:45:17 +02:00
Helmut Schaa
c3f5b1e16d Send a dbus reply only if requested by the caller
wpa_supplicant should not send a dbus reply as response to a method call
if no reply was requested by the caller. Sending a reply even if not
requested is basically no problem but triggers dbus warnings like the
one below.

Feb  9 07:31:23 linux-gvjr dbus-daemon: Rejected send message, 2 matched
rules; type="error", sender=":1.129" (uid=0 pid=30228
comm="/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wp")
interface="(unset)" member="(unset)" error
name="fi.epitest.hostap.WPASupplicant.InvalidInterface"
requested_reply=0 destination=":1.128" (uid=0 pid=30226
comm="/usr/sbin/NetworkManager "))

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2009-02-09 19:45:06 +02:00
Jouni Malinen
53c256a476 Fix MinGW build with CONFIG_EAP_TNC=y
MinGW does not use -ldl so do not add this unconditionally.
2009-02-08 12:47:28 +02:00
Jouni Malinen
96c7c3072d Fix privsep build with CONFIG_CLIENT_MLME=y
Add wpa_supplicant_sta_free_hw_features() and wpa_supplicant_sta_rx()
for driver wrappers in wpa_priv.
2009-02-07 10:30:32 +02:00
Daniel Mierswa
716d543d5c Include wpabuf.o in wpa_priv build
If you choose to use CONFIG_PRIVSEP=y, the wpabuf functions seem to
miss. The attached patch is against trunk and should probably fix it.
2009-02-07 10:19:28 +02:00
Jouni Malinen
6dbcd00912 Removed CONFIG_EAP_WSC=dyn option
Build EAP-WSC dynamically does not make much sense and with the
dependencies to WPS code from number of places resolving this is not
trivial. It is simpler to just remove this option.
2009-02-07 10:09:49 +02:00
Pavel Roskin
4c2660c2b0 Fix building dynamic EAP peer modules
Strip directory name from the target in the pattern rule for dynamic
modules.  Remove dynamic modules on "make clean".
2009-02-07 10:05:23 +02:00
Jouni Malinen
e1c7954d5d Added CONFIG_WPS_UPNP for wpa_supplicant tests
For now, this is just an undocumented build option to make it possible
to build ../src/wps/*.o in a way that matches with hostapd needs.
2009-02-06 13:52:30 +02:00
Daniel Mierswa
b77eab282a Explicitly link against libdl when including TNC support
If you don't choose OpenSSL as TLS implementation and choose to enable
CONFIG_EAP_TNC you have to link against libdl. The OpenSSL libraries
implicitly link against them, so this might be a reason why it wasn't
noticed yet. I assume the same applies to hostapd.
2009-02-05 19:24:16 +02:00
Jouni Malinen
a7baefda28 Fixed eapol_test linking with CONFIG_IBSS_RSN=y 2009-02-05 18:20:26 +02:00
Jouni Malinen
42f1ee7d1f Fixed scan buffer increasing with WEXT
We can now handle up to 65535 byte result buffer which is the maximum
due to WEXT using 16-bit length field. Previously, this was limited to
32768 bytes in practice even through we tried with 65536 and 131072
buffers which we just truncated into 0 in the 16-bit variable.

This more or less doubles the number of BSSes we can received from scan
results.
2009-02-05 12:00:23 +02:00