Commit graph

624 commits

Author SHA1 Message Date
Jouni Malinen
d6211fbb2e wpa_gui: Add peer dialog option for WPS PBC
Use advertised configuration methods to determine whether WPS PBC
and/or PIN methods should be allowed.
2009-11-21 17:06:41 +02:00
Jouni Malinen
175bba7986 wpa_gui: Add WPS config methods and device password ID into peer data 2009-11-21 16:47:48 +02:00
Jouni Malinen
9c6c0cb0aa wpa_gui: Move peer tooltip into Properties dialog
Clean up the peer dialog information to be more user friendly. Only
show the device type in the tooltip and move the verbose details into
a separate area in a new Properties dialog. The new dialog will also
show some of the standard fields with titles to make them easier to
read.
2009-11-21 15:01:23 +02:00
Jouni Malinen
e694b34474 WPS ER: Add more AP information into the ctrl_interface message
This allow wpa_gui to show AP BSSID, WPS State (configured/unconfigured),
and primary device type.
2009-11-21 13:34:23 +02:00
Jouni Malinen
b3f371cabf WPS ER: Refresh ER data on WPS_ER_START when already started
This sends out the AP and Enrollee notifications for all tracked
devices and generates a new SSDP search to find more APs.
2009-11-20 21:57:30 +02:00
Jouni Malinen
a3c6598fcd Add 'none' driver as an option for wpa_supplicant
This can be used, e.g., with WPS ER when no network interface is
actually used for IEEE 802.1X or wireless operations.
2009-11-20 21:12:49 +02:00
Jouni Malinen
da87d6f8b5 wpa_gui: Avoid using freed item in enter_pin()
The Enrollee entry may be deleted while the PIN query dialog is open.
To avoid crashing on using freed entry, copy the needed data into
local variables before and use the local data after the PIN dialog
has been closed.
2009-11-19 21:12:06 +02:00
Jouni Malinen
1949f53481 wpa_gui: Add AP and laptop icons for peer dialog
The peer entries are now using different icons based on their type. As
a starting point, a separate AP and laptop icons are used. More icons may
be added in the future to mark different device types (e.g., based on
primary device type information from WPS).
2009-11-19 21:03:25 +02:00
Mike Shepherd
720e23b2ae wpa_gui: Add support for multiple icon files 2009-11-19 20:49:51 +02:00
Jouni Malinen
8f089e7ff8 wpa_gui: Add preliminary WPS ER support into the peers dialog 2009-11-19 20:28:41 +02:00
Jouni Malinen
62fa124ce2 nl80211/SME: Use reassociation when roaming within the ESS 2009-11-17 19:25:05 +02:00
Anders Aspegren Søndergaard
3fd2a226f9 wpa_supplicant: Fix ctrl_interface group permissions to allow read/execute
When using umask 0077, the control interface directory was left without
group read/execute permissions even if the configuration file explicitly
asked for the group to be allowed to access the control interface. Fix
this by adding read/execute permissions for group if a specific group is
defined in the configuration. [Bug 199]
2009-11-16 16:43:25 +02:00
Witold Sowa
bd4ce06629 dbus: Allow only root to receive signals
Change the dbus policy file to only allow root applications to receive
signals from wpa_supplicant. This keeps WPS Credentials data secret
from non-root listeners.
2009-11-16 13:25:51 +02:00
Christian Rüb
1545457e04 wpa_gui-qt4: Fix build with Session Manager disabled in Qt4
When trying to build wpa_gui (Qt4 version) from openembedded it fails
because Qt4 is compiled without session manager and thus wpa_gui fails
to compile.

I attached a patch, that enables compiling without Session Manager (via
preprocessor) if it is not compiled into Qt4; otherwise, it behaves as
it does right now.

I checked to build on my host (Debian unstable, Session Manager
enabled) and openembedded (Session Manager disabled).
2009-11-16 13:20:53 +02:00
Jouni Malinen
a6b6307853 WPS ER: Deinit ER before WPS registrar/context
ER code may still touch WPS registrar/context during deinit, so better
do that before freeing the other WPS components.
2009-11-15 22:52:17 +02:00
Jouni Malinen
e64dcfd54b WPS ER: Add command for fetching current AP settings 2009-11-15 22:27:06 +02:00
Jouni Malinen
564cd7fa2c WPS ER: Add preliminary PBC support
This will need some additional code in wps_er_pbc() to handle PBC mode
enabling for a single AP only. For now, this can only be expected to work
when the ER is connected to a single AP.
2009-11-15 18:46:03 +02:00
Jouni Malinen
b78bc3a37e WPS ER: Add ctrl_iface notifications for AP/Enrollee add/remove 2009-11-15 12:07:27 +02:00
Jouni Malinen
9b61515c26 dbus: Use method/property/signal handler arrays for registration
Clean up registration of large number of dbus method/property/signal
handlers by using arrays containing all the information needed to call
the registration functions.
2009-11-14 18:18:07 +02:00
Jouni Malinen
485ec2ae48 dbus: Remove duplicated error printing from registration
wpa_dbus_{method,property,signal}_register() are now taking care of
error printing, so no need to duplicate the same code everywhere.
2009-11-14 17:06:16 +02:00
Jouni Malinen
7ae7b192f9 dbus: Split wpas_dbus_ctrl_iface_init() into helper functions
Clean up the method/property/signal registration code by using short
helper functions with the argument table near the registration call.
2009-11-14 16:57:07 +02:00
Jouni Malinen
3864e6ea83 dbus: Minor coding style cleanup 2009-11-14 16:02:01 +02:00
Jouni Malinen
17efbfac21 dbus: Fix some of the function comment typos 2009-11-14 15:57:02 +02:00
Jouni Malinen
72df2f5fc6 WPS ER: Add PIN configuration and SetSelectedRegistrar call
New PINs can now be added to WPS ER. This results in the ER code
using SetSelectedRegistrar to modify AP state so that Enrollees
will be able to notice the actice registrar more easily.
2009-11-13 22:07:11 +02:00
Jouni Malinen
4bb4ae0ae0 Remove a note about other repositories of wpa_supplicant 2009-11-11 17:56:21 +02:00
David Smith
d7199342f0 Reset EAPOL pointer when handling DBus smartcard parameters
Smartcard parameter update via DBus ended up re-initializing the EAPOL
state machine without updating the pointer inside WPA state machine.
This can trigger a segfault when EAP layer attempts to use the old
reference. Fix this by re-initializing the pointer inside WPA state
machine.
2009-11-11 17:46:15 +02:00
Witold Sowa
3d3d305645 Add dbus mechanism for fetching all network configuration parameters 2009-11-11 17:17:00 +02:00
Witold Sowa
71f6e1f697 Add notifications for scan result BSS changes (added/removed)
If scan results introduce new BSSs or discards some previously known,
new wpas_notify_bss_added or wpas_notify_bss_removed notifications are
called.
2009-11-11 17:07:53 +02:00
Jouni Malinen
68e7cb49b4 dbus: Use snprintf() and bounds checking instead of strcat()
Better make sure we do not end up writing over the end of the local
registered_sig buffer regardless of how many arguments are used in
dbus method description.
2009-11-10 18:29:38 +02:00
Jouni Malinen
d69780dcbb dbus: Do not dereference wpa_s if explicitly checking it is not NULL
There is no point checking whether wpa_s is not NULL after having
dereferenced it earlier in the function.. Furthermore, there is no
need to use a local variable for wpas_dbus_get_path() result.
2009-11-10 18:20:12 +02:00
Jouni Malinen
0cf7d7450a dbus: Remove unnecessary wpa_s->bssid comparison
This is an array and cannot have NULL value.
2009-11-10 18:11:18 +02:00
Jouni Malinen
4f93ab0ffc dbus: Fix a NULL pointer dereference on error path
The cleanup routine in the end would have dereferenced props pointer
which could be NULL. There is no need to go through that cleanup code
in this case, so just exit from the function with return instead.
2009-11-10 18:08:55 +02:00
Jouni Malinen
a1641d2671 Call wpas_notify_network_selected only if a specific network was selected
ssid could be NULL here at least based on the function documentation,
so better check whether that is the case prior to calling the
notification function.
2009-11-10 18:06:02 +02:00
Jouni Malinen
5be45e2e6e Fix per-SSID scan (scan_ssid=1)
Commit d3a9822542 broke per-SSID scan
by using the ssid variable for internal loop and by doing so,
overriding the value that was needed below to figure out whether the
scan is for a specific SSID. Fix this by using a temporary variable
instead when looping over network finding which frequencies to scan for.
2009-11-10 18:00:57 +02:00
Jouni Malinen
5228401cbc dbus: Coding style cleanup 2009-11-10 17:51:59 +02:00
Jouni Malinen
ea20a1ad03 dbus: Remove unneeded typecast
This was triggering some gcc versions to warn about strict aliasing.
Since the typecast is not really needed here, the cleanest way to get
rid of the warnings is to just use the correct type for the local
variable.
2009-11-10 16:48:21 +02:00
Jouni Malinen
69856fadf7 Add wpa_msg_ctrl() for ctrl_interface-only messages
This is like wpa_msg(), but the output is directed only to
ctrl_interface listeners. In other words, the output will not be
shown on stdout or in syslog.

Change scan result reporting to use wpa_msg_ctrl() for
CTRL-EVENT-SCAN-RESULTS message at info level and wpa_printf() at
debug level to avoid showing scan result events in syslog in the
common configuration used with NetworkManager.
2009-11-10 15:59:41 +02:00
Jouni Malinen
b99b8e1516 Fix non-WPS build 2009-11-10 11:35:25 +02:00
Jouni Malinen
d3a42e1240 WPS: Fix WPS build with ER support disabled 2009-11-10 11:09:52 +02:00
Witold Sowa
8fc2fb56e4 wpa_supplicant: new DBus API implementation
This patch implements the new DBus API. Both, the new and the
previous API may work concurrently and may be turned on or off
separately in .config file.
Some features of the new API are:
 - more wpa_supplicant's events are signaled with DBus signals,
 - introspection data (requires libxml2 and may be disabled),
 - CurrentBSS and CurrentNetwork properties,
 - PropertyChanged signal for most of properties,
 - Relatively easy to extend.
.config options for the new API are: CONFIG_CTRL_IFACE_DBUS_NEW=y and
CONFIG_CTRL_IFACE_DBUS_INTRO=y for introspection.

This commit misses couple of parts from the full implementation
(these are still under review):
- fetching all configuration parameters for learning WPS information
- scan result BSS add/remove notification (register_bss() and
  unregister_bss() notification callbacks)
2009-11-09 23:51:59 +02:00
Jouni Malinen
b905c4a398 WPS: Add HTTP server module
Clean up code so that UPnP implementation does not need to include all
the HTTP functionality. In addition, make it easier to share HTTP server
functionality with other components in the future.
2009-11-08 17:26:55 +02:00
Jouni Malinen
0b40d03394 WPS: Move generic UPnP XML helper functionality into a separate file 2009-11-08 14:06:01 +02:00
Jouni Malinen
092794f480 WPS: Add HTTP client module to clean up code
Instead of implementing HTTP client functionality inside
wps_upnp_event.c, use a generic HTTP client module to do this. The HTTP
client code can now be shared more easily for other purposes, too.
2009-11-08 12:35:37 +02:00
Jouni Malinen
e9bcfebfce WPS: Add initial part of External Registrar functionality
This is the first step in adding support for using wpa_supplicant as a
WPS External Registrar to manage APs over UPnP. Only the device
discovery part is implemented in this commit.
2009-11-07 12:41:01 +02:00
Jouni Malinen
d27df100b5 Allow driver and ctrl_interface parameters to be overridden
New wpa_supplicant command line options -o<driver> and -O<ctrl> can
now be used to override the parameters received in add interface
command from dbus or global ctrl_interface. This can be used, e.g.,
to enable control interface when using NetworkManager (add
-O/var/run/wpa_supplicant into the Exec parameter in
/usr/share/dbus-1/system-services/fi.epitest.hostap.WPASupplicant.service).
Similarly, this can be used to use another driver wrapper with
NetworkManager (e.g., -onl80211 to replace WEXT with nl80211).
2009-11-04 20:16:15 +02:00
Jouni Malinen
eb999fefcb Add Xcode project file for building wpa_supplicant 2009-11-02 19:37:46 +02:00
Jouni Malinen
e6c0ebff68 Fix int_array_concat() to bail out on realloc failure
The previous version could have ended up dereferencing a NULL pointer
if the reallocation call were to fail.
2009-11-02 19:14:17 +02:00
Oleg Kravtsov
63330c6832 WPS: Add PBC overlap and timeout events from WPS module
This provides information about PBC mode result from the WPS Registrar
module. This could be used, e.g., to provide a user notification on the
AP UI on PBC failures.
2009-11-01 21:26:13 +02:00
Jouni Malinen
76d11d3f42 SME: Improve processing of association rejection
Force deauthentication from the AP to clear mac80211 state (it would get
stuck with future scans if the AP is left in authenticated, but not
associated, state).

Add blacklist entry for the AP to allow other APs with worse signal
strength to be tried (e.g., when APs are trying to do load balancing
with status code 17). Reduce wait for the next scan to speed up
connection in cases where there could be other APs that could accept
association, but which show worse signal strength.
2009-10-31 23:21:43 +02:00
Sam Leffler
cca8773165 Allow CONFIG_DEBUG_SYSLOG=y to be used
Instead of having to add the syslog define manually into CFLAGS,
CONFIG_DEBUG_SYSLOG=y can now be used in .config.
2009-10-22 11:17:05 -07:00
Sam Leffler
2d8fe38109 Stub out the dbus function w/o CONFIG_WPS to fix build 2009-10-22 11:08:10 -07:00
Jouni Malinen
f1739bac4f Move PKCS# {1,5,8} functionality into separate files
This functionality fits better with src/tls (i.e., internal TLS
implementation), so move it there to make crypto_internal.c more
of a wrapper like other crypto_*.c files.
2009-10-17 12:48:55 +03:00
Jouni Malinen
385f16c611 Remove wpa_priv on 'make clean' 2009-10-16 21:49:45 +03:00
Jouni Malinen
43fb529750 Add AP mode WPA status into ctrl_iface 2009-10-16 18:35:45 +03:00
Jouni Malinen
f730b421e9 wpa_gui-qt4: Dynamically update associated STAs in peer dialog 2009-10-16 17:53:02 +03:00
Jouni Malinen
e81634cd18 Skip networks without known SSID when selecting the BSS
Previously, APs that were hiding SSID (zero-length SSID IE in
Beacon frames) could have been selected when wildcard SSID matching
was used. This would result in failed association attempt since
the client does not know the correct SSID. This can slow down WPS
which is often using wildcard SSID matching.

Ignore BSSes without known SSID in the scan results when selecting
which BSS to use.
2009-10-15 21:58:58 +03:00
Witold Sowa
dc461de43e wpa_supplicant and dbus code separation
This patch completely separates supplicant's code from dbus.
It introduces three new notifications which copes with all
remaining dbus stuff.
wpas_notify_unregister_interface() was renamed to
wpas_notify_iface_removed().
2009-10-15 21:15:10 +03:00
Sam Leffler
4f34d51abe Do not schedule a new scan if no networks are enabled
This avoids an extra timeout to move to INACTIVE state.
2009-10-14 22:05:58 +03:00
Jouni Malinen
3afe7b61e0 Fix AES dependencies for CONFIG_AP=y (and IBSS) builds 2009-10-13 11:16:05 +03:00
Jouni Malinen
35deb646cc Fix CONFIG_AP=y build without CONFIG_CTRL_IFACE 2009-10-13 11:15:39 +03:00
Masashi Honma
279d859b8f Fix IEEE 802.11r/w compilation error
The hostapd/wpa_supplicant compilation failed with CONFIG_IEEE80211R=y
or CONFIG_IEEE80211W=y option if CONFIG_EAP_PSK and CONFIG_EAP_GPSK are
not used.
2009-10-13 10:04:46 +03:00
Jouni Malinen
6d6f4bb87f nl80211: Work around mac80211 limitation on (re)auth when authenticated
mac80211 does not currently allow (re)authentication when we are already
authenticated. In order to work around this, force deauthentication if
nl80211 authentication command fails with EALREADY. Unfortunately, the
workaround code in driver_nl80211.c alone is not enough since the
following disconnection event would clear wpa_supplicant authentication
state. To handle this, add some code to restore authentication state
when using userspace SME.

This workaround will hopefully become unnecessary in some point should
mac80211 start accepting new authentication requests even when in
authenticated state.
2009-10-12 09:39:55 +03:00
Masashi Honma
0e27f655f1 MFP: Clear IGTK
The fourth and fifth keys are used as IGTK for management frame
protection. This patch clears these keys.

I have tested with linux kernel 2.6.31.2.
2009-10-12 07:19:01 +03:00
Jouni Malinen
bd4e9d033b Replace CONFIG_NO_AES_EXTRAS with auto-detection during build
There is no need to do this manually since it is possible to figure
out automatically which AES extra files need to be included in the
build.
2009-10-11 22:23:50 +03:00
Jouni Malinen
38b462868c Clean up crypto makefile segments
Reorganize the TLS/crypto library segments into a single set of blocks
for each library instead of multiple locations handling library-specific
operations. Group crypto functionality together and get wpa_supplicant
and hostapd Makefile closer to eachother in order to make it easier to
eventually move this into a shared makefile.
2009-10-11 22:04:29 +03:00
Jouni Malinen
7137456941 Move TLS_FUNCS and NEED_CRYPTO segment next to each other 2009-10-11 20:34:26 +03:00
Jouni Malinen
9d388d5007 Further crypto makefile unification 2009-10-11 20:31:15 +03:00
Jouni Malinen
0dba0175c5 Fix crypto config for minimal builds 2009-10-11 20:19:12 +03:00
Jouni Malinen
000bbd77c9 Cleaned up and unified some of the crypto Makefile code 2009-10-11 19:42:04 +03:00
Jouni Malinen
f042122a57 Allow the internal DH implementation to be overridden
Crypto library wrappers can now override the internal DH (group 5)
implementation. As a starting point, this is done with OpenSSL. The
new mechanism is currently available only for WPS (i.e., IKEv2 still
depends on the internal DH implementation).
2009-10-11 19:17:22 +03:00
Jouni Malinen
dd01b1ff9d Include only the used DH groups in the build
This reduces the binary size by 3 kB or so when WPS is included in
the build, but IKEv2 is not.
2009-10-11 15:24:40 +03:00
Jouni Malinen
9fac49c15c Fix wpa_passphrase build with NSS 2009-09-30 19:14:43 +03:00
Jouni Malinen
d094741c5a wpa_gui-qt4: Add pending WPS PIN queries into peer dialog
Whenever running wpa_supplicant in AP mode with WPS enabled, the
notifications of missing WPS PIN are now shown on the peer dialog
to make it easier to provide the PIN.
2009-09-29 23:16:21 +03:00
Jouni Malinen
4f760fcc7c Fix hostapd wpa_msg() calls ctx for wpa_supplicant AP mode
Need to use wpa_s pointer, not hapd pointer, for these calls.
2009-09-29 21:25:14 +03:00
Jouni Malinen
acfbf1f5d7 wpa_gui-qt4: Fix peer_role_address for AP entry 2009-09-29 20:51:45 +03:00
Jouni Malinen
b55aaa5fdf Allow IBSS/AP mode networks to be created in ap_scan=1 mode
If no BSSes/IBSSes matching the enabled networks are found in the scan
results, IBSS/AP mode network (if configured) can be created in
ap_scan=1 mode instead of requiring ap_scan=2 mode to be used whenever
using IBSS or AP mode.
2009-09-29 17:11:36 +03:00
Jouni Malinen
09b9df4e4a Split wpa_supplicant_event_scan_results() into helper functions 2009-09-29 14:30:11 +03:00
Jouni Malinen
289ffc2b61 Add preliminary version of NSS TLS/crypto wrapper for wpa_supplicant
This brings in the first step in adding support for using NSS
(Mozilla Network Security Services) as the crypto and TLS library
with wpa_supplicant. This version is able to run through EAP-PEAP
and EAP-TTLS authentication, but does not yet implement any
certificate/private key configuration. In addition, this does not
implement proper key fetching functions either, so the end result
is not really of much use in real world yet.
2009-09-29 01:21:09 +03:00
Johannes Berg
0194fedb46 driver_nl80211: Fix MLME key settings for static WEP
Current wpa_supplicant has a bug with WEP keys, it adds a zero-length
sequence counter field to netlink which the kernel doesn't accept.

Additionally, the kernel API slightly changed to accept keys only when
connected, so we need to send it the keys after that. For that to work
with shared key authentication, we also include the default WEP TX key
in the authentication command.

To upload the keys properly _after_ associating, add a new flag
WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE indicating that the driver
needs the keys at that point and not earlier.
2009-09-15 10:48:30 +03:00
Jouni Malinen
60b94c9819 Add preliminary background scan and roaming module design
This allows background scanning and roaming decisions to be contained in
a single place based on a defined set of notification events which will
hopefully make it easier to experiment with roaming improvements. In
addition, this allows multiple intra-ESS roaming policies to be used
(each network configuration block can configure its own bgscan module).

The beacon loss and signal strength notifications are implemented for
the bgscan API, but the actual events are not yet available from the
driver.

The included sample bgscan module ("simple") is an example of what can
be done with the new bgscan mechanism. It requests periodic background
scans when the device remains associated with an ESS and has couple of
notes on what a more advanced bgscan module could do to optimize
background scanning and roaming. The periodic scans will cause the scan
result handler to pick a better AP if one becomes available. This bgscan
module can be taken into use by adding bgscan="simple" (or
bgscan="simple:<bgscan interval in seconds>") into the network
configuration block.
2009-09-15 00:08:24 +03:00
Samuel Ortiz
3180d7a208 Getting back to DISCONNECTED afer SCANNING
After transitioning from DISCONNECTED to SCANNING, we never go back
to DISCONNECTED even though scanning is done or failed.
We're thus stuck in SCANNING while scanning is actually done.
2009-09-14 17:25:03 +03:00
Masashi Honma
f1b0de09d9 WPS: Fix CONFIG_WPS=y compilation of wpa_supplicant
The wpa_supplicant compilation failed with CONFIG_WPS=y option
if CONFIG_CLIENT_MLME and CONFIG_IEEE80211R are not used.
2009-09-14 16:50:53 +03:00
Witold Sowa
3e53b314f5 Share same freeing and error checking code in get_scan_results
Convert wpa_supplicant_get_scan_results_old() to use the same return
style with the other get_scan_results options and clean up the code
by sharing the same scan result freeing and error checking code for
all the options.
2009-09-13 22:21:52 +03:00
Witold Sowa
86b89452f6 Use shared functions for network operations and param changes
Instead of implementing these separately in various control
interface handlers, use shared functions. These add some of the
previously missing notification calls, too, for the affected areas.
2009-09-13 21:16:43 +03:00
Jouni Malinen
8bac466b00 Add wpa_supplicant notification calls
This introduces a new mechanism for collecting notification calls into
a single place (notify.c). As a result of this, most of the
wpa_supplicant code does not need to know about dbus (etc. mechanisms
that could use the notifications). Some empty placeholder functions are
also added in preparation of new dbus code that needs more event
notifications.
2009-09-13 20:53:32 +03:00
Witold Sowa
1bd3f426d3 Remove extra whitespace 2009-09-13 20:27:54 +03:00
Jouni Malinen
614ff64fe0 wpa_gui-qt4: Fix WPS AP detection for peer window 2009-09-11 19:06:38 +03:00
Jouni Malinen
b1078a4bfb wpa_gui-qt4: Add scan results into the peer window
In addition, add a peer entry type for each peer entry. Currently,
this is only stored as an integer and visible in the context menu.
Eventually, different icons should be used based on this type.
2009-09-11 18:37:16 +03:00
Jouni Malinen
acd8ba74c0 wpa_gui-qt4: Handle UNKNOWN COMMAND reply during peer window update
Avoid an infinite loop if wpa_supplicant is not built with AP support.
2009-09-11 17:52:46 +03:00
Jouni Malinen
611ed49118 Add parsed information from WPS IE(s) into scan results
This makes it easier for external programs to show WPS information
since they do not need to parse the WPS IE themselves anymore.
2009-09-11 17:14:49 +03:00
Jouni Malinen
6a88ae863f wpa_gui-qt4: Add context menu for peers dialog
Replace the clicked() event with more appropriate context menu
and add a WPS PIN entry as an example command.
2009-09-10 14:43:08 +03:00
Jouni Malinen
e2670b1176 wpa_gui-qt4: Include cstdio to avoid some compiler issues
It looks like some build systems do not find snprintf() here unless
cstdio is included explicitly.
2009-09-09 11:11:42 +03:00
Jouni Malinen
f05c7194cd wpa_gui-qt4: Add a new window for showing peer information
This provides some initial functionality for showing peer information,
i.e., showing information about other devices that has been discovered.
Currently, information is only available in the AP mode (list of
associated stations), but this is expected to increase in the future
(e.g., show the current AP in station mode, other stations in IBSS,
etc.). Furthermore, there will be actions available for doing things
like providing a WPS PIN for a station.
2009-09-08 16:28:41 +03:00
Jouni Malinen
e653b62275 Add station table query to wpa_supplicant AP ctrl_iface
"wpa_cli all_sta" and "wpa_cli sta <addr>" can now be used to fetch
information about stations associated with the
wpa_supplicant-controlled AP.
2009-09-08 12:58:02 +03:00
Jouni Malinen
52eb293dd2 WPS: Add support for AP reconfiguration with wps_reg
wpa_supplicant can now reconfigure the AP by acting as an External
Registrar with the wps_reg command. Previously, this was only used
to fetch the current AP settings, but now the wps_reg command has
optional arguments which can be used to provide the new AP
configuration. When the new parameters are set, the WPS protocol run
is allowed to continue through M8 to reconfigure the AP instead of
stopping at M7.
2009-09-06 13:58:15 +03:00
Jouni Malinen
1ff733383f Delay processing of EAPOL frames when not associated
If an EAPOL frame is received while wpa_supplicant thinks the driver is
not associated, queue the frame for processing at the moment when the
association event is received. This is a workaround to a race condition
in receiving data frames and management events from the kernel.

The pending EAPOL frame will not be processed unless an association
event is received within 100 msec for the same BSSID.
2009-09-04 18:04:41 +03:00
Chuck Tuffli
94873e3b84 Fix comment in wpa_supplicant_event_associnfo
Found what I think is a copy/paste error in the comments for the .11r
code.
2009-08-26 23:51:12 +03:00
Witold Sowa
3a57305f10 Fix a bug with ap_rx_from_unknown_sta() recursion
ap_rx_from_unknown_sta was going into infinite recursion,
or could even crash because of corrupted pointer cast.
2009-08-26 20:18:24 +03:00
Jouni Malinen
7cba52d852 Use OpenSSL for RC4 instead of internal implementation 2009-08-16 22:26:13 +03:00
Jouni Malinen
ac73690c06 Move RC4 into crypto.h as a replaceable crypto function
This allows crypto library wrappers to override the internal RC4
implementation in the same way as can already be done for other crypto
algorithms.
2009-08-16 20:13:14 +03:00
Jouni Malinen
577072b116 Fix FIPS mode build of eapol_test 2009-08-16 19:00:49 +03:00
Jouni Malinen
ff916b9df7 Allow non-FIPS MD5 to be used with TLS PRF even in FIPS mode
This is allowed per FIPS1402IG.pdf since the TLS PRF depends fully on
both MD5 and SHA-1.
2009-08-16 18:56:48 +03:00
Jouni Malinen
76f04b38b0 Preliminary support for FIPS mode operation with OpenSSL
wpa_supplicant can now be built with FIPS capable OpenSSL for FIPS mode
operation. Currently, this is only enabling the FIPS mode in OpenSSL
without providing any higher level enforcement in wpa_supplicant.
Consequently, invalid configuration will fail during the authentication
run. Proper configuration (e.g., WPA2-Enterprise with EAP-TLS) allows
the connection to be completed.
2009-08-16 14:24:22 +03:00
Jouni Malinen
1430ba9b7e OpenSSL: Use library version of SHA256
There is no need to use the internal SHA256 implementation when using
OpenSSL.
2009-08-16 14:15:36 +03:00
Bjarke Istrup Pedersen
466940c55e Use LDFLAGS in all linker commands
When building hostapd and wpa_supplicant, the build system does not
respect the LDFLAGS selected in the environment in some cases. [Bug 311]
2009-08-16 09:47:56 +03:00
Witold Sowa
b2cc805619 Set current ssid when entering AP mode
After successful starting AP mode, current_ssid field is set to
ssid used to create AP.
2009-08-15 21:04:50 +03:00
Jouni Malinen
905a32a5f4 Added new SHA1 files into VS project files to fix the build 2009-08-15 20:51:35 +03:00
Jouni Malinen
49eba5f82f WPS: Workaround mixed-mode WPA+WPA2 auth type in credentials
An SMC router was reported to use 0x22 (WPAPSK + WPA2PSK) in the
authentication type of the provisioned credential and wpa_supplicant
rejected this as invalid. Work around this by replacing WPAPSK + WPA2PSK
with WPA2PSK.
2009-08-15 20:40:45 +03:00
Jouni Malinen
ba30964b60 Force rebuilding of src/drivers between hostapd and wpa_supplicant
This is a (hopefully) temporary workaround to allow the same source code
tree to be used for building hostapd and wpa_supplicant without having
to manually force recompilation of some files. Currently, some of the
driver wrapper files need to be built separately for hostapd and
wpa_supplicant (#ifdef's in the files based on AP functionality).

This is somewhat racy as far as parallel make execution is concerned,
i.e., it may be necessary to run "make -j#" twice (plain "make" works
fine. Since this is supposed to be a temporary workaround, there is not
much point in trying to fix this with any more complex make processing.
2009-08-14 20:40:37 +03:00
Johannes Berg
fe6bdb777e Replace NEED_MLME with NEED_AP_MLME
This makes it clearer that it's about the AP, not client-side MLME, even
when built into the client (wpa_supplicant).
2009-08-14 20:01:41 +03:00
Johannes Berg
e7cd16cac5 Create a common drivers makefile snippet
Instead of having all driver stuff collected across wpa_supplicant
and hostapd, create a common snippet that they both include and
that handles the build configuration.
2009-08-14 19:53:27 +03:00
Jouni Malinen
3e91d24260 wpa_passphrase does not need FIPS PRF, MD4, or AES extra functionality 2009-08-13 17:07:36 +03:00
Johannes Berg
4c9e03e0b2 Crypto build cleanup: remove CONFIG_NO_AES_*
Instead of using a defines and conditional building of AES parts,
move the conditional functionality into separate files.
2009-08-13 11:40:28 +03:00
Johannes Berg
27da6d4a0e Crypto build cleanup: remove CONFIG_NO_AES_ENCRYPT
Instead of using a define and conditional building of AES parts,
move the AES encryption routines into a separate file.
2009-08-13 11:21:32 +03:00
Johannes Berg
381fcbc9f4 Crypto build cleanup: remove CONFIG_NO_AES_DECRYPT
Instead of using a define and conditional building of AES parts,
move the AES decryption routines into a separate file.
2009-08-13 11:16:21 +03:00
Johannes Berg
18abe7acb0 Crypto build cleanup: remove CONFIG_NO_PBKDF2
Instead of using a define and conditional building of sha1.c parts,
move the PBKDF2 implementation into a separate file.
2009-08-11 20:31:39 +03:00
Johannes Berg
d9feab18fc Crypto build cleanup: remove CONFIG_NO_TLS_PRF
Instead of using a define and conditional building of sha1.c parts,
move the TLS PRF implementation into a separate file.
2009-08-11 20:24:06 +03:00
Johannes Berg
6f693b5d0b Crypto build cleanup: remove CONFIG_NO_T_PRF
Instead of using a define and conditional building of sha1.c parts,
move the T-PRF implementation into a separate file.
2009-08-11 20:19:37 +03:00
Johannes Berg
05edfe2994 Crypto build cleanup: remove NEED_FIPS186_2_PRF
Instead of using a define and conditional building of crypto wrapper
parts, move the FIPS 186-2 PRF implementation into separate files.
2009-08-11 20:06:23 +03:00
Johannes Berg
ad01a5315e Crypto build cleanup: remove INTERNAL_MD5
Instead of using a define and conditional building of md5.c parts,
move the internal-MD5 into a separate file.
2009-07-28 21:36:13 +03:00
Johannes Berg
bd4e28950d Crypto build cleanup: remove INTERNAL_MD4
In addition, rename md4.c to md4-internal.c to match in style with
SHA-1 conditionally built internal implementation.
2009-07-28 21:27:02 +03:00
Johannes Berg
598a792d8c Crypto build cleanup: remove INTERNAL_SHA256
Instead of using a define and conditional building of sha256.c parts,
move the internal-SHA256 into a separate file.
2009-07-28 21:20:04 +03:00
Johannes Berg
246157cba6 Crypto build cleanup: remove INTERNAL_AES
In addition, rename aes.c to aes-internal.c to match in style with
SHA-1 conditionally built internal implementation.
2009-07-28 21:09:57 +03:00
Johannes Berg
657f038102 Crypto build cleanup: remove INTERNAL_DES
In addition, rename des.c to des-internal.c to match in style with
SHA-1 conditionally built internal implementation.
2009-07-28 21:00:44 +03:00
Johannes Berg
928a50a355 Crypto build cleanup: remove INTERNAL_SHA1
Instead of using a define and conditional building of sha1.c parts,
move the internal-SHA-1 into a separate file.
2009-07-28 20:47:04 +03:00
Johannes Berg
602606091b CONFIG_WIRELESS_EXTENSION need not be in CFLAGS 2009-07-28 20:25:19 +03:00
Johannes Berg
91382de4d1 CONFIG_WIRELESS_EXTENSION is purely internal to the Makefile 2009-07-28 14:41:33 +03:00
Johannes Berg
b2840aafaf make the build process quieter to see warnings 2009-07-28 14:37:40 +03:00
Johannes Berg
8055fb781d Clean up some more binaries in wpa_supplicant 'make clean' 2009-07-28 14:15:04 +03:00
Jon Loeliger
2e8eac2d67 Allow wpa_supplicant to use libnl-2.0
Change existing CONFIG_LIBNL20 compatibility code in
driver_nl80211.c to be used by both wpa_supplicant
and hostapd, but take care of nl_handle too now.

Propagate CONFIG_LIBNL20 out of .config file and onto
CFLAGS in the Makefile.

Use libnl-gen now too.

Signed-off-by: Jon Loeliger <jdl@bigfootnetworks.com>
---
2009-07-25 17:21:52 +03:00
Witold Sowa
137fb724b3 Set state to COMPLETE when AP mode has been initialized successfully 2009-07-25 17:01:23 +03:00
Jouni Malinen
4625a47f4b WPS: Change wpa_supplicant wps_reg to not send out M8
Since we do not currently support changing the AP settings received
from M7, there is no point in actually sending out the M8 that would
likely trigger the AP to reconfigure itself and potentially reboot.
For now, we just receive the AP settings in M7 and add a local network
configuration block based on those, but NACK the message. This makes
wps_reg work like wps_pin, but by using the AP PIN instead of a client
PIN.
2009-06-10 15:53:35 +03:00
Jouni Malinen
b14912025f Comment out unused functions if IEEE8021X_EAPOL is not defined 2009-05-29 22:35:31 +03:00
Dan Williams
cb8564b1dd dbus: add 'scanning' property
When the supplicant is connected and performs a scan, it doesn't enter
WPA_SCANNING state for various reasons.  However, external programs
still need to know that the supplicant is scanning since they may not
wish to perform certain operations during a scan (as those operations
will likely fail or yield incorrect results).  Add a 'scanning' property
and signal to the supplicant dbus interface to allow clients to
synchronize better with the supplicant when it scans.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2009-05-27 21:06:40 +03:00
Jouni Malinen
077a781f7a WPS: Add support for setting timeout for PIN
hostapd_cli wps_pin command can now have an optional timeout
parameter that sets the PIN lifetime in seconds. This can be used
to reduce the likelihood of someone else using the PIN should an
active PIN be left in the Registrar.
2009-05-26 17:44:44 +03:00
Jaime Soriano Pastor
e8fa6039f6 WPS methods exported over DBus
I've exported the methods wpsPbc, wpsReg and wpsPin (patch attached),
so wpa_supplicant should be able to connect with WPS using the dbus
interface. I couldn't test it well because the problem seems to be in
my wireless card, a Broadcom BCM4328. At least it seems to do the same
using both interfaces. With ndiswrapper driver the "wpsie" entry
(thanks Dan!) didn't appear, and with the Broadcom wl driver it
appears but I cannot associate using WPS.
2009-05-06 13:23:41 +03:00
Helmut Schaa
01a569e8a1 wpa_supplicant: add DBus method for changing debug parameters
Add a new DBus method "setDebugParams" which takes the parameters
debug_level, debug_timestamp and show_keys as input and updates the
internal debug variables accordingly.

To change the debug level, enable/disable timestamps and enable/disable
show_keys the following dbus-send command can be used:

dbus-send --system --dest=fi.epitest.hostap.WPASupplicant --print-reply
/fi/epitest/hostap/WPASupplicant fi.epitest.hostap.WPASupplicant.setDebugParams
int32:0 boolean:false boolean:false

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2009-05-06 11:54:00 +03:00
Jouni Malinen
da1fb17ca7 Add handling of SME auth/assoc timeout events
This allows wpa_supplicant to start searching for other APs (or re-try)
if the MLME times out.
2009-04-24 00:08:24 +03:00
Jouni Malinen
4bc181ecc7 Add new wpa_supplicant driver op for setting 802.1X port status
This can be used with drivers that implement PAE to control whether
normal data frames (non-EAPOL) are allowed.
2009-04-22 16:01:37 +03:00
Jouni Malinen
3ec97afe57 wpa_supplicant AP: Add preliminary support for WPS Internal Registrar
When in AP mode, wpa_supplicant is now enabling WPS (only Internal
Registrar). wpa_cli wps_pbc and wps_pin commands can be used to initiate
WPS negotiation similarly to how this is done in station mode (though,
the BSSID parameter is ignored).
2009-04-21 16:45:16 +03:00
Jouni Malinen
a8d6ffa48f wpa_supplicant AP: Add sta_set_flags 2009-04-20 16:33:13 +03:00
Jouni Malinen
db149ac949 wpa_supplicant AP: Add EAPOL frame TX and RX
This allows WPA-Personal 4-way handshake to be completed successfully.
2009-04-20 16:27:45 +03:00
Jouni Malinen
07d9a55297 wpa_supplicant AP: Update WPA/RSN configuration
Couple of additional operations are needed to make hostapd configuration
valid for WPA.
2009-04-20 16:11:08 +03:00
Jouni Malinen
c3dc92e85f Make deauthentication and disassociation consistent
This fixes an issue where the station was not marked disassociated
properly with locally requested deauthentication.
2009-04-20 11:36:47 +03:00
Jouni Malinen
83935317a7 Disconnect if 4-way handshake processing fails
There is no point in trying to continue if a 4-way handshake frame is
discarded or if PTK/GTK/IGTK configuration fails. Force the client to
disconnect in such a case to avoid confusing user by claiming the
connection was successfully completed.
2009-04-20 11:35:21 +03:00
Jouni Malinen
0f4e8b4f65 wpa_supplicant AP: add sta_add() and sta_remove() 2009-04-17 20:09:20 +03:00
Jouni Malinen
be301e56b6 wpa_supplicant AP: Fix build after hostapd driver_ops changes 2009-04-17 16:41:53 +03:00
Jouni Malinen
b615a25e4e wpa_supplicant AP: Fix hw_mode for 5 GHz channels 2009-04-12 12:10:08 +03:00
Jouni Malinen
92f475b4d8 Merge hostapd driver init functions into one
Use a parameter structure to pass in information that can be more easily
extended in the future. Include some of the parameters that were
previously read directly from hapd->conf in order to reduce need for
including hostapd/config.h into driver wrappers.
2009-04-09 23:28:21 +03:00
Jouni Malinen
c3965310e6 Use common get_hw_feature_data for hostapd and wpa_supplicant
This merges the driver wrapper implementations to use the same
implementation both for hostapd and wpa_supplicant operations to avoid
code duplication.
2009-04-09 14:11:39 +03:00
Jouni Malinen
c51218372f Merge wpa_supplicant and hostapd driver wrapper implementations
This commit merges the driver_ops structures and implementations from
hostapd/driver*.[ch] into src/drivers. This is only an initial step and
there is room for number of cleanups to share code between the hostapd
and wpa_supplicant parts of the wrappers to avoid unnecessary source
code duplication.
2009-04-09 13:40:12 +03:00
Jouni Malinen
c2220ec0b7 Fix couple of forgotten wpa_hw_modes -> hostapd_hw_modes
Some build configurations resulted in failure due to missed structure
rename.
2009-04-06 15:02:48 +03:00
Jouni Malinen
a0b2f99bd7 nl80211: Fix static WEP key configuration when using SME
Need to set WEP keys before requesting authentication in order to get
Shared Key authentication working. Previously, the WEP keys were not set
at all when using SME in wpa_supplicant.
2009-04-04 16:58:16 +03:00
Jouni Malinen
282d55908b wpa_supplicant AP: Add get_hw_feature_data
This is enough to allow open mode association to be completed with
driver_nl80211.c.
2009-04-03 19:11:22 +03:00
Jouni Malinen
6caf9ca68c Share same hw_feature definitions between hostapd and wpa_supplicant 2009-04-03 19:04:20 +03:00
Jouni Malinen
0892aaaf51 Set own MAC address in AP data structures 2009-04-03 16:53:09 +03:00
Jouni Malinen
2c2010acda Implement management frame TX for wpa_supplicant AP mode 2009-04-03 16:45:09 +03:00
Jouni Malinen
0915d02c3c wpa_supplicant AP: Add management frame RX for nl80211 2009-04-02 21:59:14 +03:00
Jouni Malinen
d2440ba01b Add Beacon configuration for wpa_supplicant AP mode 2009-04-02 16:09:48 +03:00
Jouni Malinen
efa4607800 SME: Add processing for rejected associations 2009-04-01 17:10:36 +03:00
Jouni Malinen
c0a6190815 Fix SHA-256-based KDF when using CCMP as the pairwise cipher
IEEE 802.11r KDF uses key length in the derivation and as such, the PTK
length must be specified correctly. The previous version was deriving
using 512-bit PTK regardless of the negotiated cipher suite; this works
for TKIP, but not for CCMP. Update the code to use proper PTK length
based on the pairwise cipher.

This fixed PTK derivation for both IEEE 802.11r and IEEE 802.11w (when
using AKMP that specifies SHA-256-based key derivation). The fixed
version does not interoperate with the previous versions. [Bug 307]
2009-04-01 12:04:36 +03:00
Jouni Malinen
73267b9ca4 WPS: Fix local configuration update after AP configuration
Update credential to only include a single authentication and
encryption type in case the AP configuration includes more than one
option. Without this, the credential would be rejected if the AP was
configured to allow more than one authentication type.
2009-03-30 19:00:55 +03:00
Jouni Malinen
0f2b2c1973 Add needed AP driver wrappers (most of which are still to-do) 2009-03-27 17:13:54 +02:00
Jouni Malinen
07f117edb5 Set hostapd configuration based on wpa_supplicant AP mode config 2009-03-27 16:45:47 +02:00
Jouni Malinen
d3a9822542 Add support for specifying subset of enabled frequencies to scan
A new network block parameter, scan_freq, can be used to specify subset
of frequencies to scan. This can speed up scanning process considerably
if it is known that only a small subset of channels is actually used in
the network. A union of configured frequencies for all enabled network
blocks is used in scan requests.

Currently, only driver_nl80211.c has support for this functionality.

For example, following parameter marks 2.4 GHz channels 1, 6, 11 to be
scanned: scan_freq=2412 2437 2462
2009-03-26 21:55:01 +02:00
Jouni Malinen
2d5b792d2b Add preliminary hostapd data structure initialization for AP mode
wpa_supplicant can now initialize hostapd data structures when mode=2 is
used to set up an AP. The hostapd configuration is not yet set based on
wpa_supplicant network configuration block. In addition, the glue code
for hostapd driver_ops needs number of functions that will be needed for
AP functionality.
2009-03-26 20:37:05 +02:00
Jouni Malinen
1f1b62a0f0 Move wpa_supplicant_create_ap() into ap.c 2009-03-26 16:08:17 +02:00
Jouni Malinen
c746331b52 Allow hostapd/config.h and wpa_supplicant/config_ssid.h coexist
Move the shared IEEE 802.11w enum definition into src/common/defs.h to
avoid redefinition when both configuration structures are included into
the same file.
2009-03-26 16:06:15 +02:00
Jouni Malinen
089757c6a9 Fix wpa_supplicant AP build after hostapd header file cleanup 2009-03-25 16:35:26 +02:00
Jouni Malinen
f1a4871084 Link in AP functionality from hostapd when CONFIG_AP=y
This is only allowing the code to be compiled and linked in; the actual
functionality is not yet enabled.
2009-03-25 12:23:42 +02:00
Jouni Malinen
1581b38b67 Initial step in adding simple AP mode support into wpa_supplicant
This version is adding the configuration option (mode=2) for this and
driver capability reporting to figure out whether AP mode can be used.
However, this does not actually implement any real functionality yet.
2009-03-25 11:38:47 +02:00
Jouni Malinen
36b15723ca Deprecate set_drop_unencrypted(), set_auth_alg(), and set_mode()
All these driver handlers can be implemented in associate() handler
which gets all the needed information in the parameters structure. The
old functions that provided only a single parameter will be removed
eventually to clean up the driver_ops structure, so driver wrappers
should start using the newer mechanism.
2009-03-24 20:06:02 +02:00
Sam Leffler
19b9436c0e Fix UNIX domain socket address handling to be more portable
Removing just sun_family is not portable since some systems (e.g.,
FreeBSD) include an additional sun_len field. Using offsetof should be
portable. In addition, set sun_ken for FreeBSD.
2009-03-21 22:00:27 +02:00
Jouni Malinen
7d737d6bf9 Fix FreeBSD build by not adding -ldl
Unlike Linux, FreeBSD does not use libdl.
2009-03-21 20:59:07 +02:00
Jouni Malinen
26c9d7ea24 Fix IEEE 802.11r build without CONFIG_CLIENT_MLME 2009-03-21 20:57:21 +02:00
Jouni Malinen
c9d2ffbc4c Document CONFIG_CLIENT_MLME option as specific to test driver
Since user space MLME is not used with nl80211 anymore, this option is
only of use with driver_test.
2009-03-20 22:35:19 +02:00
Jouni Malinen
c2a0407851 Add SME support (separate authentication and association)
This can be used, e.g., with mac80211-based Linux drivers with
nl80211. This allows over-the-air FT protocol to be used (IEEE
802.11r).

Since the nl80211 interface needed for this is very recent (added
today  into wireless-testing.git), driver_nl80211.c has backwards
compatibility code that uses WEXT for association if the kernel does
not support the new commands. This compatibility code can be
disabled by defining NO_WEXT_COMPAT. That code will also be removed
at  some point to clean up driver_nl80211.c.
2009-03-20 22:26:41 +02:00
Jouni Malinen
4cb0dcd92d Fix IEEE 802.11r key derivation function to match with the standard
IEEE Std 802.11r-2008, 8.5.1.5.2 starts the 'i' counter from 1, not 0.
Note: this breaks interoperability with previous versions. [Bug 303]
2009-03-19 15:46:00 +02:00
Jouni Malinen
c5aaa01562 Detach ctrl_iface monitor if the client socket is removed
No need to wait for 10 errors when using UNIX domain socket; we can
detach the client immediately on ENOENT.
2009-03-17 16:56:30 +02:00
Jouni Malinen
babfbf15cc FT: Add RIC Request generation and validation (but not processing)
This adds first part of FT resource request as part of Reassocition
Request frame (i.e., FT Protocol, not FT Resource Request Protocol).
wpa_supplicant can generate a test resource request when driver_test.c
is used with internal MLME code and hostapd can verify the FTIE MIC
properly with the included RIC Request.

The actual RIC Request IEs are not processed yet and hostapd does not
yet reply with RIC Response (nor would wpa_supplicant be able to
validate the FTIE MIC for a frame with RIC Response).
2009-03-09 20:45:17 +02:00
Jouni Malinen
58d1f6d189 Fix EAP-FAST only build to include the needed EAPOL implementation 2009-03-08 11:29:31 +02:00
Jouni Malinen
c472ef754d driver_ndis: Add PAE group address to the multicast address
This is done with wired interfaces to fix IEEE 802.1X authentication
when the authenticator uses the group address (which should be happening
with wired Ethernet authentication).

This allows wpa_supplicant to complete wired authentication successfully
on Vista with a NDIS 6 driver, but the change is likely needed for
Windows XP, too.
2009-03-07 23:10:41 +02:00
Jouni Malinen
4ef1e644eb Determiner whether driver is wired at runtime based on capabilities
Do not use just the driver name for this since driver_ndis.c supports
both wired and wireless NDIS drivers and needs to indicate the driver
type after initialization.
2009-03-07 22:05:43 +02:00
Jouni Malinen
ed843aaa33 WMM-AC: Fix hostapd processing of ADDTS Request and add test code
Calculate the estimated medium time using integer variables since there
is no real need to use floating point arithmetics here. In addition,
make sure there is no division by zero regardless of how invalid the
request from the station is. Reject invalid parameters and refuse
requests that would take most of the bandwidth by themselves.

Add test code into wpa_supplicant mlme.c to allow WMM-AC negotiation to
be tested with driver_test.
2009-03-06 20:15:00 +02:00
Jouni Malinen
5c3dd4ebbe Enable WMM support in the test MLME code
This allows driver_test to be used to test WMM negotiation.
2009-03-06 17:28:00 +02:00
Jouni Malinen
9cf548c082 Allow PN531_PATH to be overriden from .config 2009-03-06 16:25:48 +02:00
Masashi Honma
e1ee6b600b WPS: Add support for NFC out-of-band mechanism
The new file wps_nfc.c and ndef.c implements NFC device independent
operation, wps_nfc_pn531.c implements NFC device dependent operation.

This patch is only for the following use case:
- Enrollee = wpa_supplicant
- Registrar = hostapd internal Registrar

Following NFC methods can be used:
- Enrollee PIN with NFC
- Registrar PIN with NFC
- unencrypted credential with NFC

Encrypted credentials are not supported.

Enrollee side operation:

Registrar side operation:

Example configuration.
CONFIG_WPS=y
CONFIG_WPS_NFC=y
CONFIG_WPS_NFC_PN531=y

I used NFC device "NXP PN531". The NFC device access method is
confidential, so I used outer library. Please download below files from
https://www.saice-wpsnfc.bz/index.php

[WPS NFC Library]
WpsNfcLibrary/WpsNfc.h
WpsNfcLibrary/WpsNfcType.h
WpsNfcLibrary/WpsNfcVersion.h
WpsNfcLibrary/linux/libnfc_mapping_pn53x.dll
WpsNfcLibrary/linux/wpsnfc.dll

[NFC Reader/Writer Kernel Driver]
NFCKernelDriver-1.0.3/linux/kobj/sonyrw.ko

<WiFi test>
The hostapd/wpa_supplicant with this patch passed below tests on
"Wi-Fi WPS Test Plan Version 1.6".
4.2.5 Add device using NFC Method with password token
(I used SONY STA instead of NXP STA.)

4.2.6 Add device using NFC Method with configuration token

5.1.9 Add to AP using NFC Method with password token
through internal registrar
(I used SONY AP instead of NXP AP.)

5.1.10 Add to AP using NFC Method with configuration token
through internal registrar
2009-03-06 16:16:22 +02:00
Jouni Malinen
7cc1b6c900 WPS: Add a workaround for TKIP/CCMP mixed mode credentials
Many deployed APs do not handle negotiation of security parameters well
when both TKIP and CCMP (or both WPA and WPA2) are enabled. The most
common end result seems to be ending up with the least secure option..

As a workaround, check whether the AP advertises WPA2/CCMP in Beacon
frames and add those options for the credential if needed. This allows
the client to select the most secure configuration regardless of how
broken the AP's WPS implementation is as far as auth/encr type
negotiation is concerned.
2009-03-05 21:39:39 +02:00
Jouni Malinen
77ac446621 Fix MLME build after WMM renames 2009-03-05 15:56:51 +02:00
Sam Leffler
a83d9c9652 Add build option CONFIG_TERMINATE_ONLASTIF
This makes wpa_supplicant terminate automatically if the configured
interface(s) disappear.
2009-03-02 21:57:00 +02:00
Sam Leffler
daa70d49de Add support for wpa_supplicant syslog output
Enable for build: CFLAGS += -DCONFIG_DEBUG_SYSLOG in .config
Enable at runtime: -s on command line
2009-03-02 21:40:44 +02:00
Jouni Malinen
049a292f89 Fix builds that need SHA256 or mod_exp, but not TLS functions 2009-02-27 17:46:40 +02:00
Jouni Malinen
f4c617ee4c WPS UFD: Add entry to ChangeLog 2009-02-26 22:10:50 +02:00
Jouni Malinen
116f7bb0a3 WPS UFD: Build OOB functionality only if UFD is enabled 2009-02-26 22:10:21 +02:00
Jouni Malinen
d5e2b2d274 WPS UFD: Use pre-configured DH keys only with OOB
The old behavior of generating new DH keys can be maintained for non-OOB
cases and only OOB (in this case, with UFD) will use the pre-configured
DH keys to allow the public key hash to be checked.
2009-02-26 22:09:35 +02:00
Jouni Malinen
7cbf51bbd8 WPS UFD: Remove oob_dev pointer from wps_context
This pointer and the especially the oob_dev->device_path does not remain
valid, so better not save it any longer than it is needed.
2009-02-26 22:07:55 +02:00
Jouni Malinen
390cd3105d WPS UFD: Make build conditional on CONFIG_WPS_UFD=y
Not all embedded devices have USB interface and it is useful to be able
to remove unneeded functionality from the binary. In addition, the
current implementation has some UNIX specific calls in it which may make
it not compile cleanly on all target systems.
2009-02-26 22:01:36 +02:00
Masashi Honma
46bdb83acd WPS: Add UFD support (USBA out-of-band mechanism)
This patch is only for the following use case:
- Enrollee = wpa_supplicant
- Registrar = hostapd internal Registrar

Following UFD methods can be used:
- Enrollee PIN with UFD
- Registrar PIN with UFD
- unencrypted credential with UFD

Encrypted credentials are not supported.

Enrollee side operation:
wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r

Registrar side operation:
./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 21:57:38 +02:00
Andriy Tkachuk
522b5b6ed3 WPS: Fix WEP key index to use 1..4 instead of 0..3
It seems that WFA WPS spec says that default key index should be 1 (not
0). I think this meas that WEP key indexes region is not from 0 to 3,
but from 1 to 4 in WPS. At least WRT610N implemented it this way.
2009-02-18 19:58:44 +02:00
Jouni Malinen
7c2849d2a0 Add BSS flags to scan results to indicate signal quality validity
These flags are used to mark which values (level, noise, qual) are
invalid (not available from the driver) and whether level is using dBm.
D-Bus interface will now only report the values that were available.
2009-02-18 13:40:38 +02:00