Commit graph

417 commits

Author SHA1 Message Date
Sam Leffler
4f34d51abe Do not schedule a new scan if no networks are enabled
This avoids an extra timeout to move to INACTIVE state.
2009-10-14 22:05:58 +03:00
Jouni Malinen
3afe7b61e0 Fix AES dependencies for CONFIG_AP=y (and IBSS) builds 2009-10-13 11:16:05 +03:00
Jouni Malinen
35deb646cc Fix CONFIG_AP=y build without CONFIG_CTRL_IFACE 2009-10-13 11:15:39 +03:00
Masashi Honma
279d859b8f Fix IEEE 802.11r/w compilation error
The hostapd/wpa_supplicant compilation failed with CONFIG_IEEE80211R=y
or CONFIG_IEEE80211W=y option if CONFIG_EAP_PSK and CONFIG_EAP_GPSK are
not used.
2009-10-13 10:04:46 +03:00
Jouni Malinen
6d6f4bb87f nl80211: Work around mac80211 limitation on (re)auth when authenticated
mac80211 does not currently allow (re)authentication when we are already
authenticated. In order to work around this, force deauthentication if
nl80211 authentication command fails with EALREADY. Unfortunately, the
workaround code in driver_nl80211.c alone is not enough since the
following disconnection event would clear wpa_supplicant authentication
state. To handle this, add some code to restore authentication state
when using userspace SME.

This workaround will hopefully become unnecessary in some point should
mac80211 start accepting new authentication requests even when in
authenticated state.
2009-10-12 09:39:55 +03:00
Masashi Honma
0e27f655f1 MFP: Clear IGTK
The fourth and fifth keys are used as IGTK for management frame
protection. This patch clears these keys.

I have tested with linux kernel 2.6.31.2.
2009-10-12 07:19:01 +03:00
Jouni Malinen
bd4e9d033b Replace CONFIG_NO_AES_EXTRAS with auto-detection during build
There is no need to do this manually since it is possible to figure
out automatically which AES extra files need to be included in the
build.
2009-10-11 22:23:50 +03:00
Jouni Malinen
38b462868c Clean up crypto makefile segments
Reorganize the TLS/crypto library segments into a single set of blocks
for each library instead of multiple locations handling library-specific
operations. Group crypto functionality together and get wpa_supplicant
and hostapd Makefile closer to eachother in order to make it easier to
eventually move this into a shared makefile.
2009-10-11 22:04:29 +03:00
Jouni Malinen
7137456941 Move TLS_FUNCS and NEED_CRYPTO segment next to each other 2009-10-11 20:34:26 +03:00
Jouni Malinen
9d388d5007 Further crypto makefile unification 2009-10-11 20:31:15 +03:00
Jouni Malinen
0dba0175c5 Fix crypto config for minimal builds 2009-10-11 20:19:12 +03:00
Jouni Malinen
000bbd77c9 Cleaned up and unified some of the crypto Makefile code 2009-10-11 19:42:04 +03:00
Jouni Malinen
f042122a57 Allow the internal DH implementation to be overridden
Crypto library wrappers can now override the internal DH (group 5)
implementation. As a starting point, this is done with OpenSSL. The
new mechanism is currently available only for WPS (i.e., IKEv2 still
depends on the internal DH implementation).
2009-10-11 19:17:22 +03:00
Jouni Malinen
dd01b1ff9d Include only the used DH groups in the build
This reduces the binary size by 3 kB or so when WPS is included in
the build, but IKEv2 is not.
2009-10-11 15:24:40 +03:00
Jouni Malinen
9fac49c15c Fix wpa_passphrase build with NSS 2009-09-30 19:14:43 +03:00
Jouni Malinen
d094741c5a wpa_gui-qt4: Add pending WPS PIN queries into peer dialog
Whenever running wpa_supplicant in AP mode with WPS enabled, the
notifications of missing WPS PIN are now shown on the peer dialog
to make it easier to provide the PIN.
2009-09-29 23:16:21 +03:00
Jouni Malinen
4f760fcc7c Fix hostapd wpa_msg() calls ctx for wpa_supplicant AP mode
Need to use wpa_s pointer, not hapd pointer, for these calls.
2009-09-29 21:25:14 +03:00
Jouni Malinen
acfbf1f5d7 wpa_gui-qt4: Fix peer_role_address for AP entry 2009-09-29 20:51:45 +03:00
Jouni Malinen
b55aaa5fdf Allow IBSS/AP mode networks to be created in ap_scan=1 mode
If no BSSes/IBSSes matching the enabled networks are found in the scan
results, IBSS/AP mode network (if configured) can be created in
ap_scan=1 mode instead of requiring ap_scan=2 mode to be used whenever
using IBSS or AP mode.
2009-09-29 17:11:36 +03:00
Jouni Malinen
09b9df4e4a Split wpa_supplicant_event_scan_results() into helper functions 2009-09-29 14:30:11 +03:00
Jouni Malinen
289ffc2b61 Add preliminary version of NSS TLS/crypto wrapper for wpa_supplicant
This brings in the first step in adding support for using NSS
(Mozilla Network Security Services) as the crypto and TLS library
with wpa_supplicant. This version is able to run through EAP-PEAP
and EAP-TTLS authentication, but does not yet implement any
certificate/private key configuration. In addition, this does not
implement proper key fetching functions either, so the end result
is not really of much use in real world yet.
2009-09-29 01:21:09 +03:00
Johannes Berg
0194fedb46 driver_nl80211: Fix MLME key settings for static WEP
Current wpa_supplicant has a bug with WEP keys, it adds a zero-length
sequence counter field to netlink which the kernel doesn't accept.

Additionally, the kernel API slightly changed to accept keys only when
connected, so we need to send it the keys after that. For that to work
with shared key authentication, we also include the default WEP TX key
in the authentication command.

To upload the keys properly _after_ associating, add a new flag
WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC_DONE indicating that the driver
needs the keys at that point and not earlier.
2009-09-15 10:48:30 +03:00
Jouni Malinen
60b94c9819 Add preliminary background scan and roaming module design
This allows background scanning and roaming decisions to be contained in
a single place based on a defined set of notification events which will
hopefully make it easier to experiment with roaming improvements. In
addition, this allows multiple intra-ESS roaming policies to be used
(each network configuration block can configure its own bgscan module).

The beacon loss and signal strength notifications are implemented for
the bgscan API, but the actual events are not yet available from the
driver.

The included sample bgscan module ("simple") is an example of what can
be done with the new bgscan mechanism. It requests periodic background
scans when the device remains associated with an ESS and has couple of
notes on what a more advanced bgscan module could do to optimize
background scanning and roaming. The periodic scans will cause the scan
result handler to pick a better AP if one becomes available. This bgscan
module can be taken into use by adding bgscan="simple" (or
bgscan="simple:<bgscan interval in seconds>") into the network
configuration block.
2009-09-15 00:08:24 +03:00
Samuel Ortiz
3180d7a208 Getting back to DISCONNECTED afer SCANNING
After transitioning from DISCONNECTED to SCANNING, we never go back
to DISCONNECTED even though scanning is done or failed.
We're thus stuck in SCANNING while scanning is actually done.
2009-09-14 17:25:03 +03:00
Masashi Honma
f1b0de09d9 WPS: Fix CONFIG_WPS=y compilation of wpa_supplicant
The wpa_supplicant compilation failed with CONFIG_WPS=y option
if CONFIG_CLIENT_MLME and CONFIG_IEEE80211R are not used.
2009-09-14 16:50:53 +03:00
Witold Sowa
3e53b314f5 Share same freeing and error checking code in get_scan_results
Convert wpa_supplicant_get_scan_results_old() to use the same return
style with the other get_scan_results options and clean up the code
by sharing the same scan result freeing and error checking code for
all the options.
2009-09-13 22:21:52 +03:00
Witold Sowa
86b89452f6 Use shared functions for network operations and param changes
Instead of implementing these separately in various control
interface handlers, use shared functions. These add some of the
previously missing notification calls, too, for the affected areas.
2009-09-13 21:16:43 +03:00
Jouni Malinen
8bac466b00 Add wpa_supplicant notification calls
This introduces a new mechanism for collecting notification calls into
a single place (notify.c). As a result of this, most of the
wpa_supplicant code does not need to know about dbus (etc. mechanisms
that could use the notifications). Some empty placeholder functions are
also added in preparation of new dbus code that needs more event
notifications.
2009-09-13 20:53:32 +03:00
Witold Sowa
1bd3f426d3 Remove extra whitespace 2009-09-13 20:27:54 +03:00
Jouni Malinen
614ff64fe0 wpa_gui-qt4: Fix WPS AP detection for peer window 2009-09-11 19:06:38 +03:00
Jouni Malinen
b1078a4bfb wpa_gui-qt4: Add scan results into the peer window
In addition, add a peer entry type for each peer entry. Currently,
this is only stored as an integer and visible in the context menu.
Eventually, different icons should be used based on this type.
2009-09-11 18:37:16 +03:00
Jouni Malinen
acd8ba74c0 wpa_gui-qt4: Handle UNKNOWN COMMAND reply during peer window update
Avoid an infinite loop if wpa_supplicant is not built with AP support.
2009-09-11 17:52:46 +03:00
Jouni Malinen
611ed49118 Add parsed information from WPS IE(s) into scan results
This makes it easier for external programs to show WPS information
since they do not need to parse the WPS IE themselves anymore.
2009-09-11 17:14:49 +03:00
Jouni Malinen
6a88ae863f wpa_gui-qt4: Add context menu for peers dialog
Replace the clicked() event with more appropriate context menu
and add a WPS PIN entry as an example command.
2009-09-10 14:43:08 +03:00
Jouni Malinen
e2670b1176 wpa_gui-qt4: Include cstdio to avoid some compiler issues
It looks like some build systems do not find snprintf() here unless
cstdio is included explicitly.
2009-09-09 11:11:42 +03:00
Jouni Malinen
f05c7194cd wpa_gui-qt4: Add a new window for showing peer information
This provides some initial functionality for showing peer information,
i.e., showing information about other devices that has been discovered.
Currently, information is only available in the AP mode (list of
associated stations), but this is expected to increase in the future
(e.g., show the current AP in station mode, other stations in IBSS,
etc.). Furthermore, there will be actions available for doing things
like providing a WPS PIN for a station.
2009-09-08 16:28:41 +03:00
Jouni Malinen
e653b62275 Add station table query to wpa_supplicant AP ctrl_iface
"wpa_cli all_sta" and "wpa_cli sta <addr>" can now be used to fetch
information about stations associated with the
wpa_supplicant-controlled AP.
2009-09-08 12:58:02 +03:00
Jouni Malinen
52eb293dd2 WPS: Add support for AP reconfiguration with wps_reg
wpa_supplicant can now reconfigure the AP by acting as an External
Registrar with the wps_reg command. Previously, this was only used
to fetch the current AP settings, but now the wps_reg command has
optional arguments which can be used to provide the new AP
configuration. When the new parameters are set, the WPS protocol run
is allowed to continue through M8 to reconfigure the AP instead of
stopping at M7.
2009-09-06 13:58:15 +03:00
Jouni Malinen
1ff733383f Delay processing of EAPOL frames when not associated
If an EAPOL frame is received while wpa_supplicant thinks the driver is
not associated, queue the frame for processing at the moment when the
association event is received. This is a workaround to a race condition
in receiving data frames and management events from the kernel.

The pending EAPOL frame will not be processed unless an association
event is received within 100 msec for the same BSSID.
2009-09-04 18:04:41 +03:00
Chuck Tuffli
94873e3b84 Fix comment in wpa_supplicant_event_associnfo
Found what I think is a copy/paste error in the comments for the .11r
code.
2009-08-26 23:51:12 +03:00
Witold Sowa
3a57305f10 Fix a bug with ap_rx_from_unknown_sta() recursion
ap_rx_from_unknown_sta was going into infinite recursion,
or could even crash because of corrupted pointer cast.
2009-08-26 20:18:24 +03:00
Jouni Malinen
7cba52d852 Use OpenSSL for RC4 instead of internal implementation 2009-08-16 22:26:13 +03:00
Jouni Malinen
ac73690c06 Move RC4 into crypto.h as a replaceable crypto function
This allows crypto library wrappers to override the internal RC4
implementation in the same way as can already be done for other crypto
algorithms.
2009-08-16 20:13:14 +03:00
Jouni Malinen
577072b116 Fix FIPS mode build of eapol_test 2009-08-16 19:00:49 +03:00
Jouni Malinen
ff916b9df7 Allow non-FIPS MD5 to be used with TLS PRF even in FIPS mode
This is allowed per FIPS1402IG.pdf since the TLS PRF depends fully on
both MD5 and SHA-1.
2009-08-16 18:56:48 +03:00
Jouni Malinen
76f04b38b0 Preliminary support for FIPS mode operation with OpenSSL
wpa_supplicant can now be built with FIPS capable OpenSSL for FIPS mode
operation. Currently, this is only enabling the FIPS mode in OpenSSL
without providing any higher level enforcement in wpa_supplicant.
Consequently, invalid configuration will fail during the authentication
run. Proper configuration (e.g., WPA2-Enterprise with EAP-TLS) allows
the connection to be completed.
2009-08-16 14:24:22 +03:00
Jouni Malinen
1430ba9b7e OpenSSL: Use library version of SHA256
There is no need to use the internal SHA256 implementation when using
OpenSSL.
2009-08-16 14:15:36 +03:00
Bjarke Istrup Pedersen
466940c55e Use LDFLAGS in all linker commands
When building hostapd and wpa_supplicant, the build system does not
respect the LDFLAGS selected in the environment in some cases. [Bug 311]
2009-08-16 09:47:56 +03:00
Witold Sowa
b2cc805619 Set current ssid when entering AP mode
After successful starting AP mode, current_ssid field is set to
ssid used to create AP.
2009-08-15 21:04:50 +03:00
Jouni Malinen
905a32a5f4 Added new SHA1 files into VS project files to fix the build 2009-08-15 20:51:35 +03:00