Commit graph

31 commits

Author SHA1 Message Date
Jouni Malinen
ca84eed7ad TLS: Add build configuration for TLS v1.2 support
This allows the internal TLS implementation to be built for TLS v1.2
support. In addition to the build option, this changes the TLS PRF
based on the negotiated version number. Though, this commit does not
yet complete support for TLS v1.2.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 21:45:07 +02:00
Jouni Malinen
b83e3e93c8 IEEE 802.11u: Add configuration and advertisement for Interworking 2011-10-16 23:55:34 +03:00
Jouni Malinen
fd2f2d0489 Remove EAP-TTLSv1 and TLS/IA
These protocols seem to be abandoned: latest IETF drafts have expired
years ago and it does not seem likely that EAP-TTLSv1 would be
deployed. The implementation in hostapd/wpa_supplicant was not complete
and not fully tested. In addition, the TLS/IA functionality was only
available when GnuTLS was used. Since GnuTLS removed this functionality
in 3.0.0, there is no available TLS/IA implementation in the latest
version of any supported TLS library.

Remove the EAP-TTLSv1 and TLS/IA implementation to clean up unwanted
complexity from hostapd and wpa_supplicant. In addition, this removes
any potential use of the GnuTLS extra library.
2011-09-25 21:28:32 +03:00
Jouni Malinen
5c47af9a7a TLS: Add support for TLS v1.1 (RFC 4346) with internal TLS
This is disabled by defautl and can be enabled with CONFIG_TLSV11=y
build configuration parameter.
2011-09-25 17:24:46 +03:00
Jouni Malinen
38e24575c1 random: Add support for maintaining internal entropy store over restarts
This can be used to avoid rejection of first two 4-way handshakes every
time hostapd (or wpa_supplicant in AP/IBSS mode) is restarted. A new
command line parameter, -e, can now be used to specify an entropy file
that will be used to maintain the needed state.
2011-05-31 20:07:11 +03:00
Jouni Malinen
5dcfb6830e Include nl80211 driver wrapper in default configuration for hostapd 2011-05-16 21:07:47 +03:00
Jouni Malinen
9d832bd07d Remove obsolete comments about libnl 1.1 being new 2011-02-21 23:41:56 +02:00
Ben Greear
b41a47c03f hostapd: Allow logging to file
Also supports 'relog' CLI command to re-open the log file.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-02-06 20:24:16 +02:00
Jouni Malinen
bbb921daaa Maintain internal entropy pool for augmenting random number generation
By default, make hostapd and wpa_supplicant maintain an internal
entropy pool that is fed with following information:

hostapd:
- Probe Request frames (timing, RSSI)
- Association events (timing)
- SNonce from Supplicants

wpa_supplicant:
- Scan results (timing, signal/noise)
- Association events (timing)

The internal pool is used to augment the random numbers generated
with the OS mechanism (os_get_random()). While the internal
implementation is not expected to be very strong due to limited
amount of generic (non-platform specific) information to feed the
pool, this may strengthen key derivation on some devices that are
not configured to provide strong random numbers through
os_get_random() (e.g., /dev/urandom on Linux/BSD).

This new mechanism is not supposed to replace proper OS provided
random number generation mechanism. The OS mechanism needs to be
initialized properly (e.g., hw random number generator,
maintaining entropy pool over reboots, etc.) for any of the
security assumptions to hold.

If the os_get_random() is known to provide strong ramdom data (e.g., on
Linux/BSD, the board in question is known to have reliable source of
random data from /dev/urandom), the internal hostapd random pool can be
disabled. This will save some in binary size and CPU use. However, this
should only be considered for builds that are known to be used on
devices that meet the requirements described above. The internal pool
is disabled by adding CONFIG_NO_RANDOM_POOL=y to the .config file.
2010-11-24 01:29:40 +02:00
Jouni Malinen
1b6dbec626 Fix a typo in the comment 2010-11-10 14:23:57 +02:00
Helmut Schaa
f5798bf36a hostapd: Add comment about CONFIG_FULL_DYNAMIC_VLAN to defconfig
Add comment about CONFIG_FULL_DYNAMIC_VLAN to defconfig. By default
this feature is still disabled.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2010-11-09 16:38:59 +02:00
Jouni Malinen
53587ec183 WPS 2.0: Make WSC 2.0 support to be build option (CONFIG_WPS2)
For now, the default build will only include WSC 1.0 support.
CONFIG_WPS2=y can be used to add support for WSC 2.0.
2010-09-09 06:07:48 -07:00
Masashi Honma
953f0f6333 bsd: Add support for WPA_TRACE and WPA_TRACE_BFD
On FreeBSD 8.0, WPA_TRACE and WPA_TRACE_BFD functionality build fails.
2010-01-09 11:01:12 +02:00
Jouni Malinen
96603e4fe1 Comment CONFIG_WPA_TRACE_BFD=y out by default 2009-12-23 23:20:11 +02:00
Jouni Malinen
b22b41ee87 Describe tracing build options for developers 2009-12-20 23:41:06 +02:00
Jouni Malinen
50b5bf4eda Remove obsolete Prism54.org driver support (driver_prism54.c)
The Prism54.org project seems have been dead for a while and it does not
look like this driver would ever be maintained again. Furthermore, it is
difficult to find a version that would work with the driver_prism54.c
wrapper and there is another driver for these card in the Linux kernel
tree.

The hostapd integration in driver_prism54.c is quite different from the
other driver wrappers and would require major effort to get it cleaned
up. Since there does not seem to be any real users for the cleaned up
version, there does not seem to be justification to spend this effort on
the wrapper. This old code is making it much more difficult to clean up
the driver interface and at this point, the best option seems to be to
remove the driver wrappers. Should someone really still need this, the
old code will continue to be available in hostapd 0.6.x.
2009-12-12 20:52:12 +02:00
Jouni Malinen
b60d6f61e4 Make HOSTAPD_DUMP_STATE configurable with CONFIG_NO_DUMP_STATE
This removes the hardcoded definition from Makefile and cleans up
source code by moving the mail HOSTAPD_DUMP_STATE blocks into separate
files to avoid conditional compilation within files.
2009-11-29 20:18:47 +02:00
Pavel Roskin
e7e9c46e55 Use better examples for MadWifi path in defconfig, clarify comments
MadWifi is unlikely to be in ../head relative to hostapd or
wpa_supplicant, as it would be inside the hostap git repository.
MadWifi sources are more likely to be in a directory called "madwifi"
and residing outside the hostap repository.  Using "madwifi" also
demonstrates that the top-level madwifi directory is needed.
2009-02-04 21:45:14 +02:00
Jouni Malinen
c5e1522f9a Added notes about WPS UPnP support and external Registrars 2009-01-29 19:19:30 +02:00
Jouni Malinen
30b32314eb Added build option for removing VLAN support (CONFIG_NO_VLAN) 2009-01-12 21:39:19 +02:00
Jouni Malinen
f88bd28836 Added support for removing RADIUS accounting and RADIUS in general
CONFIG_NO_ACCOUNTING=y and CONFIG_NO_RADIUS=y build options can now be
used to remove RADIUS support from the hostapd build.
2009-01-08 19:15:25 +02:00
Jouni Malinen
03018d3e7c Added CONFIG_NO_STDOUT_DEBUG for hostapd
This is similar to one in wpa_supplicant and can be used to reduce the
binary size by removing debugging messages.
2009-01-08 16:47:04 +02:00
Jouni Malinen
9a6cec7bc6 Added CONFIG_IEEE80211N into defconfig (commented out) 2008-12-10 00:46:55 +02:00
Jouni Malinen
fecc01663b Updated the comment about libnl to state that version 1.1 is new enough 2008-12-09 22:41:01 +02:00
Jouni Malinen
a9d1364c5f Merged EAP-AKA' into eap_aka.c and added it to defconfig/ChangeLog 2008-12-07 19:24:56 +02:00
Jouni Malinen
ad08c3633c Added preliminary Wi-Fi Protected Setup (WPS) implementation
This adds WPS support for both hostapd and wpa_supplicant. Both programs
can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN
methods are supported.

Currently, hostapd has more complete configuration option for WPS
parameters and wpa_supplicant configuration style will likely change in
the future. External Registrars are not yet supported in hostapd or
wpa_supplicant. While wpa_supplicant has initial support for acting as
an Registrar to configure an AP, this is still using number of hardcoded
parameters which will need to be made configurable for proper operation.
2008-11-23 19:34:26 +02:00
Jouni Malinen
d64dabeebc Added a new driver wrapper, "none", for RADIUS server only configuration
This can be used to limit hostapd code size and clean up debug output for
configurations that do not use hostapd to control AP functionality.
2008-10-01 14:07:55 +03:00
Jouni Malinen
c1e033b0bb IEEE Std 802.11r-2008 has been released, so update references 2008-08-15 11:25:24 +03:00
Chris Zimmermann
6affdaee6b Support for RADIUS ACLs with drivers that do not use hostapd MLME
Sam Leffler <sam@errno.com>:
Attached are changes from Chris Zimmerman (cc'd) to allow drivers to handle
radius ACL's.  The patch is against 0.5.10 but I suspect will also apply to
your latest code.  These mods enable radius acl support in freebsd w/ my
vap code.

You may want to do the changes to ieee802_11_auth.c differently as they
currently require all participating drivers to work the same.  You might be
able to check the return value from hostapd_set_radius_acl_auth and use
that to decide whether the alternate code should be run so you can have 1
driver using this stuff while the other does not.

(jm: Added without more dynamic check for now; in addition, none of the
current in-tree driver wrappers actually implement these handlers, so this
is in preparation for future changes)
2008-03-12 11:43:55 +02:00
Jouni Malinen
502a293e30 TNC: Added TNC server support into documentation and ChangeLogs 2008-03-09 12:14:15 +02:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00