Commit graph

269 commits

Author SHA1 Message Date
Jouni Malinen
ad08c3633c Added preliminary Wi-Fi Protected Setup (WPS) implementation
This adds WPS support for both hostapd and wpa_supplicant. Both programs
can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN
methods are supported.

Currently, hostapd has more complete configuration option for WPS
parameters and wpa_supplicant configuration style will likely change in
the future. External Registrars are not yet supported in hostapd or
wpa_supplicant. While wpa_supplicant has initial support for acting as
an Registrar to configure an AP, this is still using number of hardcoded
parameters which will need to be made configurable for proper operation.
2008-11-23 19:34:26 +02:00
Jouke Witteveen
e519314ee9 Add RoboSwitch driver interface for wpa_supplicant
Find attached the patch that creates a new driver: roboswitch. This
driver adds support for wired authentication with a Broadcom
RoboSwitch chipset. For example it is now possible to do wired
authentication with a Linksys WRT54G router running OpenWRT.

LIMITATIONS
- At the moment the driver does not support the BCM5365 series (though
adding it requires just some register tweaks).
- The driver is also limited to Linux (this is a far more technical
restriction).
- In order to compile against a 2.4 series you need to edit
include/linux/mii.h and change all references to "u16" in "__u16". I
have submitted a patch upstream that will fix this in a future version
of the 2.4 kernel. [These modifications (and more) are now included in
the kernel source and can be found in versions 2.4.37-rc2 and up.]

USAGE
- Usage is similar to the wired driver. Choose the interfacename of
the vlan that contains your desired authentication port on the router.
This name must be formatted as <interface>.<vlan>, which is the
default on all systems I know.
2008-11-18 16:30:32 +02:00
Jouni Malinen
46690a3b9b Added an optional mitigation mechanism for certain attacks against TKIP by
delaying Michael MIC error reports by a random amount of time between 0 and
60 seconds if multiple Michael MIC failures are detected with the same PTK
(i.e., the Authenticator does not rekey PTK on first failure report). This
is disabled by default and can be enabled with a build option
CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config.

This may help in making a chopchop attack take much longer time by forcing
the attacker to wait 60 seconds before knowing whether a modified frame
resulted in a MIC failure.
2008-11-08 04:43:12 +02:00
Jouni Malinen
81eec387dd Added Milenage-GSM simulator for EAP-SIM
CONFIG_SIM_SIMULATOR=y in .config and password="Ki:OPc" in network config
to enable.
2008-11-06 04:21:32 +02:00
Jouni Malinen
2a24bb3199 Added Milenage USIM emulator for EAP-AKA (can be used to simulate test
USIM card with a known private key; enable with CONFIG_USIM_SIMULATOR in
.config and password="Ki:OPc:SQN" in network configuration).
2008-11-05 23:02:13 +02:00
Jouni Malinen
1add3c3387 Use the common ieee802_11_parse_elems() implementations for mlme.c 2008-10-29 21:57:01 +02:00
Jouni Malinen
1d8ce433c9 Internal X.509/TLSv1: Support SHA-256 in X.509 certificate digest 2008-08-16 11:21:22 +03:00
Jouni Malinen
1c8735848d nl80211: Preliminary code for usermode MLME support
This adds some parts needed to use usermode MLME with the current mac80211
(plus a patch to add a new cfg80211 command; not yet submitted to
wireless-testing). This version creates a monitor interface for management
frames and is able to send Probe Request frames during scan. However, it
looks like management frame reception is not yet working properly. In
addition, mlme_{add,remove}_sta() handlers are still missing.
2008-08-15 22:14:49 +03:00
Jouni Malinen
6724f4d07a Fixed MinGW build without CONFIG_NDIS_EVENTS_INTEGRATED defined 2008-08-10 18:11:41 +03:00
Jouni Malinen
2eeaa5c9d0 EAP-PEAP: Moved the common peap_prfplus() function into a shared file 2008-06-09 10:32:12 +03:00
Jouni Malinen
3f5285e852 Added a preliminary nl80211/cfg80211 driver interface for wpa_supplicant
driver_nl80211.c is based on driver_wext.c and it is still using Linux
wireless extensions for many functions. Over time, the new driver interface
code should be modified to use nl80211/cfg80211 for everything.
2008-06-06 16:55:42 +03:00
Jouni Malinen
b95394c66f Combined internal LibTomMath configuration into one option
CONFIG_INTERNAL_LIBTOMMATH_FAST=y in .config can now be used to enable all
optimized routines at a cost of about 4 kB. This is small enough increase
in size to justify simplified configuration.
2008-06-06 10:21:28 +03:00
Jouni Malinen
ec0205a87a Added an option to build internal LibTomMath with faster div routine
At the cost of about 1 kB of additional binary size, the internal
LibTomMath can be configured to include faster div routine to speed up DH
and RSA. This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_DIV=y in
.config.
2008-06-06 10:11:17 +03:00
Jouni Malinen
c5f5c91aeb Add faster, optional sqr routine for internal LibTomMath
At the cost of about 0.5 kB of additional binary size, the internal
LibTomMath can be configured to include faster sqr routine to speed up DH
and RSA. This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_SQR=y in
.config.
2008-06-05 18:33:46 +03:00
Jouni Malinen
8ccc0402b2 Internal LibTomMath: add optional support for Montgomery reduction
Add a cost of about 2.5 kB of additional cost, the internal LibTomMath can
be configured to include fast exptmod routine to speed up DH and RSA.
This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_EXPTMOD=y in
.config.
2008-06-04 11:57:55 +03:00
Jouni Malinen
0ac0e4df1c EAP-PEAP: Moved EAP-TLV processing into eap_peap.c
EAP-PEAP was the only method that used the external eap_tlv.c peer
implementation. This worked fine just for the simple protected result
notification, but extending the TLV support for cryptobinding etc. is not
trivial with such separation. With the TLV processing integrated into
eap_peap.c, all the needed information is now available for using
additional TLVs.
2008-03-18 11:26:17 +02:00
Masakazu Mokuno
b5a357b476 Add support for PS3 Linux wireless driver
This adds support for PS3 wireless to wpa_supplicant.

Although PS3 wireless driver is designed to conform the WEXT standard
as much as possible, unfortunately the wext driver wrapper of
wpa_supplicant can not support PS3 wireless fully because:

 - PS3 wireless driver uses private WEXT ioctls for accepting PSK of
   WPA-Personal from the userland.
   WEXT does not specify the way to do it.

 - The association and 4-way handshake are done by PS3 virtual
   wireless device. The guest OSes can not interfere it.

 - No EAPOL frames are allowed to go outside of the
   hypervisor/firmware nor come from. They are eaten by the firmware.

Thus I needed to make a new driver wrapper for PS3 wireless.

This patch can be applied against the latest 0.6.x tree.

Signed-off-by: Masakazu Mokuno <mokuno@sm.sony.co.jp>
2008-03-13 19:00:37 +02:00
Jouni Malinen
a4819630f6 EAP-FAST: Added shared helper functions for building TLVs 2008-02-27 17:56:30 -08:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00