Commit graph

117 commits

Author SHA1 Message Date
Jouni Malinen
ad08c3633c Added preliminary Wi-Fi Protected Setup (WPS) implementation
This adds WPS support for both hostapd and wpa_supplicant. Both programs
can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN
methods are supported.

Currently, hostapd has more complete configuration option for WPS
parameters and wpa_supplicant configuration style will likely change in
the future. External Registrars are not yet supported in hostapd or
wpa_supplicant. While wpa_supplicant has initial support for acting as
an Registrar to configure an AP, this is still using number of hardcoded
parameters which will need to be made configurable for proper operation.
2008-11-23 19:34:26 +02:00
Jouni Malinen
6e89cc438e Preparations for 0.6.6 release 2008-11-23 17:02:06 +02:00
Jouni Malinen
2bf6a16780 Added an attribution based on the original SSLeay license for OpenSSL. 2008-11-21 15:54:35 +02:00
Jouni Malinen
1ac2d4a9ee Fixed canceling of PMKSA caching with driver generated RSN IE
It looks like some Windows NDIS drivers (e.g., Intel) do not clear the
PMKID list even when wpa_supplicant explicitly sets the list to be
empty. In such a case, the driver ends up trying to use PMKSA caching
with the AP and wpa_supplicant may not have the PMK that would be needed
to complete 4-way handshake.

RSN processing already had some code for aborting PMKSA caching by
sending EAPOL-Start. However, this was not triggered in this particular
case where the driver generates the RSN IE. With this change, this case
is included, too, and the failed PMKSA caching attempt is cleanly
canceled and wpa_supplicant can fall back to full EAP authentication.
2008-11-21 15:31:25 +02:00
Jouni Malinen
76e6f26a94 Remove the unwanted Windows console from the Windows binary version of wpa_gui 2008-11-21 14:26:11 +02:00
Jouni Malinen
3b14fb0cab Silence printf() calls in wpa_gui to avoid stdout output from a GUI program 2008-11-21 14:05:37 +02:00
Jouni Malinen
8038591be2 wpa_gui: Add a PNG version of the tray icon for Windows binary build
It looks like Qt does not support SVG format by default on Windows and
it was not trivial to add the plugin into the build, so for now, build a
16x16 PNG icon file for Windows binary to avoid showing an invisible
icon in the tray.
2008-11-21 13:58:12 +02:00
Jouni Malinen
c31a11c962 Changed PEAPv0 cryptobinding to be disabled by default
There are some interoperability issues with Windows Server 2008 NPS, so
better disable cryptobinding use by default for now.
2008-11-20 12:49:34 +02:00
Carolin Latze
98842d51ec Separate OpenSSL engine configuration for Phase 2
I fixed the engine issue in phase2 of EAP-TTLS. The problem was that you
only defined one engine variable, which was read already in phase1. I
defined some new variables:

engine2
engine2_id
pin2

and added support to read those in phase2 wheres all the engine
variables without number are only read in phase1. That solved it and I
am now able to use an engine also in EAP-TTLS phase2.
2008-11-18 16:53:32 +02:00
Jouke Witteveen
e519314ee9 Add RoboSwitch driver interface for wpa_supplicant
Find attached the patch that creates a new driver: roboswitch. This
driver adds support for wired authentication with a Broadcom
RoboSwitch chipset. For example it is now possible to do wired
authentication with a Linksys WRT54G router running OpenWRT.

LIMITATIONS
- At the moment the driver does not support the BCM5365 series (though
adding it requires just some register tweaks).
- The driver is also limited to Linux (this is a far more technical
restriction).
- In order to compile against a 2.4 series you need to edit
include/linux/mii.h and change all references to "u16" in "__u16". I
have submitted a patch upstream that will fix this in a future version
of the 2.4 kernel. [These modifications (and more) are now included in
the kernel source and can be found in versions 2.4.37-rc2 and up.]

USAGE
- Usage is similar to the wired driver. Choose the interfacename of
the vlan that contains your desired authentication port on the router.
This name must be formatted as <interface>.<vlan>, which is the
default on all systems I know.
2008-11-18 16:30:32 +02:00
Jouni Malinen
cd35db9fef Updated userspace MLME instructions for current mac80211
Remove the old code from driver_wext.c since the private ioctl interface is
never going to be used with mac80211. driver_nl80211.c has an
implementation than can be used with mac80211 (with two external patches to
enable userspace MLME configuration are still required, though).
2008-11-18 15:45:25 +02:00
Jouni Malinen
0cf03892a4 OpenSSL 0.9.9 API change for EAP-FAST session ticket overriding API
Updated OpenSSL code for EAP-FAST to use an updated version of the
session ticket overriding API that was included into the upstream
OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is
needed with that version anymore).
2008-11-16 21:29:12 +02:00
Jouni Malinen
1e8b9d2889 Updated interop results for ACS 4.2 2008-11-16 11:30:34 +02:00
Kel Modderman
efd59c96d7 wpa_gui-qt4: tweak icon Makefile
Output the xpm icons in more convenient location.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-11-11 17:41:19 +02:00
Martin Michlmayr
65db6cad23 wpa_gui-qt4: FTBFS with GCC 4.4: missing #include
GCC 4.4 cleaned up some more C++ headers.  You always have to #include
headers directly and cannot rely for things to be included indirectly.

> g++ -c -pipe -O2 -Wall -W -D_REENTRANT -DCONFIG_CTRL_IFACE
-DCONFIG_CTRL_IFACE_UNIX -DQT_NO_DEBUG -DQT_GUI_LIB -DQT_CORE_LIB -DQT_SHARED
-I/usr/share/qt4/mkspecs/linux-g++ -I. -I/usr/include/qt4/QtCore
-I/usr/include/qt4/QtCore -I/usr/include/qt4/QtGui -I/usr/include/qt4/QtGui
-I/usr/include/qt4 -I. -I.. -I../../src/utils -I../../src/common -I.moc -I.ui -o
.obj/wpagui.o wpagui.cpp
> wpagui.cpp: In constructor 'WpaGui::WpaGui(QWidget*, const char*,
Qt::WFlags)':
> wpagui.cpp:98: error: 'printf' was not declared in this scope

From: Martin Michlmayr <tbm@cyrius.com>
Bug:  http://bugs.debian.org/505041

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-11-11 17:36:37 +02:00
Jouni Malinen
46690a3b9b Added an optional mitigation mechanism for certain attacks against TKIP by
delaying Michael MIC error reports by a random amount of time between 0 and
60 seconds if multiple Michael MIC failures are detected with the same PTK
(i.e., the Authenticator does not rekey PTK on first failure report). This
is disabled by default and can be enabled with a build option
CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config.

This may help in making a chopchop attack take much longer time by forcing
the attacker to wait 60 seconds before knowing whether a modified frame
resulted in a MIC failure.
2008-11-08 04:43:12 +02:00
Jouni Malinen
fa71a1d84a Fixed EAP-AKA RES Length field in AT_RES as length in bits, not bytes 2008-11-07 08:30:34 +02:00
Jouni Malinen
581a8cde77 Added support for enforcing frequent PTK rekeying
Added a new configuration option, wpa_ptk_rekey, that can be used to
enforce frequent PTK rekeying, e.g., to mitigate some attacks against TKIP
deficiencies. This can be set either by the Authenticator (to initiate
periodic 4-way handshake to rekey PTK) or by the Supplicant (to request
Authenticator to rekey PTK).

With both wpa_ptk_rekey and wpa_group_rekey (in hostapd) set to 600, TKIP
keys will not be used for more than 10 minutes which may make some attacks
against TKIP more difficult to implement.
2008-11-06 19:57:21 +02:00
Jouni Malinen
81eec387dd Added Milenage-GSM simulator for EAP-SIM
CONFIG_SIM_SIMULATOR=y in .config and password="Ki:OPc" in network config
to enable.
2008-11-06 04:21:32 +02:00
Jouni Malinen
2a24bb3199 Added Milenage USIM emulator for EAP-AKA (can be used to simulate test
USIM card with a known private key; enable with CONFIG_USIM_SIMULATOR in
.config and password="Ki:OPc:SQN" in network configuration).
2008-11-05 23:02:13 +02:00
Jouni Malinen
988ab690ac Preparations for 0.6.5 release 2008-11-01 17:20:25 +02:00
Jouni Malinen
8caa12b46c Added a comment about VS2008EE and updated WinPcap/OpenSSL versions 2008-11-01 14:46:00 +02:00
Jouni Malinen
e3e51d9f03 Fixed ctrl_iface BSS command to fetch scan results, if needed
This makes BSS command work line SCAN_RESULTS and allows wpa_gui to get
some scan results without explicit scan results even when using ap_scan=2.
2008-11-01 14:28:34 +02:00
Jouni Malinen
b6a55236ce Updated VS2005 project files with new and removed C files 2008-11-01 13:03:09 +02:00
Jouni Malinen
3fd0b8f196 Use os_snprintf() instead of snprintf() 2008-11-01 13:02:50 +02:00
Jouni Malinen
1add3c3387 Use the common ieee802_11_parse_elems() implementations for mlme.c 2008-10-29 21:57:01 +02:00
Jouni Malinen
308a4ec81a Verify fread(), fwrite(), and system() return values
These were starting to trigger compiler warning with recent glibc header
files and gcc.
2008-10-29 19:33:24 +02:00
Jouni Malinen
8de4f2e9ba Avoid some gcc 4.3 warnings about deprecated string conversions 2008-10-14 07:39:51 +03:00
Jouni Malinen
1073e0ce46 wpa_gui-qt4: Set EAP-FAST provisioning parameters if inner method is 'any' 2008-10-07 18:53:02 +03:00
Jouni Malinen
0930209dc2 Register a quick auth timeout if EAPOL fails to avoid long waits
This may be needed if the AP does not disconnect in case of EAP-FAST
unauthenticated provisioning (EAP-Failure). Adding the local short timeout
will speed up the process in such a case by reducing the wait (which can
often be up to 60 seconds).
2008-10-02 17:27:24 +03:00
Jouni Malinen
99a10f8d2c Added debug_timestamp option to Windows registry 2008-10-02 16:26:18 +03:00
Jouni Malinen
129b4d35d4 Set update_config=1 in the example Windows registry config 2008-10-02 14:12:32 +03:00
Jouni Malinen
c08b9180cd Save config after blob updates from EAP (if update_config=1)
This allows EAP-FAST PAC updates to be stored when using config blobs
instead of external files.
2008-10-02 14:10:53 +03:00
Jouni Malinen
5373c18233 wpa_gui-qt4: Fixed phase2 format for EAP-FAST GTC+MSCHAPv2 case 2008-10-02 14:09:43 +03:00
Jouni Malinen
2e8c9a27f5 Fixed a typo 2008-10-02 12:40:24 +03:00
Jouni Malinen
4edd453933 wpa_gui-qt4: Set EAP-FAST provisioning parameters 2008-10-02 12:39:31 +03:00
Jouni Malinen
be8b1f2eb0 wpa_gui-qt4: Unset string variables instead of setting them to ""
This allows identity (etc.) variables to be removed from configuration
which is different from setting them to an empty string. For example,
EAP-SIM and EAP-AKA can now be configured to use identity string generation
from SIM/USIM by clearing the identity string in wpa_gui.
2008-10-02 12:24:57 +03:00
Jouni Malinen
b56c0546b7 Extended ctrl_iface SET_NETWORK to allow variables to be unset
Setting the value of the SET_NETWORK command to NULL (without quotation)
unsets the variable, i.e., removes it from configuration file. This is
needed to allow GUI programs to clear variables, e.g., identity for
EAP-AKA/SIM.
2008-10-02 12:16:25 +03:00
Jouni Malinen
8de594965f wpa_gui-qt4: Added support for configuring Phase 2 method 2008-10-01 16:43:36 +03:00
Jouni Malinen
78ea9702c0 Add pcsc="" to configuration for EAP-SIM and EAP-AKA
This allows real SIM/USIM cards to be used by enabling PC/SC.
2008-10-01 14:44:24 +03:00
Kel Modderman
fc0db5c916 wpa_gui-qt4: add support for starting in system tray only
Allow application to be started in the system tray only when started with
the `-t' command line argument.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-10-01 09:48:11 +03:00
Kel Modderman
66897ae779 wpa_gui-qt4: clean up closeEvent handler
When the system tray icon is created, qApp's setQuitOnLastWindowClosed
property is set to false, therefore do _not_ ignore widget close events, or
else wpa_gui will refuse to exit when the window manager is logging out.

While at it, remove WpaGui::fileExit() and connect fileExitAction to
quit().

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-10-01 09:44:58 +03:00
Jouni Malinen
91a0548210 FT: Do not call wpa_ft_prepare_auth_request() if FT is not used
This saves some extra processing for the non-FT case if FT is built in, but
not used for the association.
2008-09-29 17:28:10 +03:00
Jouni Malinen
38fa763405 Added set_mode() handler for privsep 2008-09-29 17:09:26 +03:00
Dan Williams
ec5f180a24 Add an optional set_mode() driver_ops handler for setting mode before keys
A bug just got reported as a result of this for mac80211 drivers.

https://bugzilla.redhat.com/show_bug.cgi?id=459399

The basic problem is that since taking the device down clears the keys
from the driver on many mac80211-based cards, and since the mode gets
set _after_ the keys have been set in the driver, the keys get cleared
on a mode switch and the resulting association is wrong.  The report is
about ad-hoc mode specifically, but this could happen when switching
from adhoc back to managed mode.
2008-09-29 16:45:49 +03:00
Jouni Malinen
fa2ec7eb63 Silenced compiler warnings on size_t printf format and shadowed variables 2008-09-27 10:46:06 +03:00
Jouni Malinen
9cf32261ee Split wpa_supplicant_select_bss() into three and remove odd debug message
This function was getting way too long, so let's split it into WPA and
non-WPA cases as separate functions. In addition, remove the confusing
"Try to find non-WPA AP" debug message if a WPA-enabled AP is already
selected (as reported by Andriy Tkachuk).
2008-09-26 17:24:40 +03:00
Kel Modderman
89f97a1c8d Don't bother showing a status message when returning to the system tray,
but still show a one time tray message to indicate to the user that the
program is still running in the tray if they triggered the window manager
close button.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-09-26 15:42:12 +03:00
Kel Modderman
d70028d337 wpa_gui-qt4: remove lastWindowClosed() signal handler
Do not connect lastWindowClosed() to quit(), instead explicitly close the
application if File->Exit or window manager close button is activated.
This allows the tray app to avoid being closed with last visible window,
and launch scan and event history windows individually.

Signed-off-by: Kel Modderman <kel@otaku42.de>
2008-09-25 21:12:08 +03:00
Bernard Gray
1019a696a7 wpa_gui-qt4: enhance svg icon
Enhance the wpa_gui-qt4 icon:

* removed unused layer
* moved spurious rectangle back where it belongs
* removed flat edge from top of the lower white glow object

Signed-off-by: Bernard Gray <bernard.gray@gmail.com>
2008-09-25 21:09:44 +03:00