Commit graph

1467 commits

Author SHA1 Message Date
Jouni Malinen
39eb4d0877 FT: Fix GTK subelement format in FTIE
The Key Info field was changed from 1-octet field to 2-octet field
in 802.11r/D7.0, but that had not been updated in the implementation.
2010-04-07 23:57:39 +03:00
Jouni Malinen
26e23750b9 FT: Fix FT 4-Way Handshake to include PMKR1Name in messages 2 and 3
IEEE Std 802.11r-2008, 11A.4.2 describes FT initial mobility domain
association in an RSN to include PMKR1Name in the PMKID-List field
in RSN IE in messages 2/4 and 3/4. This makes the RSN IE not be
bitwise identical with the values used in Beacon, Probe Response,
(Re)association Request frames.

The previous versions of wpa_supplicant and hostapd did not add the
PMKR1Name value in EAPOL-Key frame and did not accept it if added
(due to bitwise comparison of RSN IEs). This commit fixes the
implementation to be compliant with the standard by adding the
PMKR1Name value into EAPOL-Key messages during FT 4-Way Handshake and
by verifying that the received value matches with the value derived
locally.

This breaks interoperability with previous wpa_supplicant/hostapd
versions.
2010-04-07 21:04:13 +03:00
Jouni Malinen
738a1cb286 FT: Do not include RSN IE in (Re)Assoc Resp during initial MD association
RSN IE is only supposed to be included in Reassociation Response frames
and only when they are part of a fast BSS transition.
2010-04-07 17:27:46 +03:00
Gregory Detal
bb437f282b AP: Add wpa_msg() events for EAP server state machine 2010-04-07 11:13:14 +03:00
Jouni Malinen
68532a9ceb Avoid hostapd segfault on invalid driver association event
Running hostapd and wpa_supplicant on the same interface at the same
time is not expected to work, but it should not cause hostapd to crash.
Ignore station mode association events (no addr field) to avoid this.
2010-04-07 10:01:49 +03:00
Andriy Tkachuk
99f4ae67b7 Fix WPA/RSN IE update on reconfig with set_generic_elem()
IF WPA/RSN parameters were changed or WPA/RSN was disabled, the
WPA/RSN IE in Beacon/Probe Response frames was only update with
set_beacon(). We need to do this with set_generic_elem(), too, to
work with all driver wrappers.
2010-04-06 20:44:26 +03:00
Jouni Malinen
643743e215 WPS: Fix WPS IE update in Beacon frames for nl80211
Call ieee802_11_set_beacon() in addition to set_ap_wps_ie() when
processing WPS IE updates. This is needed with drivers that use
set_beacon() instead of set_ap_wps_ie() (i.e., nl80211).
2010-04-06 18:04:30 +03:00
Jouni Malinen
2c59362905 WPS: Add a workaround for incorrect NewWLANEventMAC format
Some ER implementation (e.g., some versions of Intel PROSet) seem to
use incorrect format for WLANEventMAC variable in PutWLANResponse.
Work around this by allowing various MAC address formats to be used
in this variable (debug message will be shown if the colon-deliminated
format specified in WFA WLANConfig 1.0 is not used).
2010-04-06 10:38:37 +03:00
Jouni Malinen
448a0a19d7 Add a more flexible version of hwaddr_aton: hwaddr_aton2()
This version of the MAC address parser allows number of different
string formats for the address (e.g., 00:11:22:33:44:55, 0011.2233.4455,
001122334455, 00-11-22-33-44-55). It returns the number of characters
used from the input string in case of success.
2010-04-06 10:37:13 +03:00
Jouni Malinen
81a658d754 FT: Re-set PTK on reassociation
It turns out that this is needed for both FT-over-DS and FT-over-air
when using mac80211, so it looks easiest to just unconditionally
re-configure the keys after reassociation when FT is used.
2010-04-04 09:34:14 +03:00
Jouni Malinen
2220821113 FT: Use bridge interface (if set) for RRB connection
This fixes receiving of RRB messages between FT APs
2010-04-04 09:31:13 +03:00
Jouni Malinen
21c9b6903e FT: Set WLAN_AUTH_FT auth_alg on FT-over-DS case
This is needed to allow reassociation processing to skip 4-way handshake
when FT-over-DS is used with an AP that has a previous association state
with the STA.
2010-04-04 09:17:57 +03:00
Jouni Malinen
d8ad6cb966 FT: Force key configuration after association in FT-over-DS
This seems to be needed at least with mac80211 when a STA is using
FT-over-DS to reassociate back to the AP when the AP still has the
previous association state.
2010-04-04 09:16:11 +03:00
Jouni Malinen
9a3cb18d74 Add AP-STA-DISCONNECT event for driver-based MLME 2010-04-04 08:14:22 +03:00
Jouni Malinen
c41a1095b5 Allow hostapd_notif_assoc() to be called with all IEs
This makes the call simpler for driver wrappers since there is no need
to parse the IEs anymore before indicating association. In addition,
this allows association processing to be extended to use other IEs
in the future.
2010-04-04 08:14:18 +03:00
Jouni Malinen
0823031750 Fix Windows compilation issues with AP mode code 2010-04-04 08:14:14 +03:00
Jouni Malinen
ade07077ec Add address to hostapd_logger output in wpa_supplicant as AP case 2010-04-04 08:14:09 +03:00
Jouni Malinen
93368ca4a2 WPS: Do not include Label in default Config Methods
This avoids conflict with both Label and Display being included at
the same time (which would make it difficult to figure out which
PIN was actually used).
2010-04-04 08:14:02 +03:00
Jouni Malinen
11356a2ab5 WPS: Fix PBC session overlap detection to use Device Password Id
Active PBC mode is indicated by Device Password Id == 4, not Config Methods
attribute.
2010-04-04 08:13:59 +03:00
Jouni Malinen
f8130b07bb driver_osx: Update set_key arguments to fix build 2010-04-04 08:13:46 +03:00
Jouni Malinen
7b1080dadd MFP: Fix IGTK PN in group rekeying
IGTK get_seqnum needs to be skipped in the same way as GTK one when
rekeying group keys. Previously, the old PN value (the one from the
previous key) was indicated and that resulted in MMIE replay detection
at the station.
2010-03-29 22:57:10 -07:00
Jouni Malinen
32d5295f9d Add a drop_sa command to allow 802.11w testing
This drops PTK and PMK without notifying the AP.
2010-03-29 15:42:04 -07:00
Jouni Malinen
358c3691cf MFP: Add SA Query Request processing in AP mode 2010-03-29 14:05:25 -07:00
Jouni Malinen
b91ab76e8c Add test commands for sending deauth/disassoc without dropping state
This can be used to test 802.11w by sending a protected or unprotected
deauth/disassoc frame.

hostapd_cli deauth <dst addr> test=<0/1>
hostapd_cli disassoc <dst addr> test=<0/1>

test=0: unprotected
test=1: protected
2010-03-29 12:01:40 -07:00
Jouni Malinen
e820cf952f MFP: Add MFPR flag into station RSN IE if 802.11w is mandatory 2010-03-29 10:48:01 -07:00
Jouni Malinen
a042f8447d Fix ctrl_iface get-STA-MIB for WPS disabled case
The previous version would crash here on NULL pointer dereference if
WPS was disabled.
2010-03-29 09:59:16 -07:00
Jouni Malinen
b625473c6c Add driver command and event for signal strength monitoring 2010-03-28 15:31:04 -07:00
Jouni Malinen
93910401c9 nl80211: Parse CQM events 2010-03-28 13:56:40 -07:00
Jouni Malinen
d43331b6ea Sync with wireless-testing.git include/linux/nl80211.h 2010-03-28 12:47:17 -07:00
Holger Schurig
2ea2fcc7e6 nl80211: Fix WEP key configuration for prior to authentication
The driver data was changed from struct wpa_driver_nl80211_data * to
struct i802_bss * and the internal call will need to match that change.
2010-03-27 22:22:17 -07:00
Jouni Malinen
03bcb0af0d Fix wpa_auth_iface_iter() to skip BSSes without Authenticator
This could cause NULL pointer deference if multi-BSS configuration
was used with OKC in some cases.
2010-03-26 23:26:24 -07:00
Jouni Malinen
9fad706c68 nl80211: Add more debug information about scan request parameters 2010-03-26 22:22:38 -07:00
Jouni Malinen
15664ad01a nl80211: Silence set_key ENOLINK failure messages on key clearing
This happens in common case and is expected, so there is no need to
include the potentially confusing failure message in the debug log.
2010-03-26 21:58:31 -07:00
Jouni Malinen
ef580012d1 FT: Fix Authorized flag setting for FT protocol
4-way handshake or EAPOL is not used in this case, so we must
force Authorized flag to be set at the conclusion of successful
FT protocol run.
2010-03-13 21:43:00 +02:00
Jouni Malinen
5d5a9f0021 FT: Clean EAPOL supp portValid to force re-entry to AUTHENTICATED
This fixed FT-over-DS to end up in Authorized state when the EAPOL
PAE state machine re-enters AUTHENTICATED.
2010-03-13 21:40:44 +02:00
Jouni Malinen
0e84c25434 FT: Fix PTK configuration in authenticator
Must update sm->pairwise when fetching PMK-R1 SA.
Add a workaround for drivers that cannot set keys before association
(e.g., cfg80211/mac80211): retry PTK configuration after association.
2010-03-13 21:11:26 +02:00
Jouni Malinen
2a7e7f4e4a FT: Add driver op for marking a STA authenticated
This can be used with FT-over-DS where FT Action frame exchange
triggers transition to State 2 (authenticated) without Authentication
frame exchange.
2010-03-13 18:28:15 +02:00
Jouni Malinen
86f7b62a33 FT: Add a workaround to set PTK after reassociation
If the PTK configuration prior to association fails, allow reassociation
attempt to continue and configure PTK after association. This is a
workaround for drivers that do not allow PTK to be configured before
association (e.g., current cfg80211/mac80211).
2010-03-13 17:15:38 +02:00
Jouni Malinen
bdda27eb17 Fix WPS IE in Probe Response frame to include proper Config Methods values
This attribute is supposed to indicate which methods the AP supports as
an Enrollee for adding external Registrars. It was left to 0 when the
AP code did not yet support external Registrars and was forgotten when
the ER support was added.
2010-03-13 13:39:22 +02:00
Jouni Malinen
73fc617d5c nl80211: Fix FT Action send command
Need to include payload header in the data length to avoid sending
truncated FT Action frame.
2010-03-12 00:41:03 +02:00
Masashi Honma
c1bbb0cee1 NetBSD: Fix driver_bsd.c build
On NetBSD 5.0.2, wpa_supplicant build results in messages below.

../src/drivers/driver_bsd.c: In function 'wpa_driver_bsd_get_ssid':
../src/drivers/driver_bsd.c:876: warning: passing argument 2 of 'bsd_get_ssid'
from incompatible pointer type
../src/drivers/driver_bsd.c:876: warning: passing argument 3 of 'bsd_get_ssid'
makes integer from pointer without a cast
../src/drivers/driver_bsd.c:876: error: too many arguments to function
'bsd_get_ssid'
../src/drivers/driver_bsd.c: In function 'wpa_driver_bsd_scan':
../src/drivers/driver_bsd.c:1125: warning: passing argument 2 of 'bsd_set_ssid'
from incompatible pointer type
../src/drivers/driver_bsd.c:1125: warning: passing argument 3 of 'bsd_set_ssid'
makes integer from pointer without a cast
../src/drivers/driver_bsd.c:1125: error: too many arguments to function
'bsd_set_ssid'
gmake: *** [../src/drivers/driver_bsd.o] Error 1

This patch solves this issue.
2010-03-10 23:33:10 +02:00
Jouni Malinen
7b90c16aa9 nl80211: Add preliminary implementation of FT Action send
This is a step in adding FT support with nl80211-based drivers.
driver_nl80211.c is now registering to handle the FT Action frames
and is able to transmit FT Request frame. Received FT Action frames
are not yet indicated as driver events.
2010-03-07 22:47:39 +02:00
Jouni Malinen
1b484d60e5 FT: Include pairwise cipher suite in PMK-R0 SA and PMK-R1 SA
This is needed to fix PTK derivation to use correct length. Previously,
64-octet PTK may have been derived if the authenticator did not already
have a STA entry. Now, the correct pairwise cipher suite is learned when
then PMK-R1 SA is received.
2010-03-07 22:18:33 +02:00
Jouni Malinen
5205c4f98a nl80211: Fix driver context pointer for auth-failure-case
The new per-BSS context needs to be used here when calling
wpa_driver_nl80211_deauthenticate() to avoid passing incorrect
data type to the function.
2010-03-07 21:29:34 +02:00
Marcin Marzec
f400f4f34b Fix typo in WPA_AUTH_ALG_FT definition
This was not supposed to have duplicate value with WPA_AUTH_ALG_LEAP.
The previous version was unable to set FT as the authentication
algorithm with nl80211.
2010-03-07 21:02:55 +02:00
Jouni Malinen
0ebdf62735 Remove unnecessary ifname parameter from set_ap_wps_ie() driver op 2010-03-07 11:51:50 +02:00
Jouni Malinen
d3e3a20565 Remove unnecessary ifname parameter from set_ht_params() driver op 2010-03-07 11:49:27 +02:00
Jouni Malinen
3234cba40e Remove unnecessary ifname parameter to sta_set_flags() driver op 2010-03-07 11:45:41 +02:00
Jouni Malinen
62847751e4 Remove unnecessary ifname parameter from sta_add() driver op 2010-03-07 11:42:41 +02:00
Jouni Malinen
8709de1ae8 Remove unnecessary ifname parameter from hapd_get_ssid/hapd_set_ssid 2010-03-07 11:36:45 +02:00
Jouni Malinen
aa48451698 Remove unnecessary ifname parameter from set_generic_elem() driver op 2010-03-07 11:33:06 +02:00
Jouni Malinen
d5dd016a8a Remove unneeded ifname parameter from set_privacy() driver op 2010-03-07 11:29:17 +02:00
Jouni Malinen
044372a333 driver_test: Use driver private BSS context instead of BSS lookup
The ifname-based lookup can now be replaced with the new mechanism that
allows driver wrappers to register per-BSS context data.
2010-03-07 11:26:35 +02:00
Jouni Malinen
70a8419f26 Avoid crash after driver init failure
hostapd_flush_old_stations() needs to check whether the driver
initialization was successful since it gets called on an error path.
2010-03-07 11:25:28 +02:00
Jouni Malinen
7ab68865c0 Remove unneeded iface parameter from if_add() driver op 2010-03-07 10:05:05 +02:00
Felix Fietkau
071799872f hostapd: fix a segfault in the error path of the nl80211 if_add function 2010-03-07 09:59:22 +02:00
Jouni Malinen
05ba8690cb nl80211: Unregister forgotten eloop socket on init failure 2010-03-06 22:37:48 +02:00
Jouni Malinen
8b897f5a17 Remove unnecessary ifname parameter from set_beacon()
The new per-BSS driver context makes this unnecessary.
2010-03-06 22:36:40 +02:00
Felix Fietkau
53f3d6f3e6 hostapd: allow stations to move between different bss interfaces
With this patch, a client gets kicked out of the last BSS it was
attached to, when it is associating to a different one.
While mac80211 does allow a station to be present on multiple bss
interfaces, this does seem to cause problems both for the stack
and for hostapd.
2010-03-06 22:30:25 +02:00
Felix Fietkau
a2e40bb650 hostapd: Fix interface selection for the nl80211 driver
This patch allows the nl80211 driver to create its own per-bss context
and pass it to the drv_priv pointer of the hostapd bss state.
With this and the following patch, stations can associate to and switch
between multiple BSS interfaces of a single wiphy.
This obsoletes a few instances of passing ifname to a callback, those
can be removed in a separate patch.
It might also be useful to move more fields from the driver data to the
per-bss data structure in the future.
2010-03-06 22:22:56 +02:00
Felix Fietkau
39f42d1193 hostapd: fix bogus nl80211 interface remove messages for STA WDS 2010-03-06 20:52:22 +02:00
Felix Fietkau
4c32757d22 hostapd: add ifname to the sta_set_flags callback
This fixes multi-BSS STA operations (e.g., setting AUTHORIZED flag) with
nl80211-based drivers.
2010-03-06 20:44:31 +02:00
Jouni Malinen
ffd2c8cd4d Avoid warnings on unused function/variables if debug is disabled
CONFIG_NO_STDOUT_DEBUG removes wpa_printf() calls, so need to ifdef
some function and variable definitions to avoid compiler warnings.
2010-03-06 16:37:57 +02:00
Kel Modderman
09bd6e8cca wpa_supplicant: fix FTBFS on Debian GNU/kFreeBSD
This patch allows wpa_supplicant to compile on Debian's kfreebsd
architectures.

Patch by Stefan Lippers-Hollmann based on work done by Petr Salinger
and Emmanuel Bouthenot for 0.6.X (http://bugs.debian.org/480572).
2010-03-06 10:16:47 +02:00
Jouni Malinen
d2f46a2b13 bsd: Use os_strlcpy instead of strlcpy 2010-03-06 10:04:41 +02:00
Jouni Malinen
3812464cda Add optional scan result filter based on SSID
filter_ssids=1 global configuration parameter can now be used to
enable scan result filtering (with -Dnl80211 only for now) based on
the configured SSIDs. In other words, only the scan results that have
an SSID matching with one of the configured networks are included in the
BSS table. This can be used to reduce memory needs in environments that
have huge number of APs.
2010-03-05 21:42:06 +02:00
Jouni Malinen
207ef3fb12 Add suspend/resume notifications
wpa_supplicant can now be notified of suspend/resume events, e.g.,
from pm-action scripts. This allows wpa_supplicant to clear information
that may become invalid during a suspend operation.
2010-02-27 18:46:02 +02:00
Jouni Malinen
94d9bfd59b Rename EAP server source files to avoid duplicate names
This makes it easier to build both EAP peer and server functionality
into the same project with some toolchains.
2010-02-19 18:54:07 +02:00
Jouni Malinen
6fa2ec2d2b Make EAPOL Authenticator buildable with Microsoft compiler 2010-02-19 18:35:40 +02:00
Masashi Honma
c6611ed995 bsd: Use device capability information
This patch enables the use of device capability information from the
driver when possible.
2010-02-16 19:47:00 +02:00
Jouni Malinen
58f6fbe05c nl80211: Add support for off-channel Action TX/RX commands
The kernel side support for this was just added into
wireless-testing.git. This commit adds the driver wrapper code needed
to allow wpa_supplicant to use the new functionality.
2010-02-16 19:41:49 +02:00
Jouni Malinen
b7a2b0b68c Add alloc_interface_addr() drv op option for specifying ifname
Some drivers may need to use a specific ifname for the virtual
interface, so allow them to do this with a new parameter passed
to the alloc_interface_addr() handler.
2010-02-16 19:34:51 +02:00
Jouni Malinen
01b350ed74 Sync with linux/nl80211.h from wireless-testing.git 2010-02-16 19:28:38 +02:00
Jouni Malinen
25ac1328f6 EAP-TNC: Add Flags field into fragment acknowledgement
TNC IF-T is somewhat unclear on this are, but
draft-hanna-nea-pt-eap-00.txt, which is supposed to define the same
protocol, is clearer on the Flags field being included.

This change breaks interoperability with the old implementation if
EAP-TNC fragmentation is used. The old version would not accept
the acknowledgement message with the added Flags octet while the
new version accepts messagss with with both options.
2010-02-14 16:08:15 +02:00
Jouni Malinen
62477841a1 EAP-TNC server: Fix processing when last message is fragmented
If the last message from the EAP-TNC server was fragmented, the
fragment processing lost the DONE/FAIL state and did not know how
to handle the final ACK from the peer. Fix this by remembering the
earlier DONE/FAIL state when fragmenting a frame.
2010-02-13 18:03:52 +02:00
Jouni Malinen
b29d086d50 EAP-TNC: Accept fragment ack frame with Flags field
TNC IF-T specification is unclear on the exact contents of the fragment
acknowledgement frame. An interoperability issue with the tncs@fhh
implementation was reported by Arne Welzel
<arne.welzel@stud.fh-hannover.de> due to the different interpretations
of the specification. Relax EAP-TNC server/peer validation rules to
accept fragmentation acknowledgement frames to include the Flags field
to avoid this issue.
2010-02-13 18:00:39 +02:00
Masashi Honma
0c6bdf91ea bsd: Aggregate ioctl routines
This patch aggregates ioctls.

First is SIOCS80211. The SIOCS80211's arguments has 3 couples.
        1-1. i_len, i_data
        1-2. i_val
        1-3. i_len, i_data, i_val (currently only IEEE80211_IOC_APPIE)
There were 3 routines for each cases. This patch aggregates these to
one.

Second is SIOCG80211. The SIOCG80211 returns 2 type of value.
        2-1. i_len
        2-2. i_val
There were 2 routines for each cases. This patch aggregates these to
one.

I have tested on both FreeBSD 8.0 and NetBSD 5.0.1 with these cases.

[hostapd]
RSN-PSK(CCMP)/WPA-PSK(TKIP)

[wpa_supplicant(STA)]
RSN-PSK(CCMP)/WPA-PSK(TKIP)

[wpa_supplicant(AP)]
RSN-PSK(CCMP)/WPA-PSK(TKIP)
2010-02-13 13:59:29 +02:00
Masashi Honma
88487b0e0b FreeBSD: Add support for FreeBSD 8.0 STA/AP
This patch adds both wpa_supplicant and hostapd support for
FreeBSD 8.0.

I refered
http://www.jp.freebsd.org/cgi/cvsweb.cgi/src/usr.sbin/wpa/hostapd/driver_freebsd
.c
http://www.jp.freebsd.org/cgi/cvsweb.cgi/src/usr.sbin/wpa/wpa_supplicant/driver_
freebsd.c

I have tested on FreeBSD 8.0 with these cases.

[hostapd]
RSN-PSK(CCMP)/WPA-PSK(TKIP)

[wpa_supplicant(STA)]
RSN-PSK(CCMP)/WPA-PSK(TKIP)

[wpa_supplicant(AP)]
RSN-PSK(CCMP)/WPA-PSK(TKIP)
2010-02-13 13:57:39 +02:00
Masashi Honma
362468d117 FreeBSD: Enable channel control
This patch enables FreeBSD channel control.

I have tested on FreeBSD 7.2 with these cases.

[hostapd]
RSN-PSK(CCMP)/WPA-PSK(TKIP)

[wpa_supplicant(STA)]
RSN-PSK(CCMP)/WPA-PSK(TKIP)

[wpa_supplicant(AP)]
RSN-PSK(CCMP)/WPA-PSK(TKIP)
2010-02-13 13:54:27 +02:00
Masashi Honma
e1b1309b6a bsd: Unify wpa_driver_bsd_ops
The attached patch unifies hostapd wpa_driver_bsd_ops and
wpa_supplicant wpa_driver_bsd_ops.

I have tested on NetBSD 5.0.1 with these cases.

[hostapd]
RSN-PSK(CCMP)/WPA-PSK(TKIP)

[wpa_supplicant(STA)]
RSN-PSK(CCMP)/WPA-PSK(TKIP)

[wpa_supplicant(AP)]
RSN-PSK(CCMP)/WPA-PSK(TKIP)
2010-02-13 13:52:03 +02:00
Masashi Honma
86b24ea93c bsd: Unify struct bsd_driver_data and struct wpa_driver_bsd_data
This patch unifies struct bsd_driver_data and struct wpa_driver_bsd_data.
2010-02-13 13:50:19 +02:00
Masashi Honma
6850c70742 bsd: Use same field name between hostapd and wpa_supplicant
This patch modifies field name of struct bsd_driver_data to use
same name of struct wpa_driver_bsd_data. This is a preparation of
unifying struct bsd_driver_data and struct wpa_driver_bsd_data.
2010-02-13 13:48:52 +02:00
Jouni Malinen
00468b4650 Add TLS client events, server probing, and srv cert matching
This allows external programs (e.g., UI) to get more information
about server certificate chain used during TLS handshake. This can
be used both to automatically probe the authentication server to
figure out most likely network configuration and to get information
about reasons for failed authentications.

The follow new control interface events are used for this:
CTRL-EVENT-EAP-PEER-CERT
CTRL-EVENT-EAP-TLS-CERT-ERROR

In addition, there is now an option for matching the server certificate
instead of the full certificate chain for cases where a trusted CA is
not configured or even known. This can be used, e.g., by first probing
the network and learning the server certificate hash based on the new
events and then adding a network configuration with the server
certificate hash after user have accepted it. Future connections will
then be allowed as long as the same server certificate is used.

Authentication server probing can be done, e.g., with following
configuration options:
    eap=TTLS PEAP TLS
    identity=""
    ca_cert="probe://"

Example set of control events for this:
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' hash=5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a
CTRL-EVENT-EAP-TLS-CERT-ERROR reason=8 depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' err='Server certificate chain probe'
CTRL-EVENT-EAP-FAILURE EAP authentication failed

Server certificate matching is configured with ca_cert, e.g.:
    ca_cert="hash://server/sha256/5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a"

This functionality is currently available only with OpenSSL. Other
TLS libraries (including internal implementation) may be added in
the future.
2010-02-13 11:14:23 +02:00
Jouni Malinen
c7d711609b Fix memory leak on TLS setup error path
Need tof free TLS context in some cases to avoid a memory leak
on error path.
2010-02-13 10:19:41 +02:00
Jouni Malinen
2e06e9dd6f Fix TLS in/out buffer freeing
The previous version could end leaking memory since os_free() was used
instead of wpabuf_free(). In addition, this could potentially have
triggered a crash if the TLS context were being freed when pending
input data where still in the buffer (though, this may not be possible
to trigger in practice).
2010-02-12 21:13:51 +02:00
Jouni Malinen
cf123d7f4c OpenSSL: Fix tls_init(NULL) with FIPS-enabled build
The conf argument to tls_init() may be NULL (as it is when using
hostapd), so we must check that here before dereferencing the
pointer.
2010-02-12 20:51:10 +02:00
Jouni Malinen
e0b3b3cb77 WPS: Fix AP operation with internal Registrar when ER is also active
Ignore the pending WPS message from ER (PutWLANReseponse action) if the
internal Registrar has already sent out M2.
2010-02-12 12:38:14 +02:00
Jouni Malinen
7796f20edc Add new ctrl_iface event for EAP methods proposed by the server
This makes it easier for external programs to probe EAP server
preferences and potentially automatically detect which method
could be used.
2010-02-11 19:48:36 +02:00
Jouni Malinen
e748062b58 nl80211: Do not try to remove non-existing STA WDS interface
This removes confusing error messages from the default (no WDS) case.
2010-02-10 11:29:53 +02:00
Jouni Malinen
aba7569ec8 driver_bsd: Fix build without SIOCS80211CHANNEL
At least FreeBSD 7 does not seem to define this and failed to build
after the previous changes.
2010-02-08 21:41:51 +02:00
Masashi Honma
42f34a9b41 driver_bsd.c: Enable AP mode wpa_supplicant 2010-02-08 21:33:59 +02:00
Masashi Honma
d373725686 driver_bsd: Clean up EAPOL frame transmission code
The bsd_send_eapol() adds Ethernet header by itself. This patch changes it
to use l2_packet functionality.

I have tested on NetBSD 5.0.1 with WPA-PSK(TKIP).
2010-02-08 21:28:59 +02:00
Masashi Honma
719196b159 driver_bsd.c: Reduce code duplication (setkey)
This patch reduces code duplication between hostapd and wpa_supplicant
for IEEE80211_IOC_WPAKEY.
2010-02-08 21:25:18 +02:00
Masashi Honma
60bc30333c driver_bsd.c: Reduce code duplication (ifflag)
This patch reduces code duplication between hostapd and wpa_supplicant
for SIOC[GS]IFFLAGS.
2010-02-08 21:23:28 +02:00
Masashi Honma
fa6b8afe6f driver_bsd.c: Reduce code duplication (MLME)
This patch reduces code duplication between hostapd and wpa_supplicant
about IEEE80211_IOC_MLME. This is a preparation for AP mode
wpa_supplicant.
2010-02-08 21:21:23 +02:00
Masashi Honma
cbdecd2b0d driver_bsd.c: Reduce code duplication (DELKEY)
This patch reduces code duplication between hostapd and wpa_supplicant
about IEEE80211_IOC_DELKEY. This is a preparation for AP mode
wpa_supplicant. This is a patch to
http://lists.shmoo.com/pipermail/hostap/2010-January/021030.html.
2010-02-08 21:18:09 +02:00
Masashi Honma
5197244a04 bsd: Enable auto configuration
On NetBSD, we should configure some parameters manually out of hostapd
like below.

  ifconfig ath0 mediaopt hostap
  ifconfig ath0 mode 11g
  ifconfig ath0 chan 6

This patch does these automatically. Maybe there will be some
objections, like "hardware configuration is not hostapd/wpa_supplican's
work". So I will write the reasons why I made this patch.

1. For usability.
2. The first command fails when previous state is adhoc. This patch is
free from previous state.
3. Some driver wrappers configure these automatically (like nl80211).
4. I have wasted time trying to find out these command were needed :(
2010-02-08 21:14:22 +02:00
Masashi Honma
82f36163ac driver_bsd.c: Use os_free() instead of free()
This patch replaces some free() with os_free() when the memory was
allocated by os_*().
2010-02-08 21:11:52 +02:00
Hamish Guthrie
79e4140c61 driver_ps3: Remove legacy ps3 wpa driver
The ps3 wireless kernel driver has wireless extension support.
There is a legacy wpa_supplicant driver, and support for this
has been removed from the kernel driver, as no distributions
are using it.
2010-02-08 21:08:54 +02:00
Jouni Malinen
8856462d61 nl80211: Dump scan results in debug log if association command fails
This may help in debugging why cfg80211 refused the association
command since the scan results should include information about all
pending authentication and association states.
2010-01-24 18:11:30 -08:00
Jouni Malinen
582507be85 nl80211: Clear cfg80211 authentication data for old entries
cfg80211 has a limit on pending authentications, so we better clear
the entries that we do not care about to avoid hitting the limit
when roaming between multiple APs.
2010-01-24 18:07:34 -08:00
Christian Lamparter
43a7fe2e0e ap: Reorder authsrv_init() to fix IEEE 802.1X initialization
This patch moves the authentication server setup before
IEEE 802.1X initialization. It's because 802.1X already
needs to have a valid SSL context.

Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
2010-01-17 12:14:17 +02:00
Jouni Malinen
dff0f701d0 Preparations for v0.7.1 release 2010-01-16 19:04:38 +02:00
Jouni Malinen
de1b2d143a Make sure the resutl from readlink is properly null terminated 2010-01-16 17:19:06 +02:00
Jouni Malinen
8c0906542c Fetch IEs from both Beacon and Probe Response frames if available
This allows the driver wrappers to return two sets of IEs, so that
the BSS code can use information from both Beacon and Probe Response
frames if needed. For example, some Cisco APs seem to include more
information in Wireless Provisioning Services IE when it is in the
Beacon frame.
2010-01-16 16:11:05 +02:00
Jouni Malinen
94627f6cc8 hostapd: Detect bridge interface automatically
This makes the bridge parameter unnecessary for cases where the interface
is already in a bridge and sysfs is mounted to /sys so that the detection
code works.

For nl80211, the bridge parameter can be used to request the AP
interface to be added to the bridge automatically (brctl may refuse to
do this before hostapd has been started to change the interface mode).
If needed, the bridge interface is also created.
2010-01-16 15:19:58 +02:00
Jouni Malinen
d455d0806e driver_test: Learn scan result channel from DS Params IE 2010-01-16 12:26:03 +02:00
Jouni Malinen
c35faef51a driver_test: Initialize bss_ctx based on drv->ctx for new BSS interfaces
This is needed with wpa_supplicant to get the correct context pointer
for a virtual BSS interface.
2010-01-16 12:24:31 +02:00
Jouni Malinen
37b776eac1 driver_test: Add support for per-SSID scans for non-MLME case 2010-01-16 12:23:39 +02:00
Jouni Malinen
af47308823 Add deinit_ap driver op to help wpa_supplicant AP mode use 2010-01-16 12:20:51 +02:00
Jouni Malinen
e882899981 Add BSSID to TX/RX Action frame driver ops
This meets better the needs for various Public Action frame use cases.
2010-01-16 12:16:20 +02:00
Jouni Malinen
4e5cb1a366 Add driver op for disabling 802.11b rates 2010-01-16 12:11:19 +02:00
Jouni Malinen
ae58592894 Sync with wireless-testing.git linux/nl80211.h 2010-01-16 12:06:42 +02:00
Masashi Honma
11386396cc driver_bsd.c: Clean up EAPOL frame transmission code
The bsd_send_eapol() prepares 3000 bytes buffer for every EAPOL
frame transmission. I think malloc() is better way for efficient
memory use.
2010-01-16 11:47:05 +02:00
Jouni Malinen
b590812e8f Add preliminary documentation for ctrl_iface events 2010-01-15 19:24:08 +02:00
Jouni Malinen
3145e6154c wext: Add cfg80211-specific optimization to avoid silly behavior
If the driver is detected to use cfg80211, we can rely on it being able
to disconnect with SIOCSIWMLME commands and to use empty SSID as a way
to stop it from associating when we are in progress of configuring the
driver for association. Consequently, we can remove the hack that uses
random 32-octet SSID to force disconnection and re-order association
commands to match the expectations that cfg80211 has for WEXT ioctls.
This gets rid of extra scan rounds and attempts to associate with the
silly 32-octet SSID.
2010-01-12 20:01:09 +02:00
Jouni Malinen
4a5869206e wext: Check hexstr2bin() return value in custom scan text processing 2010-01-10 22:26:11 +02:00
Jouni Malinen
a7efb16052 WEXT: Show BSSID/SSID set failures on disconnect in debug log 2010-01-10 22:18:50 +02:00
Jouni Malinen
fbe3e7f840 wext: Check hexstr2bin() return value 2010-01-10 22:16:51 +02:00
Jouni Malinen
68fd595fa5 WPS ER: Check uuid_str2bin() return value 2010-01-10 22:12:55 +02:00
Jouni Malinen
4f6050e796 WPS ER: Verify os_get_random() return value 2010-01-10 22:08:43 +02:00
Jouni Malinen
4edc521068 EAP-FAST peer: Clean up PAC writing function
Use more explicit validation of input parameters and clean up the
writes by using a local end-of-buffer variable to simplify
calculations.
2010-01-10 22:04:59 +02:00
Jouni Malinen
2e320d8db5 eloop: Clear timeout data during allocation
Better make sure the eloop_timeout data gets fully initialized. The
current code is filling in all the fields, but it is clearer to just
zero the buffer to make sure any new field added to the structure gets
initialized.
2010-01-10 21:48:27 +02:00
Jouni Malinen
6f9b5d1696 IBSS RSN: Check explicitly that WPA auth sm assoc call succeeded
Verify that association processing did not end up freeing the state
machine. This should not really happen in practice, but better verify
it anyway.
2010-01-10 21:45:44 +02:00
Jouni Malinen
b2180f4a89 Check WPS attr build helper return value
These are hardcoded to return success, but should check the value
anyway.
2010-01-10 20:49:22 +02:00
Jouni Malinen
0e75b3c352 Use zero address when reporting unknown peer in SMK error
This avoids potential use of uninitialized stack memory when printing
out peer address based on SMK error message that does not include the
MAC address.
2010-01-10 19:00:25 +02:00
Jouni Malinen
e4a6ea1d9c Avoid a theoretical use-after-free in WPA auth sm init
wpa_sm_step() could theoretically free the statemachine, but it does
not do it in this particular case. Anyway, the code can be cleaned to
verify whether the state machine data is still available after the
wpa_sm_step() call.
2010-01-10 18:54:41 +02:00
Jouni Malinen
612162430f WPS: Remove unused mac_addr_text parameter from get_netif_info() 2010-01-09 16:57:15 +02:00
Masashi Honma
c610dba137 FreeBSD: Fix driver_bsd.c build
On FreeBSD 8.0, driver_bsd.c build fails because of changes from
older versions of FreeBSD. The error messages are below:

In file included from ../src/drivers/driver_bsd.c:38:
/usr/include/net80211/ieee80211_crypto.h:94: error: 'IEEE80211_TID_SIZE'
undeclared here (not in a function)
../src/drivers/driver_bsd.c: In function 'wpa_driver_bsd_set_wpa_ie':
../src/drivers/driver_bsd.c:968: error: 'IEEE80211_IOC_OPTIE' undeclared (first
use in this function)
../src/drivers/driver_bsd.c:968: error: (Each undeclared identifier is reported
only once
../src/drivers/driver_bsd.c:968: error: for each function it appears in.)
gmake: *** [../src/drivers/driver_bsd.o] Error 1

This patch solves this issue.
2010-01-09 11:04:44 +02:00
Masashi Honma
953f0f6333 bsd: Add support for WPA_TRACE and WPA_TRACE_BFD
On FreeBSD 8.0, WPA_TRACE and WPA_TRACE_BFD functionality build fails.
2010-01-09 11:01:12 +02:00
Masashi Honma
60e1ce7615 bsd: Fix driver_wired.c build 2010-01-09 10:53:44 +02:00
Jouni Malinen
1056dad796 Fix PKCS#12 use with OpenSSL 1.0.0
Add 40-bit RC2 CBC explicitly since OpenSSL 1.0.0 does not seem to that
anymore with PKCS12_PBE_add(). Furthermore, at least 1.0.0-beta4 crashes
if the needed cipher is not registered when parsing the PKCS#12 data
(this crashing part should be fixed in newer 1.0.0 versions)

Following bug reports are related to the issue:
https://bugzilla.redhat.com/show_bug.cgi?id=541924
https://bugzilla.redhat.com/show_bug.cgi?id=538851
http://rt.openssl.org/Ticket/Display.html?id=2127
http://rt.openssl.org/Ticket/Display.html?id=2128
2010-01-09 00:38:09 +02:00
Jouni Malinen
c5b26e33c1 Convert RSN pre-authentication to use struct dl_list 2010-01-06 21:23:15 +02:00
Jouni Malinen
1ce77dcc66 Fix memory leak on RSN preauth init error path 2010-01-06 21:14:09 +02:00
Lennert Buytenhek
594cf8b9ef Fix WMM default parameters
wmm_ac_??_cw{min,max} parameters are in log form

When the wme_ac_??_cw{min,max} parameters aren't specified in
hostapd.conf, hostapd uses an incorrect set of default values, as the
defaults are in 2^x-1 form instead of in log form.  This patch changes
them over to the expected log form.
2010-01-06 20:48:29 +02:00
Jouni Malinen
0de4da91c1 Mark fmt parameter const for wpa_printf/msg 2010-01-04 19:16:19 +02:00
Jouni Malinen
3adca61c9c nl80211: Fix a typo 2010-01-03 22:20:27 +02:00
Jouni Malinen
2ac9688eb8 Use common driver code for Linux hwaddr get/set 2010-01-03 22:17:08 +02:00
Jouni Malinen
34f2f814e0 Share a single Linux ioctl helper fo setting interface up/down
Number of Linux driver wrappers included this more or less identical
function, so lets add a new helper file to be able to share some more
code between the driver wrappers.
2010-01-03 22:08:26 +02:00
Jouni Malinen
69378b7928 bsd: Fix a typo 2010-01-03 21:18:55 +02:00
Jouni Malinen
abd9fafab6 Standardize on a single definition of auth_alg bitfield values 2010-01-03 21:14:40 +02:00
Jouni Malinen
70f8cc8ec8 Share the same enum for MFP configuration
The three existing enums were already depending on using the same
values in couple of places and it is just simpler to standardize on
one of these to avoid need for mapping between different enums for
the exact same thing.
2010-01-03 21:02:51 +02:00
Jouni Malinen
e049867788 More Doxygen documentation for the driver interface 2010-01-03 20:49:48 +02:00
Jouni Malinen
d1f9c410c1 Remove src/drivers/scan_helpers.c
Most of this file was already moved into wpa_supplicant/scan.c and
we can remove the file completely by having couple of small helper
functions copied to the remaining users outside core wpa_supplicant
code.
2010-01-03 20:27:32 +02:00
Jouni Malinen
9ba9fa07cc Move wpa_supplicant specific scan code away from src/drivers
This fits better in wpa_supplicant/scan.c. Couple of remaining
scan_helpers.c functions are currently used in driver wrappers,
but they can likely be removed in the future.
2010-01-03 18:48:11 +02:00
Jouni Malinen
baac649094 Add drv_event_eapol_rx() helper 2010-01-03 18:35:01 +02:00
Jouni Malinen
1d041bec84 Use generic driver event notification for AP mode assoc/disassoc 2010-01-03 18:22:22 +02:00
Jouni Malinen
a8e0505bf0 Use driver event, EVENT_EAPOL_RX, for EAPOL frame indication 2010-01-03 17:44:40 +02:00
Jouni Malinen
a70a5d6d06 Replace hostapd_notif_new_sta() with new driver event, EVENT_NEW_STA 2010-01-03 16:46:18 +02:00
Jouni Malinen
b38ddb0c50 driver_test: Add channel awareness for the MLME test code
This allows the MLME mode of driver_test to filter frames based on
the frequency on which they were sent and the frequency used by the
receiver.
2010-01-03 14:01:20 +02:00
Jouni Malinen
55777702cd Add driver API functionality for off-channel Action frames
This adds new commands and events for allowing off-channel Action
frame exchanges to be requested. This functionality is not yet used
and is only fully supported by driver_test.c at this point.
driver_nl80211.c has support for the remain-on-channel commands, but
the Action frame TX/RX part is still pending review for the kernel
code and as such, is not yet included here.
2010-01-03 13:57:51 +02:00
Jouni Malinen
d7c53e432b Sync with wireless-testing.git linux/nl80211.h 2010-01-03 13:56:18 +02:00
Jouni Malinen
7bfc47c34f Add driver ops for allocating interface addresses
This adds placeholder code for allowing the virtual interfaces to be
pre-allocated a MAC address before the interface type is known with
drivers that do not handle interface type changes.
2010-01-03 13:42:06 +02:00
Jouni Malinen
504e905c6e Add a driver op for enabling Probe Request reporting in station mode 2010-01-03 13:30:22 +02:00
Jouni Malinen
9646a8ab8b Remove unnecessary wpa_event_type typedef 2010-01-03 13:10:12 +02:00
Jouni Malinen
2a8b74163e Move struct hostapd_frame_info definition away from driver API
This is internal data structure for hostapd/AP functionality and does
not need to be defined in driver.h.
2010-01-03 12:37:02 +02:00
Jouni Malinen
3af1f9cb14 driver_test: Remove forgotten, unused prototypes 2010-01-03 12:36:32 +02:00
Jouni Malinen
0d9fc3d8bd Remove struct ieee80211_hdr dependency from EVENT_RX_FROM_UNKNOWN
It is simpler to just pass in u8* to the beginning of the header.
2010-01-03 12:17:20 +02:00
Jouni Malinen
a0e0d3bb15 Replace hostapd_probe_req_rx() with EVENT_RX_PROBE_REQ driver event 2010-01-03 12:11:44 +02:00
Jouni Malinen
245519e0cd Replace wpa_supplicant_sta_rx() call with driver event
Get rid of wpa_supplicant_sta_rx() and add a new driver event that is
marked to be used only with driver_test.c. In addition, remove this
functionality from privsep wrapper. This is only use for client mode
MLME testing with driver_test.c.
2010-01-03 11:50:26 +02:00
Jouni Malinen
8d923a4acf Only expire scanned BSSes based on new scan results
Get more information about scans when updating BSS table information.
This allows the missing-from-scans expiration rule to work properly
when only partial set of channels or SSIDs are being scanned.
2010-01-02 13:57:44 +02:00
Jouni Malinen
dc5a08c053 WPS: Fix Probe Request processing to handle missing attribute
WPS IE parsing for PBC mode did not check whether the UUID-E attribute
was included before dereferencing the pointer. This could result in the
AP crashing when processing and invalid Probe Request frame.
2010-01-01 23:38:51 +02:00
Jouni Malinen
291b60682a nl80211/wext: Hardcode all auth_algs as supported
There does not seem to be a driver interface for fetching auth_algs
capability, but this may be used by some external application, so
hardcode all auth_algs as supported for now.
2010-01-01 21:41:19 +02:00
Jouni Malinen
c2f5126941 WPS: Add Enrollee-seen event message and wpa_gui-qt4 Peers entry
This can be used to show active Enrollees in AP mode to make it
easier to provision a new device.
2009-12-28 16:24:04 +02:00
Jouni Malinen
2e8542756c Mark wpabuf_get_trace() static 2009-12-28 16:02:11 +02:00
Jouni Malinen
d2b8812921 Include header file to verify prototypes 2009-12-28 16:01:21 +02:00
Jouni Malinen
139a33f34e test: Register more complete set of channels and rates 2009-12-28 13:39:57 +02:00
Jouni Malinen
2fe17720aa test: Use previously requested BSSID when adding a new interface 2009-12-28 13:38:18 +02:00
Jouni Malinen
c6e8e8e41f nl80211: Add more debug prints for mode changes and interface add/remove 2009-12-28 13:25:17 +02:00
Jouni Malinen
4832ecd754 Add an option for driver wrappers to report operational frequency 2009-12-28 13:23:13 +02:00
Jouni Malinen
cd7d80f373 Allow Probe Request callbacks to terminate iteration 2009-12-28 13:14:58 +02:00
Jouni Malinen
1c08f8c0f0 Allocate Probe Response and Beacon buffers based on WPS IE length
This IE is of variable length and it is better to allocate the frame
buffer taking this length into account to prepare for future
additions.
2009-12-28 12:58:27 +02:00
Jouni Malinen
f0d126d339 Add ctrl_iface events for BSS added/removed 2009-12-28 00:42:51 +02:00
Jouni Malinen
f7c4783379 Split hostapd_interface_deinit() into deinit and free parts
This allows the driver interface to be deinitialized before
struct hostapd_data instance gets freed. This needs to be done so
that the driver wrapper does not maintain a context pointer to
freed memory.
2009-12-27 21:31:13 +02:00
Jouni Malinen
f78feb6a72 test: Add WPA_TRACE reference check for driver ctx
This will catch too early freeing of the context pointer before the
driver wrapper has been deinitialized.
2009-12-27 21:20:25 +02:00
Jouni Malinen
60ad2c7bef Fix a typo in a doxygen comment 2009-12-27 17:13:15 +02:00
Jouni Malinen
459489c99d eloop: Fix timeout handler to use local copy of func pointer
We need to copy not only the context pointers, but also the function
pointer before the timeout gets freed.
2009-12-26 14:30:50 +02:00
Jouni Malinen
719347511a Get rid of unnecessary typedefs for enums. 2009-12-26 10:35:08 +02:00
Jouni Malinen
81f4f6195e Include header files explicitly in *.c, not via header files 2009-12-26 00:31:51 +02:00
Jouni Malinen
6e6e8c31ff Replace src/ap/driver_i.h with non-inlined functions in ap_drv_ops.c 2009-12-26 00:21:22 +02:00
Jouni Malinen
8b06c1ed0d Remove ap_config.h dependency from driver_i.h
This adds explicit #include line for ap_config.h into the src/ap/*.c
files that actually use the definitions from there.
2009-12-26 00:12:25 +02:00
Jouni Malinen
6226e38d00 Rename some src/ap files to avoid duplicate file names
Doxygen and some build tools may get a bit confused about same file
name being used in different directories. Clean this up a bit by
renaming some of the duplicated file names in src/ap.
2009-12-26 00:05:40 +02:00
Jouni Malinen
1b56c26c40 Get rid of direct hostapd_for_each_interface() calls
src/ap/*.c must not call functions in hostapd or wpa_supplicant
directories directly, so avoid this by using a callback function
pointer.
2009-12-25 20:12:26 +02:00
Jouni Malinen
70db2ab308 Move rest of the generic AP mode functionality into src/ap 2009-12-25 20:06:07 +02:00
Jouni Malinen
481a11c94f test: Use more shared code for driver wrapper AP and station modes
This fixes AP mode use in wpa_supplicant with the
no-AP-driver-wrapper design.
2009-12-25 19:48:41 +02:00
Jouni Malinen
a911a6e61f Do not use virtual driver_ops for wpa_supplicant AP mode
Initialize struct hostapd_data driver context with the same driver
information that was initialized earlier during wpa_supplicant start.
This allows the AP mode operations to be completed directly with the
same calls in AP code without having to maintain a separate translation
layer between the AP and station mode driver context.
2009-12-25 19:47:08 +02:00
Jouni Malinen
a4f2110934 Clean up some of the hostapd.h function prototype definitions
Not all prototypes in hostapd.h really belong there. This is an initial
step in cleaning that up.
2009-12-25 14:20:35 +02:00
Jouni Malinen
0aef3ec832 Move hostapd_prune_associations() into ap/utils.c 2009-12-25 14:06:26 +02:00
Jouni Malinen
2586bc64d0 Move authentication server setup into separate file 2009-12-25 13:43:43 +02:00
Jouni Malinen
ad44e244b1 Move iapp.c into src/ap 2009-12-25 13:04:45 +02:00
Jouni Malinen
0e2d35c614 Move ctrl_iface_ap.c into src/ap 2009-12-25 12:25:55 +02:00
Jouni Malinen
64ee63a0d8 wired: Use os_*() wrappers more consistently
Need to allocate and free memory with same style to avoid WPA_TRACE
errors.
2009-12-25 11:54:02 +02:00
Jouni Malinen
65668bfb77 Add forgotten src/ap/utils.c file
Commit 32da61d9c9 was supposed to add
this file.
2009-12-25 01:31:28 +02:00
Jouni Malinen
9fdeaf8f3a WPS: Fix a memory leak if set_ie_cb() is not set
Skip WPS IE building for Beacon and Probe Response frames is set_ie_cb()
is not set. This fixes a memory leak and optimizes operations by not
allocating memory and building the WPS IEs unnecessarily.
2009-12-25 01:29:59 +02:00
Jouni Malinen
32da61d9c9 Move wps_hostapd.c into src/ap 2009-12-25 01:26:37 +02:00
Jouni Malinen
1057d78eb8 Move generic AP functionality implementation into src/ap
This code can be shared by both hostapd and wpa_supplicant and this
is an initial step in getting the generic code moved to be under the
src directories. Couple of generic files still remain under the
hostapd directory due to direct dependencies to files there. Once the
dependencies have been removed, they will also be moved to the src/ap
directory to allow wpa_supplicant to be built without requiring anything
from the hostapd directory.
2009-12-25 01:12:50 +02:00
Jouni Malinen
a2de634d1c Removed hostapd_new_assoc_sta() from driver wrapper API
This is not called directly by any of the driver wrappers anymore, so
the function can be removed from driver.h and drv_callbacks.c.
2009-12-24 23:30:32 +02:00
Jouni Malinen
14f7938660 Merge driver ops set_wps_beacon_ie and set_wps_probe_resp_ie
set_ap_wps_ie() is not used to set WPS IE for both Beacon and Probe
Response frames with a single call. In addition, struct wpabuf is used
instead of separate u8* and length fields. This avoids duplicated
allocation of the IEs and simplifies code in general.
2009-12-24 19:46:06 +02:00
Jouni Malinen
9aca440199 Drop WPA_TRACE reference before eloop timeout handler call
This avoids bogus error reports for cases where the timeout handler
frees the memory that was pointed to by the eloop timeout context.
2009-12-24 12:41:20 +02:00
Jouni Malinen
1b9eb51bbd Enable IPv6 support for libutils.a and libradius.a 2009-12-24 12:27:42 +02:00
Jouni Malinen
6aa9e7a64a Redesign struct hostapd_ip_addr to be of fixed size
This structure is embedded in some other structures and as such, it
would be nicer if this would not change its length based on build
options.
2009-12-24 12:26:47 +02:00
Jouni Malinen
64ce68fc42 Comment out CONFIG_IPV6 for now in RADIUS library build
This needs to be used consistently in order to get correct size for
struct hostapd_ip_addr.
2009-12-24 12:18:22 +02:00
Jouni Malinen
8a404b598d Add build rules for src/radius/libradius.a 2009-12-24 11:59:08 +02:00
Felix Fietkau
fbbfcbac29 hostapd: Add WDS (4-address frame) mode with per-station interfaces
This mode allows associated stations to use 4-address frames to allow
layer 2 bridging to be used. At least for the time being, this is only
supported with driver=nl80211.
2009-12-24 11:46:22 +02:00
Jouni Malinen
09eac1ac56 nl80211: Sync with wireless-testing.git linux/nl80211.h 2009-12-24 11:07:02 +02:00
Jouni Malinen
2a29f0d45c Rename EAP TLS variables to make server and peer code consistent 2009-12-24 00:16:58 +02:00
Jouni Malinen
5e5223bf29 trace: Show eloop unregistered handler function name/file/line 2009-12-22 01:52:48 +02:00
Jouni Malinen
94caf8cd62 trace: Filter out uninteresting functions from backtrace
This filters out the functions inside trace.c and functions before
main() since those are not relevant to the actual issue that is being
reported.
2009-12-22 01:29:15 +02:00
Jouni Malinen
a6ff0e0810 trace: Add active reference tracking
This WPA_TRACE=y additions allows components to register active references
to memory that has been provided to them as a pointer. If such an actively
referenced memory area is freed, tracer will report this as an error and
backtraces of both the invalid free and the location where this pointer
was marked referenced are shown.
2009-12-22 01:11:15 +02:00
Jouni Malinen
a698d28415 Check fread return value 2009-12-21 23:17:53 +02:00
Jouni Malinen
7bf127572c nl80211: Use couple more os_*() wrappers for allocation 2009-12-21 22:32:59 +02:00
Jouni Malinen
e62fb0a0de nl80211: Use os_* allocation wrappers to avoid WPA_TRACE issues 2009-12-21 22:21:10 +02:00
Jouni Malinen
c0e4dd9eeb WPS: Make Config Methods configurable for wpa_supplicant
This adds config_methods configuration option for wpa_supplicant
following the design used in hostapd. In addition, the string is
now parsed in common code from src/wps/wps_common.c and the list
of configurable methods include all the defined methods from
WPS 1.0h spec.
2009-12-21 15:59:25 +02:00
Jouni Malinen
b64576fcf5 WPS: Prefer PSK format if Enrollee does not advertise Display
Since an Enrollee that does not advertise display as one of the
Config Methods is unlikely to be able to show the ASCII passphrase
to the user, prefer PSK format with such an Enrollee to reduce key
derivation time. This can help with some low-powered devices that
would take long time to derive the PSK from the passphrase.
2009-12-21 12:58:02 +02:00
Jouni Malinen
f3f2eeba01 WPS: Add option for forcing Registrar to use PSK format in Credential
The use_psk_key parameter can now be used to force the Registrar to
use PSK format instead of ASCII passphrase when building a Credential
for the Enrollee. For now, this is not enabled, but it could be enabled
either based on external (to WPS) configuration or automatically set
based on some WPS attribute values from the Enrollee.
2009-12-21 12:46:19 +02:00
Jouni Malinen
f2f7d965b8 Add option libbfd support for tracing code
CONFIG_WPA_TRACE=y and CONFIG_WPA_TRACE_BFD=y can now be used to get
even more complete symbols (func/file/line and inline functions) for
backtraces.
2009-12-20 23:35:06 +02:00
Jouni Malinen
b763863d97 GnuTLS: Implement tls_connection_enable_workaround() 2009-12-20 22:08:54 +02:00
Jouni Malinen
9dd37a224b GnuTLS: Add support for piggybacked Application Data 2009-12-20 22:07:59 +02:00
Jouni Malinen
c9a7bbe5a8 GnuTLS: Define empty tls_connection_set_session_ticket_cb()
This allows EAP-FAST build to be completed even if it does not actually
work yet with GnuTLS.
2009-12-20 21:37:36 +02:00
Jouni Malinen
496c5d981e Use wpabuf with tls_connection_ia_send_phase_finished() 2009-12-20 21:33:32 +02:00
Jouni Malinen
2944656925 Allow TLS flags to be configured (allow MD5, disable time checks)
Undocumented (at least for the time being) TLS parameters can now
be provided in wpa_supplicant configuration to enable some workarounds
for being able to connect insecurely to some networks. phase1 and
phase2 network parameters can use following options:
tls_allow_md5=1
- allow MD5 signature to be used (disabled by default with GnuTLS)
tls_disable_time_checks=1
- ignore certificate expiration time

For now, only the GnuTLS TLS wrapper implements support for these.
2009-12-20 19:28:47 +02:00
Jouni Malinen
4a1e97790d GnuTLS: Report certificate validation failures with TLS alert
In addition, show more detailed reason for the failure in debug log.
2009-12-20 19:14:17 +02:00
Jouni Malinen
a86a7316a4 OpenSSL: Fix memleak in previous wpabuf changes on an error path 2009-12-20 19:12:59 +02:00
Jouni Malinen
2574634b7f Check TLS status on EAP server during handshake
The new TLS wrapper use may end up returning alert data and we need to
make sure here that it does not end up getting interpreted as success
due to non-NULL response.
2009-12-20 19:11:43 +02:00
Jouni Malinen
074be2332f GnuTLS: Use struct wpabuf for push/pull buffers 2009-12-20 18:31:56 +02:00
Jouni Malinen
81c85c069a Convert TLS wrapper to use struct wpabuf
This converts tls_connection_handshake(),
tls_connection_server_handshake(), tls_connection_encrypt(), and
tls_connection_decrypt() to use struct wpa_buf to allow higher layer
code to be cleaned up with consistent struct wpabuf use.
2009-12-20 18:17:55 +02:00
Jouni Malinen
94c3e91fc5 Add empty FIPS PRF wrapper for CryptoAPI 2009-12-20 18:14:20 +02:00
Jouni Malinen
8f431bc808 Add empty crypto_mod_exp() wrapper for CryptoAPI. 2009-12-20 18:13:42 +02:00
Jouni Malinen
de979ef18c Fix MinGW build: CertCreateCertificateContext() is now known 2009-12-20 18:10:10 +02:00
Jouni Malinen
f266d1a162 eloop_win: Fix build after eloop user_data removal 2009-12-20 17:48:55 +02:00
Jouni Malinen
f52ab9e6b0 Fix lastReqData freeing to use wpabuf_free() 2009-12-20 17:22:25 +02:00
Jouni Malinen
eeb04821ad wpabuf: Add WPA_TRACE code to validate correct freeing of wpabuf
Use an extra header to move the returned pointer to break os_free()
or free() of the returned value and verify that the correct magic
is present when freeing or resizing the wpabuf. Show backtrace on
invalid wpabuf use.
2009-12-20 13:11:31 +02:00
Jouni Malinen
859db534bf wpabuf: Allow wpabuf_resize(NULL, len) to be used
This matches with realloc() usage, i.e., allocate a new buffer if no
buffer was specified.
2009-12-20 12:52:54 +02:00
Jouni Malinen
c479e41f53 EAP-FAST server: Piggyback Phase 2 start with end of Phase 1
If Finished message from peer has been received before the server
Finished message, start Phase 2 with the same message to avoid extra
roundtrip when the peer does not have anything to send after the server
Finished message.
2009-12-20 11:39:45 +02:00
Jouni Malinen
1a1bf008cb WPS ER: Delay wpa_supplicant termination to allow unsubscription
Instead of forcefully deinitializing ER immediately, give it some
time to complete unsubscription and call eloop_terminate() only once
ER code has completed its work.
2009-12-19 23:47:54 +02:00
Jouni Malinen
e46338fc76 WPS ER: Unsubscribe from AP events whenever removing the AP entry
Store the subscription identifier during subscription process and use
this to unsubscribe from events when removing the AP.
2009-12-19 23:20:22 +02:00
Jouni Malinen
187533a4c5 WPS: Convert Registrar PIN list to use struct dl_list 2009-12-19 22:26:55 +02:00
Jouni Malinen
96f5234735 WPS ER: Convert lists to use struct dl_list 2009-12-19 22:14:06 +02:00
Jouni Malinen
45767a9597 WPS: Remove unused net_if copy 2009-12-19 21:58:00 +02:00
Jouni Malinen
eeb49f991b driver_test: Use OS wrappers consistently for memory allocation 2009-12-19 21:49:51 +02:00
Jouni Malinen
fb4baa688b Add memory allocation analyzer to verify OS wrapper use
WPA_TRACE=y builds will now verify that memory allocation in done
consistently using os_{zalloc,malloc,realloc,strdup,free} (i.e., no
mixing of os_* functions and unwrapper functions). In addition, some
common memory allocation issues (double-free, memory leaks, etc.) are
detected automatically.
2009-12-19 21:47:56 +02:00
Jouni Malinen
f45fb672cc eloop: Do not use printf() or fprintf() directly 2009-12-19 20:27:55 +02:00
Jouni Malinen
eaa3f04b97 eloop: Use struct dl_list for timeouts 2009-12-19 20:26:22 +02:00
Jouni Malinen
0456ea16d8 eloop: Remove global user data pointer
This is not really needed since all signal handlers can use a context
pointer provided during signal handler registration.
2009-12-19 19:22:16 +02:00
Jouni Malinen
2988796257 Fix RADIUS client to cancel IPv6 socket read notifications 2009-12-19 18:52:42 +02:00
Jouni Malinen
f481459f5e Fix RADIUS server deinit to cancel timeout for session removal 2009-12-19 18:52:15 +02:00
Jouni Malinen
930f704aac Add backtrace support for debugging
WPA_TRACE=y can now be used to enable internal backtrace support that
will provide more details about implementation errors, e.g., when some
resources are not released correctly. In addition, this will print out
a backtrace automatically if SIGSEGV is received.
2009-12-19 18:40:54 +02:00
Jouni Malinen
1489e11a94 Make struct radius_msg private to radius.c
This is internal data structure for RADIUS message handling and
external code should not touch it directly.
2009-12-19 17:26:57 +02:00
Jouni Malinen
aa235d2ef7 Convert RADIUS message code to use wpabuf internally 2009-12-19 17:12:07 +02:00
Jouni Malinen
9e7245bdb4 Change radius_msg_free() to free the buffer
Since all callers were freeing the buffer immediately anyway, move
this operation into radius_msg_free() to reduce code size.
2009-12-19 16:34:41 +02:00
Jouni Malinen
d94f86d85e RADIUS message initialization cleanup 2009-12-19 16:20:53 +02:00
Jouni Malinen
d04a96b0d6 Add documentation for RADIUS code and some minor cleanup 2009-12-19 16:13:06 +02:00
Jouni Malinen
a9f92c487f WPS: Remove parent pointer from advertisement state machine 2009-12-19 14:51:36 +02:00
Jouni Malinen
158aff0035 WPS: Convert struct advertisement_state_machine to use struct dl_list 2009-12-19 14:46:52 +02:00
Jouni Malinen
ea8f09acb2 WPS: Remove unused struct subscr_addr parent pointer 2009-12-19 14:30:49 +02:00
Jouni Malinen
f1de40f728 WPS: Convert struct wps_event_ to use struct dl_list 2009-12-19 14:29:01 +02:00
Jouni Malinen
ec32c29471 WPS: Convert struct subscription to use struct dl_list 2009-12-19 14:15:43 +02:00
Jouni Malinen
f98b440c47 WPS: Convert struct subscr_addr to use dl_list 2009-12-19 13:47:00 +02:00
Jouni Malinen
dacf478352 Add generic doubly-linked list implementation 2009-12-19 13:43:25 +02:00
Masashi Honma
1c9c03d08d Mac OS X: Fix driver_osx.c build 2009-12-18 21:25:21 +02:00
Snowpin Lee
649b28f9e6 ralink: Add WPS support 2009-12-18 21:04:11 +02:00
Jouni Malinen
a6fc4f3c82 Change Linux driver wrappers to use shared netlink receive code 2009-12-18 18:24:13 +02:00
Jouni Malinen
62d680c3ca netlink: Move more of the newlink/dellink parsing into shared code 2009-12-18 17:49:07 +02:00
Jouni Malinen
f37cf89ccb netlink: Use NLMSG_OK and NLMSG_NEXT macros 2009-12-18 17:22:35 +02:00
Jouni Malinen
08063178fb nl80211/wext: Share netlink new/del link event receive code 2009-12-18 17:11:54 +02:00
Jouni Malinen
e2d02c29b5 driver_nl80211/wext: Share netlink operstate send function
As an initial step in sharing netlink helper functions among driver
wrappers, create a new file for netlink code and move operstate send
function there.
2009-12-18 16:35:33 +02:00
Jouni Malinen
3b31db5199 Fix netlink payload length calculation
nlmsghdr length needs to be removed from payload length. [Bug 341]
2009-12-18 16:14:54 +02:00
Jouni Malinen
67f0112d83 driver_test: Fix AP mode to initialize bss_ctx for first interface 2009-12-16 16:01:54 +02:00
Jouni Malinen
cdc7f66bda Fix driver_nl80211.c build without CONFIG_CLIENT_MLME 2009-12-14 21:13:58 +02:00
Jouni Malinen
d986b1b6c1 OpenSSL: Silence "Failed to read possible Application Data"
This message from tls_connection_handshake() is not really an error in
most cases, so do not show it if there was indeed no Application Data
available (which is a normal scenario and not an indication of any
error).
2009-12-14 16:09:20 +02:00
Jouni Malinen
b57e086cc1 Mark management frame processing functions to use const buffer 2009-12-13 23:25:30 +02:00
Jouni Malinen
ba091c06c5 Mark ieee802_11_parse_elems() input and parsed elems const
In addition, re-order IE pointers and u8 length so that the shorter
length fields are together to allow compiler to optimize structure size.
2009-12-13 23:11:11 +02:00
Jouni Malinen
f8b1f69561 Use generic driver events for TX status and RX reporting
Replace driver wrapper calls to hostapd_tx_status(),
hostapd_rx_from_unknown_sta(), hostapd_mgmt_rx(), and
hostapd_mgmt_tx_cb() with new generic driver events
EVENT_TX_STATUS, EVENT_RX_FROM_UNKNOWN, and EVENT_RX_MGMT.

This cleans up lot of the driver wrapper code to be less dependent
on whether it is being used within wpa_supplicant AP mode or hostapd.
2009-12-13 23:05:39 +02:00
Jouni Malinen
1b648c7e1a nl80211: Remove some of the unnecessary conditional compilation
These functions can be built for both hostapd and wpa_supplicant.
2009-12-13 21:49:53 +02:00
Jouni Malinen
fcf0f87d97 Replace hostapd_button_pushed() with generic driver event 2009-12-13 21:21:10 +02:00
Jouni Malinen
1cd973d501 Replace hostapd_michael_mic_failure() with generic driver event 2009-12-13 21:17:11 +02:00
Jouni Malinen
85cc05110d driver_test: Merge drv->hapd into drv->ctx
A separate struct hostapd_data pointer is not really needed anymore
and the generic context pointer can be used instead.
2009-12-13 18:57:57 +02:00
Jouni Malinen
8043e72589 Add BSS ctx to if_add() driver op
This remove the need from driver_test.c to go through internal hostapd
structures to find the appropriate BSS when reporting events on secondary
BSSes.
2009-12-13 18:54:11 +02:00
Jouni Malinen
0de39516ae Map STA flags into values defined in driver.h
This removes need for including hostapd/sta_flags.h into driver
wrappers and removes any remaining dependencies between driver flags
and internal hostapd flags.
2009-12-13 11:35:39 +02:00
Jouni Malinen
60c8cfb4fb Remove usused flags parameter from sta_add() driver op 2009-12-13 11:05:22 +02:00
Jouni Malinen
c9b9e494fc driver_bsd: Fix build after previous commit 2009-12-12 23:55:09 +02:00
Jouni Malinen
af586419fd Add more WPA/IEEE 802.1X parameters into set_ieee8021x() driver op
This gets rid of the need to touch internal hostapd data structures
directly from the driver wrappers.
2009-12-12 23:50:29 +02:00
Jouni Malinen
ff2a74eeb1 driver_bsd: Fix build (eapol_sm.h is not needed anymore) 2009-12-12 23:33:43 +02:00
Jouni Malinen
e3bd3912ca Change set_ieee8021x driver op to use parameters structure
This makes it easier to extent the set of parameters passed to
this driver wrapper function.
2009-12-12 23:32:44 +02:00
Jouni Malinen
08fd8c15a0 Replace direct driver call to wpa_ft_rrb_rx() with driver event
This avoids need to include hostapd/wpa.h into the driver wrappers.
2009-12-12 22:43:26 +02:00
Jouni Malinen
c779b04ab6 driver_wired: Share multicast membership add/drop function 2009-12-12 22:18:37 +02:00
Jouni Malinen
caf005b0fe driver_wired: Remove unneeded conditional building blocks 2009-12-12 22:07:29 +02:00
Jouni Malinen
50b5bf4eda Remove obsolete Prism54.org driver support (driver_prism54.c)
The Prism54.org project seems have been dead for a while and it does not
look like this driver would ever be maintained again. Furthermore, it is
difficult to find a version that would work with the driver_prism54.c
wrapper and there is another driver for these card in the Linux kernel
tree.

The hostapd integration in driver_prism54.c is quite different from the
other driver wrappers and would require major effort to get it cleaned
up. Since there does not seem to be any real users for the cleaned up
version, there does not seem to be justification to spend this effort on
the wrapper. This old code is making it much more difficult to clean up
the driver interface and at this point, the best option seems to be to
remove the driver wrappers. Should someone really still need this, the
old code will continue to be available in hostapd 0.6.x.
2009-12-12 20:52:12 +02:00
Jouni Malinen
0531006644 driver_wired: Move STA entry processing away from driver wrapper
Get rid of hostapd/sta_info.h dependency by introducing a new driver
callback function for hostapd.
2009-12-12 20:39:25 +02:00
Jouni Malinen
7e683ceeb4 WPS: Handle Selected Registrar as a union of info from all Registrars
Instead of using the latest selected registrar change, collect selected
registrar information separately from all registrars and use the union
of this information when building the WPS IE for Beacon and Probe
Response frames.

Note: SetSelectedRegistrar UPnP action does not include a unique
identifier, so the ER matching routine is based only on the IP address
of the ER. In theory, there could be multiple ERs using the same IP
address (but different port or URL), so there may be some corner cases
that would not always match the correct ER entry at the AP. Anyway, this
is not really expected to occur in normal use cases and even if it did
happen, the selected registrar information is not any worse than it was
before when only the last change from any registrar for being
advertized.
2009-12-12 16:54:59 +02:00
Jouni Malinen
6a029035f5 WPS: Move POST URL validation into web_connection_parse_post()
This is more logical location for checking the URL and potentially
handling a call to another URL handler. In addition, return 404 error,
not invalid UPnP action, if the URL does not match.
2009-12-12 16:48:50 +02:00
Jouni Malinen
ed74dcd512 WPS: Remove an obsolete comment about UPnP actions and callbacks 2009-12-12 16:48:18 +02:00
Jouni Malinen
5e9c730a2b WPS: Remove unnecessary GetDevice and PutMessage callbacks
These callbacks can be handled internally within core WPS code, so there
is no need to go through wps_hostapd.c with a callback function that is
just calling back into the core WPS code.
2009-12-12 16:47:39 +02:00
Jouni Malinen
d0d45d8276 WPS: Remove unnecessary SetSelectedRegistrar callback
This can be handled internally within core WPS code, so there is no
need to go through wps_hostapd.c with a callback function that is just
calling back into the core WPS code.
2009-12-12 16:46:33 +02:00
Jouni Malinen
9008a3e44d Merge get_seqnum_igtk() driver op with get_seqnum()
IEEE 802.11w uses distinct key indexes (4 and 5) so the same
get_seqnum() handler can be used to fetch packet number for both
TKIP/CCMP and BIP(using IGTK).

Since the new get_seqnum_igtk() handler was not actually implemented by
any driver wrapper, this may also fix BIP/IGTK sequence number reporting
with driver_nl80211.c.
2009-12-11 00:15:54 +02:00
Jouni Malinen
90b8c4c5f8 Add Doxygen comments for rest of struct wpa_driver_ops members
All members have now at least minimal documentation.
2009-12-10 21:11:33 +02:00
Jouni Malinen
6fe8296197 Move vendor-specific IE type defines away from driver.h
These are generic IEEE 802.11 defines and do not really need to be in
the driver interface specific header file.
2009-12-10 12:27:46 +02:00
Jouni Malinen
15333707d5 Add more documentation for driver ops 2009-12-10 01:21:01 +02:00
Masashi Honma
bab31499fd EAP-TTLS/PAP: User-Password obfuscation for zero length password
The password in User-Password AVP is padded to a multiple of 16 bytes
on EAP-TTLS/PAP. But when the password length is zero, no padding is
added. It doesn't cause connectivity issue. In fact, I could connect
with hostapd RADIUS server with zero length password.

I think it's better for obfuscation to pad the 16 bytes data when the
password length is zero with this patch.
2009-12-09 23:42:54 +02:00
Jouni Malinen
3484a18a13 hostapd: Remove unused bridge_packets configuration option
There was code for configuring this, but no driver wrapper actually
implements the actual setting. Remove this for now to reduce potential
confusion and to simply the driver interface.
2009-12-09 22:06:43 +02:00
Jouni Malinen
fb7842aa51 Remove struct hostapd_rate_data from driver API
In addition to the bitrate, the only other variable in this structure
is used internally in hostapd. Move this structure into hostapd.h and
make the driver API use simpler data structure (array of bitrates).
2009-12-09 21:57:50 +02:00
Jouni Malinen
217e7eeaf0 Remove unused rate flags from driver use
These are not really used and can be removed to clean up the driver
interface definition. The only remaining flag (HOSTAPD_RATE_BASIC) can
be removed once the basic rate set indication can be handled
differently.
2009-12-09 21:38:14 +02:00
Jouni Malinen
22a7c9d735 Merge bss_add/bss_remove drivers ops into if_add/if_remove
if_add/if_remove can now be used as the generic driver ops for adding
and removing virtual interfaces of various types. In addition,
driver_nl80211.c is now including this code unconditionally, so that
the functions are not limited only for hostapd.
2009-12-09 16:49:28 +02:00
Jouni Malinen
b5996353e7 Remove unused if_update() driver op 2009-12-09 15:47:20 +02:00
Masashi Honma
2a91091e15 Fix driver_bsd.c build
On NetBSD 5.0.1, driver_bsd.c build fails with message below.

../src/drivers/driver_bsd.c: In function 'wpa_driver_bsd_associate':
../src/drivers/driver_bsd.c:1170: warning: implicit declaration of function 'wpa_driver_bsd_set_auth_alg'
../src/drivers/driver_bsd.c: At top level:
../src/drivers/driver_bsd.c:1204: error: static declaration of 'wpa_driver_bsd_set_auth_alg' follows non-static declaration
../src/drivers/driver_bsd.c:1170: error: previous implicit declaration of 'wpa_driver_bsd_set_auth_alg' was here
gmake: *** [../src/drivers/driver_bsd.o] Error 1

This patch solves this issue.
2009-12-07 21:35:35 +02:00
Jouni Malinen
644a8f2208 Remove unused phytype RX info variable 2009-12-06 18:54:58 +02:00
Jouni Malinen
5c90d47657 Move EAP-SIM DB conditional build into hostapd 2009-12-06 18:23:53 +02:00
Jouni Malinen
74784010af Remove conditional no-RADIUS build from src/radius
Make it responsibility of the src/radius user to handle conditional
build rules.
2009-12-06 17:53:59 +02:00
Jouni Malinen
ab7ddc74ad Move asn1_test.c into tests subdirectory and split it in two
The new test-asn1 and test-x509 tools are built using libraries
from src/{utils,crypto,tls}. Currently, cross dependencies between
crypto and tls are still preventing the test-x509 from being linked
properly.
2009-12-06 16:45:36 +02:00
Jouni Malinen
0e574b07f8 Move hlr_auc_gw into hostapd directory
This is a separate program and is used mainly with hostapd, so it is
better to move this into the hostapd subdirectory now that Milenage
code has already been moved into src/crypto. Milenage was the only
generic component in hlr_auc_gw.
2009-12-06 16:33:19 +02:00
Jouni Malinen
912321e935 Add rules for building src/tls/libtls.a and use it with eap_example
eap_example is now using src/crypto/libcrypto.a and src/tls/libtls.a
instead of providing own rules for building the files for these
components. TLS library selection is temporarily disabled for
eap_example (it will be built using internal crypto/TLS), but the
configuration option for this will eventually be restored with a new
libcrypto.a configuration option.
2009-12-06 16:27:54 +02:00
Jouni Malinen
e77e0a8320 Include functionality to support EAP-FAST unconditionally
Clean up the internal TLS implementation by removing conditional
build blocks for (mostly) EAP-FAST specific functionality. This
will increase the size a big for non-EAP-FAST builds, but is quite
helpful in making src/tls/libtls.a with single build options. If
the potential size reduction is considered significant in the future,
this can be reconsider with a more library compatible way (e.g.,
external file with registration function, etc.).
2009-12-06 16:20:32 +02:00
Jouni Malinen
1a70777868 Remove unneeded CONFIG_INTERNAL_X509 and NEED_SHA256 defines 2009-12-06 16:19:13 +02:00
Jouni Malinen
be473f3f09 Split crypto_internal.c into parts to clean up build
This makes it easier to make src/libcrypto.a and only link in
code that is really used.
2009-12-06 14:37:46 +02:00
Jouni Malinen
507d87930c Fix rsn_preauth_scan_result() inline wrapper for no-EAP builds 2009-12-06 14:29:12 +02:00
Jouni Malinen
4bb1228e1c Use thin archives to allow libraries to be merged
This allows libeap.a and libeap.so to be built by merging in multiple
libraries from src subdirectories. In addition, this avoids wasting
extra space and time for local builds.
2009-12-06 13:49:31 +02:00
Jouni Malinen
f721aed4b1 Increase EAP server extra room for encryption overhead (for GnuTLS)
This fixes issues with some GnuTLS versions that seem to be adding
quite a bit of extra data into TLS messages. The EAP server code is
now using the same 300 byte extra room that was already used in the
EAP peer implementation.
2009-12-06 12:02:28 +02:00
Jouni Malinen
127608152e Move EAP method registration away from src/eap_{peer,server}
This makes it easier to make a library out of EAP methods without
losing possiblity of binary size optimization by linker dropping
unreferenced code.
2009-12-06 11:28:41 +02:00
Jouni Malinen
2d106f21aa Remove unnecessary defines
The following defines are not really needed in most places, so
remove them to clean up source code and build scripts:
EAP_TLS_FUNCS
EAP_TLS_OPENSSL
EAP_TLS_GNUTLS
CONFIG_TLS_INTERNAL
2009-12-05 22:51:08 +02:00
Jouni Malinen
36ee258db7 Add forgotten files into libcrypto.a 2009-12-05 22:25:50 +02:00
Jouni Malinen
631afd993f Add rules for building src/crypto as a library
For now, this is hardcoded to support only the internal crypto
implementation.
2009-12-05 22:03:46 +02:00
Jouni Malinen
6a230ba274 Add build rules for building a library from src/utils files
This is an initial step on providing an alternative build system that
uses libraries from src subdirectories.
2009-12-05 21:39:41 +02:00
Jouni Malinen
953f83439b Move Milenage test code into the new tests directory 2009-12-05 21:14:08 +02:00
Jouni Malinen
43df4cc2ca Move milenage.[ch] into src/crypto 2009-12-05 21:00:52 +02:00
Jouni Malinen
1801bd7fae Move base64 test code into a new tests subdirectory 2009-12-05 20:43:07 +02:00
Jouni Malinen
a95795ad61 nl80211: Add extra IEs into IBSS join request
This allows RSN IE to be added into Beacon and Probe Response frames
when using RSN IBSS.
2009-12-04 22:20:59 +02:00
Jouni Malinen
5cc4d64bf2 nl80211: Add support for IBSS networks 2009-12-04 00:15:32 +02:00
Jouni Malinen
362bd35f2d Add more Doxygen documentation for RADIUS server implementation 2009-12-02 21:29:32 +02:00
Jouni Malinen
d72aad942b nl80211: Clear BSS state mismatches with deauth as a workaround
There seem to be some cases in which wpa_supplicant and
cfg80211/mac80211 seem to have different understanding on
authentication/association state. Since cfg80211/mac80211 is very strict
on when it accepts new authentication/association/scan commands, try our
best at clearing such state mismatches by explicitly deauthenticating
from BSSes with which the driver claims we are associated with if we do
not have local information about such association.
2009-12-02 17:54:57 +02:00
Jouni Malinen
e6b8efeba0 nl80211: Add debug prints for BSS status in scan results
Print what the kernel believes the current BSS status (authenticated
or associated) is in scan results. In addition, check whether this
matches with the state that wpa_supplicant believes the driver to be
in.

This does not change the actual behavior, but will provide information
that will help in debugging potential issues where cfg80211/mac80211
seems to get into a different state from wpa_supplicant. In addition,
this provides an easy location for a workaround that could be added to
clear cfg80211/mac80211 state for unknown BSSes.
2009-12-02 16:45:31 +02:00
Jouni Malinen
e0e14a7bc3 Move internal EAPOL authenticator defines into their own file
This is an initial step in further cleaning up the EAPOL authenticator
use to avoid requiring direct accesses to the internal data structures.
For now, number of external files are still including the internal
definitions from eapol_auth_sm_i.h, but eventually, these direct
references should be removed.
2009-11-29 23:16:04 +02:00
Jouni Malinen
03da66bd59 Remove src/crypto from default include path
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.
2009-11-29 23:04:43 +02:00
Jouni Malinen
ffa2a30e33 Add Makefile for the new src/eapol_auth directory 2009-11-29 20:21:25 +02:00
Jouni Malinen
b60d6f61e4 Make HOSTAPD_DUMP_STATE configurable with CONFIG_NO_DUMP_STATE
This removes the hardcoded definition from Makefile and cleans up
source code by moving the mail HOSTAPD_DUMP_STATE blocks into separate
files to avoid conditional compilation within files.
2009-11-29 20:18:47 +02:00
Jouni Malinen
281c950be4 Move EAPOL authenticator state machine into src/eapol_auth
This is now completely independent from hostapd-specific code, so
it can be moved to be under the src tree.
2009-11-29 20:03:28 +02:00
Jouni Malinen
2773ca093e Replace eap_type_text() with EAP server methods function
While this may not include knowledge of all EAP methods since this
depends on build configuration, it is better to not have to include
ieee802_1x.h into eapol_sm.c.
2009-11-29 18:57:15 +02:00
Jouni Malinen
0c3abf8d22 Add driver wrapper callback for WPS push button pressed
This avoids the need to include ../hostapd/wps_hostapd.h into the
driver wrappers.
2009-11-29 18:18:02 +02:00
Jouni Malinen
b8be7f5c03 driver_prism54: Use hostapd_notif_disassoc() instead of private copy 2009-11-29 18:13:15 +02:00
Jouni Malinen
67470d5112 Remove some unneeded header file inclusions 2009-11-29 18:07:08 +02:00
Jouni Malinen
bcd154c343 Include sta_flags.h explicitly, not via sta_info.h 2009-11-29 18:00:39 +02:00
Jouni Malinen
90973fb2fd Remove src/common from default header file path
This makes it clearer which files are including header from src/common.
Some of these cases should probably be cleaned up in the future not to
do that.

In addition, src/common/nl80211_copy.h and wireless_copy.h were moved
into src/drivers since they are only used by driver wrappers and do not
need to live in src/common.
2009-11-29 17:51:55 +02:00
Jouni Malinen
6ae9318536 Split scan processing for RSN preauthentication into parts
This avoids passing the raw scan results into the RSN code and by
doing so, removes the only dependency on src/drivers from the
src/rsn_supp code (or from any src subdirectory for that matter).
2009-11-29 17:06:03 +02:00
Jouni Malinen
120158cc8b Move uuid_gen_mac_addr() from uuid.c into src/wps
This removes the only src/crypto dependency from src/utils files.
2009-11-29 13:15:32 +02:00
Jouni Malinen
197ef6abef nl80211: Remove unneeded header file: ieee802_11_common.h
driver_nl80211.c does not use anything from this header file.
2009-11-29 13:06:44 +02:00
Jouni Malinen
fc4e2d9501 HT: Remove unneeded struct ht_cap_ie wrapper
It is simpler to just use the HT Capabilities IE payload structure
as-is.
2009-11-29 13:04:21 +02:00
Jouni Malinen
3a328c8133 Remove unused/unneeded IEEE 802.11n definitions 2009-11-29 12:43:23 +02:00
Jouni Malinen
be8eb8ab3e Fix AP mode HT Capabilities IE to use A-MPDU Parameters from the driver
Instead of using hardcoded maximum A-MPDU length of 64 kB and no
restrictions on minimum MPDU Start Spacing, use the correct values
reported by the driver.
2009-11-29 12:21:26 +02:00
Jouni Malinen
a49148fd55 Rename HT Capabilities IE fields to match with IEEE Std 802.11n-2009 2009-11-29 12:02:29 +02:00
Jouni Malinen
15ef92d3cc Complete Doxygen documentation for RADIUS client
No more warnings from Doxygen about missing documentation from
radius_client.[ch].
2009-11-29 11:48:28 +02:00
Jouni Malinen
93704f8f95 Remove unused RADIUS client reconfig function
This is not actually used at all and it looks like the rules for
maintaining the old/new RADIUS configuration are not very clear in the
case the RADIUS client configuration did not change. Consequently, it
is better to just remove this for now and if similar functionality is
ever needed, redesign it to be easier to use without causing hard to
find issues with using freed memory.

Simpler approach to reconfiguring the RADIUS client would involve
just deinitializing the old context unconditionally and initializing
a new one whenever the configuration could have changed.
2009-11-28 23:04:35 +02:00
Jouni Malinen
5843e1c9a6 Move acct_interim_interval away from RADIUS client configuration
This is not used at all inside RADIUS client and as such, it belongs
into hostapd configuration.
2009-11-28 23:03:20 +02:00
Jouni Malinen
df1e24aceb Improved Doxygen documentation for RADIUS client code 2009-11-28 23:00:29 +02:00
Jouni Malinen
8d5aca73bb Fix doxygen file level comments 2009-11-28 21:34:14 +02:00
Jouni Malinen
e8f5625c45 Fix doxygen file level comments 2009-11-28 21:14:36 +02:00
Jouni Malinen
ed45947e9b WPS: Update couple of missed Primary Device Type uses 2009-11-26 11:54:37 +02:00
Jouni Malinen
96750ea5e5 WPS: Clean up Primary Device Type handling
Use shared functions for converting Primary Device Type between binary
and string formats. In addition, use array of eight octets instead of a
specific structure with multiple fields to reduce code complexity.
2009-11-26 11:39:29 +02:00
Jouni Malinen
8e2c104fa1 Resolve some sparse warnings
Mainly, this is including header files to get definitions for functions
which is good to verify that the parameters match. None of these are
issues that would have shown as incorrect behavior of the program.
2009-11-25 00:57:00 +02:00
Jouni Malinen
ec8d20187d Remove obsoleted get_scan_results() driver_ops
This has now been replaced with get_scan_results2() in every
in-tree driver.
2009-11-23 21:33:37 +02:00
Jouni Malinen
c2e8d0a092 Remove deprecated scan and set_probe_req_ie driver_ops
These have been replaced with scan2 driver_ops that provides all
parameters in a single call.
2009-11-23 21:13:46 +02:00
Jouni Malinen
4a867032ae Remove deprecated driver_ops handlers
This gets rid of previously deprecated driver_ops handlers set_wpa,
set_drop_unencrypted, set_auth_alg, set_mode. The same functionality
can be achieved by using the init/deinit/associate handlers.
2009-11-23 20:22:38 +02:00
Jouni Malinen
e90bba4c59 Add cleared deprecation notes on iwl,ndiswrapper,madwifi(sta) wrappers
These driver wrappers should not be used anymore; WEXT should be used
instead. However, there may still be users stuck on older kernel versions
that may require driver specific wrappers, so the source code still
remains in the repository.
2009-11-23 17:08:59 +02:00
Jouni Malinen
642187d6bf Merge set_key and hapd_set_key driver_ops into a single function 2009-11-23 16:58:32 +02:00
Jouni Malinen
fd7a5dd15f Move HOSTAPD_MTU definition into driver_hostap.c
This moves the MTU definition into driver_hostap.c since it was really
meant to be specific to this driver. Since this was the last remaining
definition in hostapd_defs.h, remove that header file as unnecessary.
2009-11-23 16:21:07 +02:00
Jouni Malinen
0715247aa8 Remove unneeded set-MTU operation from drivers
This code was copied from driver_hostap.c where it is used with the
special wlan#ap interface. It was not supposed to be used to change
the MTU for a normal data interface.
2009-11-23 16:17:41 +02:00
Jouni Malinen
d994a9b54e Move definitions away from hostapd_defs.h
Clean up definitions to reduce need to include header files from the
hostapd directory into files under the src subdirectories.
2009-11-23 16:14:39 +02:00
Jouni Malinen
c1bb3e0a62 nl80211: Build some client functionality unconditionally
Even though this makes the hostapd version a bit larger, the code will
be easier to maintain with the reduced number of complex ifdef blacks.
2009-11-23 15:40:29 +02:00
Jouni Malinen
dbb2618300 nl80211: Remove last remaining WEXT code
Clean up driver_nl80211.c by gettign rid of the last remaining WEXT use.
This requires that a recent mac80211 version is used to get full protection
in station mode via the authorized flag (IEEE 802.1X PAE).
2009-11-23 15:30:05 +02:00
Jouni Malinen
5d67487244 Merge set_beacon driver_ops into a single one
Clean up driver interface by merging hostapd and wpa_supplicant
specific set_beacon driver_ops into a single one. In addition,
merge set_beacon_int into to the same operation.
2009-11-23 15:26:05 +02:00
Jouni Malinen
3c2166d63c WPS: Do not try to send byebye advertisements if socket is not valid
If initialization fails, we could potentially try to sendto() on -1
socket which would fail. No point in doing that, so just return early
from the function.
2009-11-21 22:00:33 +02:00
Jouni Malinen
3617d81a70 Fix a typo in a comment 2009-11-21 21:13:19 +02:00
Jouni Malinen
55d0b0831e OpenSSL: Remove unneeded MinGW CryptoAPI compat code
The current MinGW/w32api versions seem to provide all the needed CryptoAPI
functions, so the code for loading these dynamically from the DLL can be
removed.
2009-11-21 20:33:41 +02:00
Jouni Malinen
e3992c3381 GnuTLS: Fix compilation with newer GnuTLS versions
Avoid duplicate defination of TLS_RANDOM_SIZE and TLS_MASTER_SIZE.
2009-11-21 20:23:58 +02:00
Jouni Malinen
6d798e8b7e Fix strict aliasing issue with the internal SHA-1 implementation
Need to define the workspace buffer properly to allow compiler to handle
strict aliasing between the incoming unsigned char[64] buffer as an u32
array. The previous version built with strict aliasing enabled can
result in SHA-1 producing incorrect results and consequently, with
4-way handshake failing.

This is based on a report and patch from Dan Williams <dcbw@redhat.com>
but with a different type (the union) used as a fix to avoid needing
extra type casting.

Discovered as part of the investigation of:

https://bugzilla.redhat.com/show_bug.cgi?id=494262#c32

if sha1 is built with gcc without turning off strict aliasing, it will
fail to correctly generate the hashes and will fail its own testcases as
well.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2009-11-21 20:17:24 +02:00
Jouni Malinen
11ff95783e WPS ER: Deinitialize protocol instance with STA after completion
In addition, remove the WPS ER Enrollee entry 10 seconds after
successful completion of the protocol run.
2009-11-21 18:39:12 +02:00
Jouni Malinen
a34a330706 WPS ER: Use random event identifier in event URL
This avoids some issues in cases where the ER has been started and
stopped multiple times on the same address and an AP may have stored
multiple event notification addresses for the same ER. The random
identifier allows the ER to filter out unexpected messages from further
processing.
2009-11-21 18:15:37 +02:00
Jouni Malinen
3f6dc111ff WPS: Cleanup subscription URL list handling
Do not give the allocated memory to the subscription code since it was
not using it as-is anyway. This makes it easier to understand who owns
the allocation an is responsible of freeing it. This may potentially
fix some memory leaks on error paths.
2009-11-21 18:06:02 +02:00
Jouni Malinen
ec72bd0c77 WPS ER: Move SSDP functionality into a separate file 2009-11-21 17:26:23 +02:00
Jouni Malinen
e694b34474 WPS ER: Add more AP information into the ctrl_interface message
This allow wpa_gui to show AP BSSID, WPS State (configured/unconfigured),
and primary device type.
2009-11-21 13:34:23 +02:00
Jouni Malinen
c3016248f4 WPS ER: Fetch AP's M1 to learn device type and WPS state 2009-11-21 13:13:02 +02:00
Jouni Malinen
52a45d20dd WPS ER: Use (addr,UUID) as the key for AP entries
This allows multiple WPS AP instances to be supported per IP address.
2009-11-21 12:51:40 +02:00
Jouni Malinen
7a082a83f0 WPS ER: Stop AP unlink loop on match
There is no need to continue through the list after this, since the
same AP entry can only be listed once.
2009-11-21 12:18:24 +02:00
Jouni Malinen
6a1e492a81 WPS ER: Move STA entry unlinking into a separate function 2009-11-21 12:18:03 +02:00
Jouni Malinen
7c04d5ec6c WPS ER: Fix AP entry freeing on timeout
Must unlink the entry first before trying to remove it to avoid
leaving behind pointers to freed memory.
2009-11-21 12:12:49 +02:00
Jouni Malinen
b3f371cabf WPS ER: Refresh ER data on WPS_ER_START when already started
This sends out the AP and Enrollee notifications for all tracked
devices and generates a new SSDP search to find more APs.
2009-11-20 21:57:30 +02:00
Jouni Malinen
7c009db2a6 WPS ER: Fix Enrollee entry freeing on timeout
Must unlink the entry first before trying to remove it to avoid
leaving behind pointers to freed memory.
2009-11-20 21:56:39 +02:00
Jouni Malinen
a3c6598fcd Add 'none' driver as an option for wpa_supplicant
This can be used, e.g., with WPS ER when no network interface is
actually used for IEEE 802.1X or wireless operations.
2009-11-20 21:12:49 +02:00
Jouni Malinen
4bdd556886 WPS: Fix MAC Address inside Credential be that of Enrollee's
The WPS 1.0h specification is quite unclear on what exactly should be
used as the MAC Address value in the Credential and AP Settings. It
looks like this should after all be the MAC Address of the Enrollee,
so change Registrar implementation to use that address instead of the
AP BSSID.

In addition, add validation code to the Enrollee implementation to
check the MAC Address value inside Credential (and also inside AP Settings)
to make sure it matches with the Enrollee's own address. However, since
there are deployed implementations that do not follow this interpretation
of the spec, only show the mismatch in debug information to avoid breaking
interoperability with existing devices.
2009-11-19 00:31:57 +02:00
Jouni Malinen
62fa124ce2 nl80211/SME: Use reassociation when roaming within the ESS 2009-11-17 19:25:05 +02:00
Jouni Malinen
33417cd75c WPS ER: Clear WPS protocol run on PutMessage failure 2009-11-15 22:56:39 +02:00
Jouni Malinen
2c073ad43d WPS ER: Deinit WPS protocol data when freeing AP entry 2009-11-15 22:53:10 +02:00
Jouni Malinen
cef4652f2c WPS ER: Use learnt AP settings to build credentials for an Enrollee 2009-11-15 22:46:30 +02:00
Jouni Malinen
e64dcfd54b WPS ER: Add command for fetching current AP settings 2009-11-15 22:27:06 +02:00
Jouni Malinen
82b857ec0b WPS: Determine the OpCode based on message type attribute (UPnP)
This allows WSC_ACK and WSC_NACK to be processed correctly in the AP
when operating as an Enrollee with an ER over UPnP transport.
2009-11-15 22:23:49 +02:00
Jouni Malinen
f6d23cfd9e WPS ER: Do not try to process AP Settings in proxied M7 to ER
In this case, the Enrollee is not an AP, so do not try to process
AP Settings in M7.
2009-11-15 18:54:37 +02:00
Jouni Malinen
564cd7fa2c WPS ER: Add preliminary PBC support
This will need some additional code in wps_er_pbc() to handle PBC mode
enabling for a single AP only. For now, this can only be expected to work
when the ER is connected to a single AP.
2009-11-15 18:46:03 +02:00
Jouni Malinen
5d34ab644d WPS ER: Only send Enrollee notification on Probe Request and M1
No need to do this for M3..M7 or NACK/ACK/Done messages.
2009-11-15 18:29:19 +02:00
Jouni Malinen
b78bc3a37e WPS ER: Add ctrl_iface notifications for AP/Enrollee add/remove 2009-11-15 12:07:27 +02:00
Jouni Malinen
462adee5fe WPS ER: Store AP UUID in binary format for future use 2009-11-15 11:07:20 +02:00
Jouni Malinen
fcac668faa WPS: Use a dummy WSC_ACK as WLANEvent as the initial event if needed
UPnP device architecture specification requires all evented variables to
be included in the initial event message after subscription. Since this
can happen before we have seen any events, generated a dummy event
(WSC_ACK with all-zeros nonces) if needed.
2009-11-15 01:11:28 +02:00
Jouni Malinen
44577e4c2e WPS: Send SSDP byebye notifications when stopping UPnP advertisements
This will notify control points of the services going away and allows
them to notice this without having to wait timeout on the
initial advertisements.
2009-11-15 00:46:58 +02:00
Jouni Malinen
d806a5588e WPS: Remove derivation of management keys
MgmtAuthKey and MgmtEncKey were not used for anything and are unlikely
to ever be used, so better remove the code to reduce binary size.
2009-11-14 14:18:15 +02:00
Jouni Malinen
00785aba71 WPS: Remove unused WFA WLANConfig Service actions
This removes following WFA WLANConfig Service actions and the related
state variables: GetAPSettings, SetAPSettings, DelAPSettings,
GetSTASettings, SetSTASettings, DelSTASettings, RebootAP,
ResetAP, RebootSTA, ResetSTA.

While WFA WLANConfig Service version 1.0 claims that some of these are
mandatory to implement for an AP, there are no known implementations
supporting these actions neither in an AP/proxy or an External Registrar
that would use them. These are unlikely to be supported in the future
either and as such, it is just simpler to get rid of them to clean up
the implementation and reduce code size.
2009-11-14 14:08:58 +02:00
Jouni Malinen
7ec2e26ddf WPS ER: Fix Op-Code for WSC_{ACK,NACK,Done}
When using UPnP transport, the Op-Code is not included, but the WPS
frame processing will need this. Generate a matching Op-Code based
on the message type.
2009-11-13 22:40:27 +02:00
Jouni Malinen
ed835e539b WPS: Fix AP to proxy WSC_NACK to ER 2009-11-13 22:40:07 +02:00
Jouni Malinen
04f5d74077 WPS: Fix OpCode when proxying WSC_ACK or WSC_NACK from ER
Previously, WSC_MSG was hardcoded for every message from ER, but
this needs to be changed based on message type to send a valid
message to the Enrollee via EAP transport.
2009-11-13 22:29:31 +02:00
Jouni Malinen
72df2f5fc6 WPS ER: Add PIN configuration and SetSelectedRegistrar call
New PINs can now be added to WPS ER. This results in the ER code
using SetSelectedRegistrar to modify AP state so that Enrollees
will be able to notice the actice registrar more easily.
2009-11-13 22:07:11 +02:00
Jouni Malinen
d64d9ddf6c WPS: Fix http_link_update() to nul terminate the result 2009-11-13 22:05:11 +02:00
Jouni Malinen
ecc6d04b89 WPS ER: Add PutWLANResponse generation and transmission
This allows the M2D message to be transmitted as a response to the
Enrollee via the proxying AP.
2009-11-12 01:24:50 +02:00
Jouni Malinen
b345031997 WPS ER: Add STA/Enrollee entries and start processing EAP messages
This keeps STA/Enrollee entries up to date and sets up registration
protocol session. M1 is processed and M2D generated, but the there
is no code yet to transmit the response back to the AP with
PutWLANResponse.
2009-11-11 23:50:17 +02:00
Felix Fietkau
6980c19127 hostapd: fix AP mode initialization for nl80211
Always bring down the wlan interface, even when not changing the
BSSID, the interface also needs to be down for changing its type
from managed to AP mode.
2009-11-11 16:47:01 +02:00
Jouni Malinen
dc6d9ac250 WPS ER: Parse WLANEvent notifications and send HTTP response
The receive Probe Request and EAP-WSC notifications are now parsed
(including the TLVs in them) and contents is shown in the debug log.
Actual processing of the received information is still missing (TODO
comments indicate the needed functionality).
2009-11-11 00:23:22 +02:00
Jouni Malinen
feae037c25 driver_prism54: Use os_zalloc instead of malloc to clear memory
This will make sure the full buffer is initialized even if some
fields were not explicitly set.
2009-11-10 17:08:33 +02:00
Jouni Malinen
6689218ec7 Fix comparison to use correct symbol name (__rand vs. rand)
rand would be the address of rand() function and never NULL. The previous
version could have crashed on invalid AKA-AUTS command. Though, these
commands are only from hostapd which sends valid requests and as such,
the actual issue did not show up.
2009-11-10 16:51:59 +02:00
Jouni Malinen
69856fadf7 Add wpa_msg_ctrl() for ctrl_interface-only messages
This is like wpa_msg(), but the output is directed only to
ctrl_interface listeners. In other words, the output will not be
shown on stdout or in syslog.

Change scan result reporting to use wpa_msg_ctrl() for
CTRL-EVENT-SCAN-RESULTS message at info level and wpa_printf() at
debug level to avoid showing scan result events in syslog in the
common configuration used with NetworkManager.
2009-11-10 15:59:41 +02:00
Jouni Malinen
efa6481438 WPS: Fixed printf size_t warning on 32-bit builds 2009-11-10 11:30:11 +02:00
Jouni Malinen
097c7b3723 WPS ER: Subscribe to UPnP events
This adds code to start a HTTP server and to subscribe to UPnP events
from each discovered WPS AP. The event messages are received, but there
is not yet any code to actually parse the contents of the event.
2009-11-09 20:01:50 +02:00
Jouni Malinen
875a4e5936 WPS: Read HTTP request within HTTP server code
This removes HTTP related code from wps_upnp_web.c and makes it easier
to use HTTP server functionality for new uses (e.g., WPS ER).
2009-11-08 22:33:34 +02:00
Jouni Malinen
b905c4a398 WPS: Add HTTP server module
Clean up code so that UPnP implementation does not need to include all
the HTTP functionality. In addition, make it easier to share HTTP server
functionality with other components in the future.
2009-11-08 17:26:55 +02:00
Jouni Malinen
585774f28a WPS ER: Fetch and parse device description 2009-11-08 16:46:03 +02:00
Jouni Malinen
0b40d03394 WPS: Move generic UPnP XML helper functionality into a separate file 2009-11-08 14:06:01 +02:00
Jouni Malinen
092794f480 WPS: Add HTTP client module to clean up code
Instead of implementing HTTP client functionality inside
wps_upnp_event.c, use a generic HTTP client module to do this. The HTTP
client code can now be shared more easily for other purposes, too.
2009-11-08 12:35:37 +02:00
Jouni Malinen
b02ee4a228 WPS: Mark functions static
These functions are used only within wps_upnp_event.c.
2009-11-07 17:04:19 +02:00
Jouni Malinen
e9bcfebfce WPS: Add initial part of External Registrar functionality
This is the first step in adding support for using wpa_supplicant as a
WPS External Registrar to manage APs over UPnP. Only the device
discovery part is implemented in this commit.
2009-11-07 12:41:01 +02:00
Jouni Malinen
08eb154db5 Fix MCS set field to be based on driver info
Instead of using hardcoded Rx MCS bitmask (indexes 0..15 enabled),
use the real information from the driver capabilities.
2009-11-05 12:38:47 +02:00
Jouni Malinen
5a641ae01e Use type-punning to avoid breaking strict aliasing rules
While the actual use here would be unlikely to be broken by any C
optimization, it is better to use explicit union construction to let
gcc know about the aliasing and avoid warnings from gcc 4.4.
2009-11-05 12:11:49 +02:00
Jouni Malinen
0ae7b08691 Work around some gcc 4.4 strict-aliasing warnings
gcc 4.4 ends up generating strict-aliasing warnings about some very common
networking socket uses that do not really result in a real problem and
cannot be easily avoided with union-based type-punning due to struct
definitions including another struct in system header files. To avoid having
to fully disable strict-aliasing warnings, provide a mechanism to hide the
typecast from aliasing for now. A cleaner solution will hopefully be found
in the future to handle these cases.
2009-11-04 19:49:14 +02:00
Jouni Malinen
eb999fefcb Add Xcode project file for building wpa_supplicant 2009-11-02 19:37:46 +02:00
Andriy Tkachuk
72ffc08242 WPS: SelectedRegistrar expiration for internal PIN registrar
Though we have such a timeout when handling SetSelectedRegistrar UPnP
message from an external registrar, it looks like we don't have one when
the internal registrar is activated for PIN connection. Thus we set the
SelectedRegistrar flag when AP is activated for PIN connection but we
never reset it - not by some timeout, nor when registration succeeds.
This lead to situations where AP everlastingly declare that it is
activated for WPS PIN connection when in reality it is not.

Use the same timeout (and also success with PIN) to clear the selected
registrar flag when using internal registrar, too.
2009-11-01 22:19:02 +02:00
Jouni Malinen
2e71444516 WPS: Abort ongoing PBC protocol run if session overlap is detected
If PBC session overlap is detected during an ongoing PBC protocol run,
reject the run (if M8, i.e., credentials, have not yet been sent). This
provides a bit longer monitoring time at the Registrar for PBC mode to
catch some cases where two Enrollees in PBC mode try to enroll
credentials at about the same time.
2009-11-01 21:59:30 +02:00
Oleg Kravtsov
63330c6832 WPS: Add PBC overlap and timeout events from WPS module
This provides information about PBC mode result from the WPS Registrar
module. This could be used, e.g., to provide a user notification on the
AP UI on PBC failures.
2009-11-01 21:26:13 +02:00
Jouni Malinen
7e3a67514f WPS: Use Config Error 12 to indicate PBC overlap in M2D
If PBC session overlap is detected between button press on the registrar
and M1 is reception, report session overlap with the Config Error
attribute in M2D to the Enrollee.
2009-11-01 20:57:36 +02:00
Jouni Malinen
e5fc45d7ae Fix dbus build without EAP 2009-10-22 11:11:53 -07:00
Jouni Malinen
08d38568df Move shared MD5/SHA-1 internal definitions into header files 2009-10-17 12:55:12 +03:00
Jouni Malinen
1e8c857abe Move shared DES definitions into a header file 2009-10-17 12:53:27 +03:00
Jouni Malinen
f1739bac4f Move PKCS# {1,5,8} functionality into separate files
This functionality fits better with src/tls (i.e., internal TLS
implementation), so move it there to make crypto_internal.c more
of a wrapper like other crypto_*.c files.
2009-10-17 12:48:55 +03:00
Jouni Malinen
3af9f2983c TLS: Replace set_key helpers to return key instead of status code
The status code was not being used anyway, so it is simpler to
just return the key as is done in crypto functions.
2009-10-17 12:15:46 +03:00
Jouni Malinen
3f4ed97a70 Add support for PKCS #5 encrypted PKCS #8 keys with internal crypto
Private keys can now be used in either unencrypted or encrypted
PKCS #8 encoding. Only the pbeWithMD5AndDES-CBC algorithm (PKCS #5)
is currently supported.
2009-10-17 12:06:36 +03:00
Jouni Malinen
506b45ed22 Add DES-CBC support into internal crypto implementation 2009-10-17 12:05:06 +03:00
Jouni Malinen
8ef74414fc Internal TLS: Add support for unencrypred PKCS#8 private keys in PEM
Recognize the PEM header "BEGIN PRIVATE KEY" as base64-decode the data
to be able to use PEM encoded, unencrypted PKCS#8 private keys with the
internal TLS implementation. Previously, only DER encoding of the
PKCS#8 private key was supported.
2009-10-16 22:00:45 +03:00
Jouni Malinen
43fb529750 Add AP mode WPA status into ctrl_iface 2009-10-16 18:35:45 +03:00
Jouni Malinen
20bd9547a1 Add ctrl_iface events for AP mode STA connect/disconnect
These are used to notify ctrl_iface monitors when a STA completes
connection (the port becomes authorized) and when a STA disconnects.
2009-10-16 17:51:49 +03:00
Jouni Malinen
278da1b52a openssl: Allow build with OpenSSL 0.9.7
OpenSSL 0.9.7 does not include get_rfc3526_prime_1536() function, so
provide that functionality internally if needed. In addition, make
sha256_vector() building depend on whether SHA256 support is included
in the OpenSSL library. This with CONFIG_INTERNAL_SHA256=y in .config
allows OpenSSL without SHA256 support to be used.
2009-10-16 15:57:17 +03:00
Jouni Malinen
d8130bdf13 openssl: Mark openssl_digest_vector() static 2009-10-16 15:54:52 +03:00
Masashi Honma
9b336bcef0 DragonFly BSD: Fix driver_bsd.c build
Both hostapd/wpa_supplicant compilation fails on DragonFly BSD.

This patch solves this issue.

I have tested only compilation. Not functionality.
Because I don't have any device which can work on DragonFly BSD.
2009-10-12 09:56:57 +03:00
Jouni Malinen
6d6f4bb87f nl80211: Work around mac80211 limitation on (re)auth when authenticated
mac80211 does not currently allow (re)authentication when we are already
authenticated. In order to work around this, force deauthentication if
nl80211 authentication command fails with EALREADY. Unfortunately, the
workaround code in driver_nl80211.c alone is not enough since the
following disconnection event would clear wpa_supplicant authentication
state. To handle this, add some code to restore authentication state
when using userspace SME.

This workaround will hopefully become unnecessary in some point should
mac80211 start accepting new authentication requests even when in
authenticated state.
2009-10-12 09:39:55 +03:00
Jouni Malinen
34c9910dc7 Fix EAP-AKA server build without EAP-SIM 2009-10-11 22:23:05 +03:00
Jouni Malinen
38b462868c Clean up crypto makefile segments
Reorganize the TLS/crypto library segments into a single set of blocks
for each library instead of multiple locations handling library-specific
operations. Group crypto functionality together and get wpa_supplicant
and hostapd Makefile closer to eachother in order to make it easier to
eventually move this into a shared makefile.
2009-10-11 22:04:29 +03:00
Jouni Malinen
f042122a57 Allow the internal DH implementation to be overridden
Crypto library wrappers can now override the internal DH (group 5)
implementation. As a starting point, this is done with OpenSSL. The
new mechanism is currently available only for WPS (i.e., IKEv2 still
depends on the internal DH implementation).
2009-10-11 19:17:22 +03:00
Jouni Malinen
dd01b1ff9d Include only the used DH groups in the build
This reduces the binary size by 3 kB or so when WPS is included in
the build, but IKEv2 is not.
2009-10-11 15:24:40 +03:00
Jouni Malinen
b3ad11bb80 nl80211: Add parsing of NL80211_BSS_SEEN_MS_AGO into scan results 2009-10-01 17:53:22 +03:00
Jouni Malinen
d942a79e6a nl80211: Recognize NL80211_CMD_TRIGGER_SCAN events
Replace "nl80211: Ignored unknown event (cmd=33)" with
"nl80211: Scan trigger" to make debug output clearer. We do not
currently do anything with this event apart from showing it in
the debug log.
2009-10-01 13:58:17 +03:00
Jouni Malinen
ebf214e670 NSS: Implement TLS PRF using new TLS extractor interface
This allows NSS to be used to derive EAP-TLS/PEAP/TTLS keying material.
NSS requires a patch from
https://bugzilla.mozilla.org/show_bug.cgi?id=507359
to provide the new API. In addition, that patch needs to be modified to
add the 16-bit context length value in SSL_ExportKeyingMaterial() only if
contextlen != 0 in order to match with the EAP-TLS/PEAP/TTLS use cases.
This issue seems to be coming from the unfortunate incompatibility in
draft-ietf-tls-extractor-07.txt (draft-ietf-tls-extractor-00.txt would
have used compatible PRF construction).

At this point, it is unclear how this will be resolved eventually, but
anyway, this shows a mechanism that can be used to implement EAP key
derivation with NSS with a small patch to NSS.
2009-09-30 20:12:32 +03:00
Author: Johannes Berg
1c766b094a nl80211: Fix a typo in set_sta_vlan()
The VLAN interface index needs to use NL80211_ATTR_STA_VLAN. It was
adding a duplicate NL80211_ATTR_IFINDEX.
2009-09-30 19:23:52 +03:00
Jouni Malinen
289ffc2b61 Add preliminary version of NSS TLS/crypto wrapper for wpa_supplicant
This brings in the first step in adding support for using NSS
(Mozilla Network Security Services) as the crypto and TLS library
with wpa_supplicant. This version is able to run through EAP-PEAP
and EAP-TTLS authentication, but does not yet implement any
certificate/private key configuration. In addition, this does not
implement proper key fetching functions either, so the end result
is not really of much use in real world yet.
2009-09-29 01:21:09 +03:00
Masashi Honma
f335c69e14 DragonFly BSD: Fix wired IEEE 802.1X
On DragonFly BSD, wired IEEE 802.1X fails with this message:
ioctl[SIOC{ADD/DEL}MULTI]: Invalid argument

This patch solves this issue.

I have tested with these:
OS : DragonFly BSD 2.4.0
EAP : EAP-TLS
Switch : Cisco Catalyst 2950
2009-09-28 16:10:02 +03:00
Masashi Honma
40e107c129 Mac OS X: Fix wired IEEE 802.1X 2009-09-26 19:29:03 +03:00
Jouni Malinen
2aa5f84709 nl80211: Use defines for NL80211_KEY_CIPHER values 2009-09-15 11:23:48 +03:00
Jouni Malinen
d723bab4b3 Revert "nl80211: Share the same routine for NL80211_ATTR_KEY_CIPHER setup"
This reverts commit 5aa9cb5cca.

The nested key attribute is using different attribute values
(NL80211_KEY_* vs. NL80211_ATTR_KEY_*), so cannot share the same routine
for these purposes..
2009-09-15 11:21:25 +03:00
Jouni Malinen
5aa9cb5cca nl80211: Share the same routine for NL80211_ATTR_KEY_CIPHER setup 2009-09-15 10:54:41 +03:00
Johannes Berg
0194fedb46 driver_nl80211: Fix MLME key settings for static WEP
Current wpa_supplicant has a bug with WEP keys, it adds a zero-length
sequence counter field to netlink which the kernel doesn't accept.

Additionally, the kernel API slightly changed to accept keys only when
connected, so we need to send it the keys after that. For that to work
with shared key authentication, we also include the default WEP TX key
in the authentication command.

To upload the keys properly _after_ associating, add a new flag
WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE indicating that the driver
needs the keys at that point and not earlier.
2009-09-15 10:48:30 +03:00
Jouni Malinen
611ed49118 Add parsed information from WPS IE(s) into scan results
This makes it easier for external programs to show WPS information
since they do not need to parse the WPS IE themselves anymore.
2009-09-11 17:14:49 +03:00
Jouni Malinen
e9a2bca6f5 WPS: Add parsing of AP Setup Locked attribute 2009-09-11 17:13:59 +03:00
Jouni Malinen
6e4f461270 Fix driver_test for hostapd
Commit 0b55b934ee broke this by not
initializing drv->ap = 1 in hostapd case since the mode updating
code ended up unlinking the socket file. Setting drv->ap = 1
removes the mode change and as such, unlinking of the socket file.
2009-09-11 16:45:34 +03:00
Jouni Malinen
abad3ccb1e Convert WPS IE concat routine to a generic helper
This may also be needed in wpa_supplicant and potentially for other
IE types, too.
2009-09-11 16:36:59 +03:00
Jouni Malinen
630a843f59 driver_test: Update BSS data when using wpa_supplicant AP mode 2009-09-11 00:22:35 +03:00
Jouni Malinen
0b55b934ee driver_test: Implement set_mode for wpa_supplicant AP deinit 2009-09-11 00:17:35 +03:00
Jouni Malinen
86e9f093a0 driver_test: Preliminary support for wpa_supplicant AP functionality 2009-09-10 17:41:29 +03:00
Jouni Malinen
5d5b99ecd3 driver_test: Share the same deinit() for hostapd and wpa_supplicant 2009-09-10 17:03:51 +03:00
Jouni Malinen
c6f726748d driver_test: Merge socket_dir into test_dir 2009-09-10 16:52:03 +03:00
Jouni Malinen
5ae8964079 driver_test: Some additional merging of send_mlme 2009-09-10 16:48:10 +03:00
Jouni Malinen
133032e7bd driver_test: Claim AP mode capability for wpa_supplicant 2009-09-10 16:30:35 +03:00
Jouni Malinen
ac48db0f2b driver_test: Build most of code in unconditionally
It is simpler to just build in all the test driver code regardless
of whether this is for hostapd or wpa_supplicant (which will eventually
get AP mode support with driver_test, too).
2009-09-10 16:28:47 +03:00
Jouni Malinen
41aeddf99a driver_test: Merge wpa_supplicant and hostapd data structures
There is no real need to keep these in separate data structures with
different names.
2009-09-10 16:18:04 +03:00
Alex Badea
7598210b79 radius_server: clean up completed sessions sooner
radius_server_encapsulate_eap() resets sess->eap->if->eap{Success,Fail}
to FALSE, such that the completion condition is never true.

The net effect is that completed sessions would linger for
RADIUS_SESSION_TIMEOUT seconds.

Signed-off-by: Alex Badea <vamposdecampos@gmail.com>

Previously, the default settings allowed 100 sessions in 60 seconds.
With this fix, the default limit is now 100 sessions per 10 seconds.
[Bug 329]
2009-09-09 23:54:03 +03:00
Jouni Malinen
2678509dec WPS: Store device info and make it available through AP ctrl_iface
Store a copy of device attributes during WPS protocol run and make it
available for external programs via the control interface STA MIB
command for associated stations. This gives access to device name and
type which can be useful when showing user information about associated
stations.
2009-09-07 22:09:13 +03:00
Jouni Malinen
52eb293dd2 WPS: Add support for AP reconfiguration with wps_reg
wpa_supplicant can now reconfigure the AP by acting as an External
Registrar with the wps_reg command. Previously, this was only used
to fetch the current AP settings, but now the wps_reg command has
optional arguments which can be used to provide the new AP
configuration. When the new parameters are set, the WPS protocol run
is allowed to continue through M8 to reconfigure the AP instead of
stopping at M7.
2009-09-06 13:58:15 +03:00
Jouni Malinen
7da2c5276d nl80211: Ignore connect/roam/disconnect events when using SME
Getting double association/disassociation events can get core code
confused, so better filter out the extra events.
2009-09-04 16:39:41 +03:00
Zhu Yi
cfaab58007 nl80211: Connect API support
If the driver does not support separate authentication and association
steps, use the connect API instead.
2009-09-03 21:31:29 +03:00
Zhu Yi
da72a1c1ae nl80211: Add connect/disconnect event processing 2009-09-03 20:39:59 +03:00
Zhu Yi
93d1140077 nl80211: Check whether the driver support separate auth/assoc commands
This is an initial step in adding support for the new connect command.
For now, we just add the capability query. The actual use of the new
command will be added separately.
2009-09-03 20:36:09 +03:00
Zhu Yi
8d6ca17813 nl80211: Use defines for cipher suite selectors 2009-09-03 20:21:18 +03:00
Masashi Honma
80cc6bf6d0 OpenBSD: wired IEEE 802.1X for OpenBSD
This is a patch for OpenBSD wired IEEE 802.1X. This is only for wired,
not wireless, because OpenBSD uses wpa_supplicant only on wired now.

http://www.openbsd.org/cgi-bin/cvsweb/ports/security/wpa_supplicant/

I have tested with these.
OS : OpenBSD 4.5
EAP : EAP-TLS
Switch : CentreCOM 8724SL
2009-08-26 23:40:51 +03:00
Masashi Honma
fe23eb5696 WPS: Aggregate deinit calls in WPS OOB
In WPS OOB, deinit_func() is called from 3 locations.
This patch aggregates these to one.
2009-08-26 23:34:54 +03:00
Witold Sowa
3a57305f10 Fix a bug with ap_rx_from_unknown_sta() recursion
ap_rx_from_unknown_sta was going into infinite recursion,
or could even crash because of corrupted pointer cast.
2009-08-26 20:18:24 +03:00
Jouni Malinen
335ce76b1c nl80211: Use two sockets to avoid mixing command replies with events
Previously, both the command replies and unsolicited events were
received from the same socket. This could cause problems if an event
message is received between a command and the response to that command.
Using two sockets avoids this issue.
2009-08-26 12:10:50 +03:00
Jouni Malinen
5cd89c26f9 Disable PMTU discovery for RADIUS packets (sent them without DF)
When Linux has Path MTU discovery enabled, it sets by default the DF bit
on all outgoing datagrams, also UDP ones. If a RADIUS message is bigger
than the smallest MTU size to the target, it will be discarded.

This effectively limits RADIUS messages to ~ 1500 Bytes, while they can
be up to 4k according to RFC2865. In practice, this can mean trouble
when doing EAP-TLS with many RADIUS attributes besides the EAP-Message.
[Bug 326]
2009-08-23 21:32:27 +03:00
Stefan Winter
a2fbf12524 Disable PMTU discovery for RADIUS packets (sent them without DF)
When Linux has Path MTU discovery enabled, it sets by default the DF bit
on all outgoing datagrams, also UDP ones. If a RADIUS message is bigger
than the smallest MTU size to the target, it will be discarded.

This effectively limits RADIUS messages to ~ 1500 Bytes, while they can
be up to 4k according to RFC2865. In practice, this can mean trouble
when doing EAP-TLS with many RADIUS attributes besides the EAP-Message.
[Bug 326]
2009-08-23 21:21:25 +03:00
Jouni Malinen
ad469aecc1 Reject X.509 certificate strings with embedded NUL characters
These could, at least in theory, be used to generate unexpected common
name or subject alternative name matches should a CA sign strings with
NUL (C string termination) in them. For now, just reject the certificate
if an embedded NUL is detected. In theory, all the comparison routines
could be made to compare these strings as binary blobs (with additional
X.509 rules to handle some exceptions) and display NUL characters
somehow. Anyway, just rejecting the certificate will get rid of
potential problems with the C string getting terminated and it should
not really be used in certificates, so this should not break valid use
cases.
2009-08-23 21:00:38 +03:00
Jouni Malinen
9932c17fc8 Sync with linux/nl80211.h from wireless-testing.git 2009-08-18 11:33:40 +03:00
Jouni Malinen
1ba787b954 Remove unneeded aes_i.h inclusion from number of places
The BLOCK_SIZE define can be made more specific by using AES_ prefix and
by moving it to aes.h. After this, most aes-*.c do not really need to
include anything from the internal aes_i.h header file. In other words,
aes_i.h can now be used only for the code that uses the internal AES
block operation implementation and none of the code that can use AES
implementation from an external library do not need to include this
header file.
2009-08-17 20:27:25 +03:00
Jouni Malinen
04b6b3ed51 Verify that EAPOL-Key MIC generation succeeds
This can now fail, e.g., if trying to use TKIP in FIPS mode.
2009-08-16 22:35:15 +03:00
Jouni Malinen
7a215dfc2b Verify that RC4 operation succeeds 2009-08-16 22:28:40 +03:00
Jouni Malinen
108f9dd49b Fix crypto_cipher_init() EVP initialization
Better not specify EVP_CIPHER again for the second init call since that
will override key length with the default value. The previous version
was likely to work since most use cases would be likely to use the
default key length. Anyway, better make this handle variable length
ciphers (mainly, RC4), too, just in case it is needed in the future.
2009-08-16 22:26:59 +03:00
Jouni Malinen
7cba52d852 Use OpenSSL for RC4 instead of internal implementation 2009-08-16 22:26:13 +03:00
Jouni Malinen
ac73690c06 Move RC4 into crypto.h as a replaceable crypto function
This allows crypto library wrappers to override the internal RC4
implementation in the same way as can already be done for other crypto
algorithms.
2009-08-16 20:13:14 +03:00
Jouni Malinen
8ef1683115 Remove rc4() wrapper
This is not really of that much use since rc4_skip() can be used as
easily. In addition, rc4 has caused some symbol conflicts in the past,
so it is easier to live without that as an exported symbol.
2009-08-16 19:57:50 +03:00
Jouni Malinen
1d5ed36e7c Fix build with non-FIPS capable OpenSSL 2009-08-16 19:56:33 +03:00
Jouni Malinen
c5f6ad5766 Verify CHAP/MSCHAPv2 return code
Check the return code in some (but not yet all) places where the
functions from ms_funcs.c are used.
2009-08-16 19:07:57 +03:00
Jouni Malinen
ff916b9df7 Allow non-FIPS MD5 to be used with TLS PRF even in FIPS mode
This is allowed per FIPS1402IG.pdf since the TLS PRF depends fully on
both MD5 and SHA-1.
2009-08-16 18:56:48 +03:00
Jouni Malinen
be299ca4ce Pass digest return value to CHAP/MSCHAPv2 caller 2009-08-16 18:38:35 +03:00