Commit graph

11461 commits

Author SHA1 Message Date
Masashi Honma
46bdb83acd WPS: Add UFD support (USBA out-of-band mechanism)
This patch is only for the following use case:
- Enrollee = wpa_supplicant
- Registrar = hostapd internal Registrar

Following UFD methods can be used:
- Enrollee PIN with UFD
- Registrar PIN with UFD
- unencrypted credential with UFD

Encrypted credentials are not supported.

Enrollee side operation:
wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r

Registrar side operation:
./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 21:57:38 +02:00
Jouni Malinen
b414900a90 Reduce latency on starting WPS negotiation (TX EAPOL-Start earlier)
Reduce startWhen from 3 to 1 second if WPS is included in the build.
While this is done regardless of runtime WPS configuration, it is fine
to use a smaller value here in general. This cuts two seconds out from
WPS negotiation if the driver does not support addition of WPS IE into
the (Re)Association Request frame.
2009-02-23 20:59:27 +02:00
Jouni Malinen
a9aca28ba3 Fix WPS in non-WPA modes with drivers that implement MLME
Need to set WLAN_STA_WPS and WLAN_STA_MAYBE_WPS flags even if WPA is not
enabled. This allows open and static WEP modes to initiate WPS
negotiation with madwifi-like drivers.
2009-02-23 20:57:07 +02:00
Jouni Malinen
a20088e576 Allow SHA256-based key handshake to be used without 802.11r
Previously, both CONFIG_IEEE80211W=y and CONFIG_IEEE80211R=y were needed
to enable SHA256-based key handshake (WPA-PSK-SHA256 and
WPA-EAP-SHA256). This can now be done with just CONFIG_IEEE80211W=y.
2009-02-19 19:49:34 +02:00
Jouni Malinen
6d7fb6918d Add new driver wrapper for the Atheros driver
This uses similar, but not identical, interface to madwifi. It is easier
to keep this separate to avoid conflicts with potential changes in the
driver interfaces.
2009-02-19 16:27:07 +02:00
Jouni Malinen
d3cba719ff WPS: Use WEP key index 1..4 instead of 0..3 when configuring AP 2009-02-18 20:17:47 +02:00
Andriy Tkachuk
522b5b6ed3 WPS: Fix WEP key index to use 1..4 instead of 0..3
It seems that WFA WPS spec says that default key index should be 1 (not
0). I think this meas that WEP key indexes region is not from 0 to 3,
but from 1 to 4 in WPS. At least WRT610N implemented it this way.
2009-02-18 19:58:44 +02:00
Sebastien Decugis
ab61c4fc36 Fix hostapd build without NEED_MLME
The following patch fixes a compilation issue when compiling hostapd to
serve as pure RADIUS authentication server.
2009-02-18 19:43:07 +02:00
Jouni Malinen
7c2849d2a0 Add BSS flags to scan results to indicate signal quality validity
These flags are used to mark which values (level, noise, qual) are
invalid (not available from the driver) and whether level is using dBm.
D-Bus interface will now only report the values that were available.
2009-02-18 13:40:38 +02:00
Jouni Malinen
d173df5232 nl80211: Use per-scan request WPS IE
Replace the global set probe request IEs mechanism with a new nl80211
option for specifying vendor IEs for each scan request.
2009-02-18 12:49:25 +02:00
Jouni Malinen
8807377fe4 nl80211: Add TX/RX packet counts into accounting information 2009-02-18 11:29:45 +02:00
Jouni Malinen
878ad127ba Sync nl80211_copy.h with wireless-testing linux/nl80211.h 2009-02-18 11:28:55 +02:00
Andriy Tkachuk
4b195a1bc9 WPS: support WEP keys in hex characters format in received credentials
Attached patch makes wpa_supplicant support WEP keys in hex characters
format in received credentials from Registrars (tested with WRT610N).
2009-02-17 10:30:43 +02:00
Andriy Tkachuk
0632542b8b WPS: support registration with APs in WEP security mode
Attached patch fixes the issue when supplicant does not select APs in
WEP security mode for WPS registration.
2009-02-17 10:17:24 +02:00
Jouni Malinen
84992a8fb4 Updated to-do list for wpa_supplicant
No point in using time with Host AP driver optimizations anymore.
Note another race condition with 4-way handshake (and PTK config to
driver).
2009-02-16 20:50:55 +02:00
Jouni Malinen
dbdf58b053 driver_nl80211: Fix STA accounting data collection
TX/RX bytes are now reported correctly (typo ended up leaving TX bytes
uninitialized and set RX bytes value to use correct TX bytes). TX/RX
packet counts are not yet available from kernel, so we have to clear the
values to avoid reporting bogus data.
2009-02-16 13:28:42 +02:00
Jouni Malinen
8a0eae80ac Preparations for 0.6.8 release 2009-02-15 20:17:25 +02:00
Jouni Malinen
caf3159831 Update nmake.mak to match with current files 2009-02-15 18:35:23 +02:00
Jouni Malinen
f2d8fc3d96 Do not try session resumption after EAP failure
If session resumption fails for any reason, do not try it again because
that is just likely to fail. Instead, drop back to using full
authentication which may work. This is a workaround for servers that do
not like session resumption, but do not know how to fall back to full
authentication properly.
2009-02-15 17:36:49 +02:00
Jouni Malinen
c511c8c6e0 Avoid using #ifdef inside printf string
This makes it easier to use a preprocessor macro for printf.
2009-02-15 14:35:30 +02:00
Daniel Mierswa
d94d4bafbb Improved 'make install' (use BINDIR/LIBDIR, install shared objects) 2009-02-15 14:22:50 +02:00
Daniel Mierswa
6301cc5d38 Allow the privsep driver to pass the set_country to the real driver 2009-02-15 14:13:27 +02:00
Jouni Malinen
2cfcd014f4 Check EAP-AKA' AT_KDF duplication only if KDF was negotiated
This fixes an issue where two AKA'/Challenge messages are received when
resynchronizing SEQ#. Previously, this used to trigger an authentication
failure since the second Challenge message did not duplicate AT_KDF.
2009-02-15 10:28:55 +02:00
Jouni Malinen
3fe430b5d5 Add debug prints for couple of new EAP-AKA' attributes 2009-02-15 10:28:16 +02:00
Jouni Malinen
ba2a573c5f Rename "broadcast SSID" to "wildcard SSID"
"Wildcard SSID" is the term used in IEEE Std 802.11-2007, so it is a
better name for the zero-length SSID used in Probe Request.
2009-02-14 22:21:17 +02:00
Jouni Malinen
6a1063e008 driver_nl80211: Add support for multi-SSID scan requests 2009-02-14 21:17:46 +02:00
Jouni Malinen
e76baaac0c Add support for multi-SSID scan requests
If the driver reports support for more than one SSID per scan request,
optimize scan_ssid=1 operations in ap_scan=1 mode. This speeds up
scanning whenever scan_ssid=1 is used since the broadcast SSID can be
included in every scan request and if driver supports more than two
SSIDs in the scan request, the benefits are even larger when multiple
networks have been configured with ap_scan=1.

This is also cleaning up wpa_supplicant_scan() function by moving code
around so that the SSID list is not processed unnecessarily if the
operation mode does not need this.
2009-02-14 20:59:26 +02:00
Jouni Malinen
f55b218a5c driver_test: Implement scan2() handler
This does not actually send out separate scan requests for each SSID,
but the debug output can be used to test scan2() functionality with
multiple SSIDs.
2009-02-14 17:11:21 +02:00
Jouni Malinen
fc2b7ed5f3 Add extended driver scan request command: driver_ops::scan2()
This can be used to provide support for scanning multiple SSIDs at a
time to optimize scan_ssid=1 operations. In addition, Probe Request IEs
will be available to scan2() (e.g., for WPS PBC scanning).
2009-02-14 17:01:32 +02:00
Jouni Malinen
362f781e1c Allow multiple driver wrappers to be specified on command line
For example, -Dnl80211,wext could be used to automatically select
between nl80211 and wext. The first driver wrapper that is able to
initialize the interface will be used.
2009-02-14 16:43:43 +02:00
Jouni Malinen
7d315b7b42 nl80211: Remove one second sleep after iface up
This workaround was needed with some drivers that used WEXT, but there
is no known nl80211-enabled driver that would need this, so lets get rid
of the extra delay.
2009-02-12 22:05:36 +02:00
Jouni Malinen
80bc75f135 New driver capability info: max number of scan SSIDs
The driver wrappers can now inform wpa_supplicant how many SSIDs can
be used in a single scan request (i.e., send multiple Probe Requests
per channel). This value is not yet used, but it can eventually be used
to allow a new scan command to specify multiple SSIDs to speed up
scan_ssid=1 operations. In addition, a warning could be printed if
scan_ssid=1 is used with a driver that does not support it
(max_scan_ssids=0).
2009-02-12 22:05:32 +02:00
Jouni Malinen
97865538ba nl80211: Replace WEXT scan event with nl80211
Use the new nl80211 scan event mechanism instead of the WEXT event.
This completes the move from WEXT scanning into nl80211 scanning.
2009-02-12 20:19:49 +02:00
Jouni Malinen
b3db1e1cd3 nl80211: Replace SIOCGIWSCAN with NL80211_CMD_GET_SCAN
This replaces the WEXT mechanism for fetching scan results with the new
nl80211 mechanism.
2009-02-12 20:19:33 +02:00
Jouni Malinen
0e75527f7e nl80211: Replace SIOCSIWSCAN with NL80211_CMD_TRIGGER_SCAN
This is the first step in replacing WEXT-based scan with the new
nl80211-based mechanism.
2009-02-12 20:19:09 +02:00
Jouni Malinen
b938903e41 Sync nl80211.h with the current wireless-testing version 2009-02-12 14:46:26 +02:00
Jouni Malinen
f6190d376d Removed an obsolete comment about use of external program for EAP 2009-02-11 22:35:27 +02:00
Jouni Malinen
265ca78917 Add another Milenage test set that is suitable for EAP-AKA'
The Test Set 19 from TS 35.208 has an AMF with the separation bit set
and as such, it is suitable for EAP-AKA' testing.
2009-02-11 17:29:03 +02:00
Jouni Malinen
35f30422ec EAP-AKA': Verify that AMF separation bit is set 2009-02-11 17:28:42 +02:00
Jouni Malinen
ec1020512c wpa_gui-qt4: Add support for selecting between WEP open/shared key auth
Split the auth=none option into three: open, WEP, WEP with shared key to
allow the user specify WEP with shared key authentication. In addition,
fix static WEP key edits to be enabled only when using static WEP keys
(i.e., not for IEEE 802.1X).
2009-02-10 15:26:26 +02:00
Jouni Malinen
4225097c5a Fix test-sha256 build 2009-02-10 14:31:27 +02:00
Helmut Schaa
e1b525c356 Use signal quality if level is not available for comparing max rates
Some drivers (for example ipw2100) do not report signal level but only
signal quality. wpa_supplicant already uses the signal quality if no
level is reported and all other comparision parameters are equal to sort
the scan results. However, if two APs have different max rates and the
signal level does not differ much wpa_supplicant chooses the AP with the
higher max rate.

In case of ipw2100 no signal level is reported and thus wpa_supplicant
always takes the AP with higher max rate even if its signal quality is
really low. For example if AP1 (max rate 11Mb/s, 80% signal quality) and
AP2 (max rate 54 Mb/s, 20% signal quality) are found by a scan
wpa_supplicant would choose AP2.

Hence, if no signal level is reported depend on the signal quality if
max rate should be compared. A quality difference of 10% is considered
acceptable in favor of the higher max rate.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2009-02-10 13:47:14 +02:00
Jouni Malinen
073ab58ff5 Fixed a copy-paste error in a function documentation 2009-02-10 11:45:17 +02:00
Jouni Malinen
4853d5ac84 wext: Force disconnect on deauthenticate()
Use the same zero-BSSID, random-SSID trick for both disassociate() and
deauthenticate().
2009-02-10 11:43:40 +02:00
Dan Williams
b965fa7294 wext: really disassociate (set random SSID)
Really disassociate when tearing stuff down; drivers may sometimes
(legally) keep trying to reassociate unless the BSSID is unlocked.  If
the SSID is unlocked too, under WEXT drivers are able to pick an SSID to
associate, so kill that behavior by setting a bogus SSID.  Unfortunately
WEXT doesn't provide an easy method to say "stop whatever doing and just
idle".

Signed-off-by: Dan Williams <dcbw@redhat.com>
2009-02-10 11:40:19 +02:00
Masashi Honma
34a6c94178 WPS: Fix clearing of WPS IE with madwifi driver
On WPS init/deinit process, the hostapd clears it's own WPS IE
with 0 length WPS IE. But it fails. Because the parameter to
ioctl is too short. Then hostapd prints a below message.

ioctl[IEEE80211_IOCTL_SET_APPIEBUF]: Invalid argument
2009-02-10 11:23:59 +02:00
Jouni Malinen
edd757e8a3 Use larger buffer for TLS encryption to avoid issues with GnuTLS
It looks like GnuTLS (at least newer versions) is using random padding
on the application data and the previously used 100 byte extra buffer
for tls_connection_encrypt() calls was not enough to handle all cases.
This resulted in semi-random authentication failures with EAP-PEAP and
EAP-TTLS during Phase 2.

Increase the extra space for encryption from 100 to 300 bytes and add an
error message into tls_gnutls.c to make it easier to notice this issue
should it ever show up again even with the larger buffer.
2009-02-09 22:37:55 +02:00
Masashi Honma
363a9e2434 WPS: Set correct Selected Registrar Config Methods attribute
I tried PBC with the hostapd registrar.
I pushed the button with "hostap_cli WPS_PBC".
But hostapd registrar always sends Selected Registrar Config Methods
attribute=0x0000 in beacon/probe response.
2009-02-09 19:50:52 +02:00
Helmut Schaa
c3f5b1e16d Send a dbus reply only if requested by the caller
wpa_supplicant should not send a dbus reply as response to a method call
if no reply was requested by the caller. Sending a reply even if not
requested is basically no problem but triggers dbus warnings like the
one below.

Feb  9 07:31:23 linux-gvjr dbus-daemon: Rejected send message, 2 matched
rules; type="error", sender=":1.129" (uid=0 pid=30228
comm="/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wp")
interface="(unset)" member="(unset)" error
name="fi.epitest.hostap.WPASupplicant.InvalidInterface"
requested_reply=0 destination=":1.128" (uid=0 pid=30226
comm="/usr/sbin/NetworkManager "))

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2009-02-09 19:45:06 +02:00
Alan T. DeKok
02a89365ab Create os_daemon for OS X, as it's now deprecated (Leopard)
Using it results in an error at build time.  So we replace it.
2009-02-08 13:40:34 +02:00