Commit graph

427 commits

Author SHA1 Message Date
Jouni Malinen
982bafedaf FIPS: Mix in OpenSSL RAND_bytes() into random_get_bytes()
Make sure that the OpenSSL DRBG gets used when generating
random numbers in FIPS mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 21:49:41 +03:00
Jouni Malinen
030d062fac OpenSSL: Implement SHA1 HMAC functions using HMAC API
Use the OpenSSL HMAC implementation instead of the internal sha1.c
implementation of HMAC with SHA1.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:38:25 +03:00
Jouni Malinen
d6150094e0 Move SHA1-based PRF function into a separate C file
This makes it easier to conditionally build in SHA1 functions based
on which TLS/crypto library is used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:26:16 +03:00
Jouni Malinen
e40c86ad27 OpenSSL: Use library function for PBKDF2 passphrase-to-PSK
Use the OpenSSL PKCS5_PBKDF2_HMAC_SHA1() function instead of the
internal implementation in sha1-pbkdf2.c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:26:16 +03:00
Jouni Malinen
6e6909a97e FIPS: Remove MD5 from the CONFIG_FIPS=y build
When CONFIG_FIPS=y is used, do not include MD5 in the build and disable
EAPOL-Key frames that use MD5 (WPA/TKIP and dynamic WEP with IEEE
802.1X).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:03:17 +03:00
Jouni Malinen
271dbf1594 FIPS: Do not build md5-non-fips.o unless really needed
This is not needed anymore when using OpenSSL keying exporter
functionality for PRF.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 19:58:15 +03:00
Jouni Malinen
c9e08af24f Do not export TLS keys in FIPS mode
Only allow the TLS library keying material exporter functionality to be
used for MSK derivation with TLS-based EAP methods to avoid exporting
internal TLS keys from the library.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 19:38:15 +03:00
Jouni Malinen
411f567050 Allow libdl to be linked in after OpenSSL
OpenSSL-based builds may need libdl in the linker line after the OpenSSL
library. CONFIG_TLS_ADD_DL=y can now be used to force that if needed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 19:34:38 +03:00
Jouni Malinen
e001191837 Add "make fips" for wpa_supplicant builds with OpenSSL
This can be used for convenience to build wpa_supplicant with OpenSSL
FIPS object module. CONFIG_FIPS=y is expected to be used in
wpa_supplicant/.config when using this option.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 17:53:05 +03:00
Janusz Dziedzic
afadf423db wpa_supplicant: Add optional remote access for ctrl_iface
Add new option for ctrl iface: CONFIG_CTRL_IFACE=udp-remote. This
enables remote access to control interface via UDP port(s). This should
be used for testing purpose only since there is no authentication or
access control on the commands.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2012-08-05 20:01:07 +03:00
Jouni Malinen
306ae22556 EXT PW: Add framework for supporting external password storage
This new mechanism can be used to make wpa_supplicant using external
storage (e.g., key store in the operating system) for passwords,
passphrases, and PSKs. This commit is only adding the framework part
needed to support this, i.e., no actual configuration parameter can
yet use this new mechanism. In addition, only a simple test backend
is added to allow developer testing of the functionality.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-03 22:15:42 +03:00
Xi Chen
75cad1a0d4 WNM: Add WNM-Sleep Mode for station mode
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-01 13:21:27 +03:00
Jay Katabathuni
19a8ad9944 HS 2.0: Add Hotspot 2.0 Indication for AP
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 18:23:38 +03:00
Jouni Malinen
40a5e3bfde WPS: Add a standalone tool for building NFC password tokens
nfc_pw_token can be used to build random NFC password token for WPS.
This tool prints out the wpa_supplicant.conf (or hostapd.conf)
parameters and the hexdump of the WPS password token (with and without
NDEF encapsulation) so that it can be written to a NFC tag with an
external program.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 21:01:37 +03:00
Tomasz Bursztyka
e3659c89d2 Add a simple periodic autoscan module
This module will sets a fixed scanning interval. Thus, the parameter to
this module is following this format: <fixed interval>

Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 19:28:21 +03:00
Tomasz Bursztyka
c0fba2b38d Add autoscan module named exponential
This module will compute the interval on a base exponential. Thus,
params to this module are following this format: <base>:<limit>

Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 19:22:56 +03:00
Tomasz Bursztyka
7c865c6853 Add automatic scanning support
Like bgscan, autoscan is an optional module based feature to automate
scanning but while disconnected or inactive.

Instead of requesting directly a scan, it only sets the scan_interval
and the sched_scan_interval. So, if the driver supports sched_scan,
autoscan will be able to tweak its interval. Otherwise, the tweaked
scan_interval will be used. If scan parameters needs to be tweaked, an
autoscan_params pointer in wpa_s will provide those. So req_scan /
req_sched_scan will not set the scan parameters as they usually do, but
instead will use this pointer.

Modules will not have to request a scan directly, like bgscan does.
Instead, it will need to return the interval it wants after each
notification.

Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 18:55:41 +03:00
Jouni Malinen
b6668734ab WNM: Add advertisement of BSS max idle period
If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period
information to the (Re)Association Response frame from the AP and parse
this information on the station. For SME-in-wpa_supplicant case, add a
timer to handle periodic transmission of the keep-alive frame. The
actual request for the driver to transmit a frame is not yet
implemented.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-27 17:35:00 -07:00
Jay Katabathuni
25471fe3b9 HS 2.0: Add Hotspot 2.0 ANQP routines
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:29:40 +03:00
Johannes Berg
4f68895e92 debug: Add option to log to Linux tracing
Add the option (-T) to wpa_supplicant to log all debug messages into the
kernel tracing, allowing to aggregate kernel debugging with
wpa_supplicant debugging and recording all with trace-cmd.

Since tracing has relatively low overhead and can be filtered
afterwards, record all messages regardless of log level. However, it
will honor the -K option and not record key material by default.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-03-31 13:55:33 +03:00
Jouni Malinen
1d4839ee85 Fix CONFIG_AP + CONFIG_INTERWORKING build
Need to include gas_serv.o in the build to get all the needed symbols.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-27 16:21:50 +02:00
Ben Greear
2df4c4ef2f eloop: Support poll() in eloop
When using more than around 200 virtual stations, we start hitting the
max number of file descriptors supported by select(). This patch adds
support for poll(), which has no hard upper limit.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-02-12 21:12:22 +02:00
Ben Greear
80e8a5eef1 Support HT capability overrides
This allows HT capabilities overrides on kernels that
support these features.

MCS Rates can be disabled to force to slower speeds when using HT.
Rates cannot be forced higher.

HT can be disabled, forcing an 802.11a/b/g/n station to act like
an 802.11a/b/g station.

HT40 can be disabled.

MAX A-MSDU can be disabled.
A-MPDU Factor and A-MPDU Density can be modified.

Please note that these are suggestions to the kernel. Only mac80211
drivers will work at all. The A-MPDU Factor can only be decreased and
the A-MPDU Density can only be increased currently.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-01-29 21:01:31 +02:00
Jouni Malinen
ea5cb06ef9 Install only the binaries into BINDIR
There is no point in installing *.service files into BINDIR.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-01-29 14:20:41 +02:00
Grant Erickson
b111764384 build: Fix install target parent directory prerequisites
This changes the install target such that parent directories of
installed paths area created and each path is only installed
on a dependency basis.

Signed-off-by: Grant Erickson <marathon96@gmail.com>
2012-01-29 14:18:22 +02:00
Jouni Malinen
9013edc300 dbus: Remove unused D-Bus version defines
These have not been used since commit
8ddef94bd4.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-01-29 12:53:12 +02:00
Jouni Malinen
6897ce14a4 Rename systemd template files to avoid @ in the file name
Perforce does not like @ in the file name and since these template files
do not really need to have that in the name, make the files in
repository friendlier to Perforce. The generated *.service file will
maintain their old names.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-01-28 17:12:30 +02:00
Jouni Malinen
48f24f93a5 wpa_passphrase: Include SHA256 objects to fix some build combinations
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 22:17:41 +02:00
Jouni Malinen
ca84eed7ad TLS: Add build configuration for TLS v1.2 support
This allows the internal TLS implementation to be built for TLS v1.2
support. In addition to the build option, this changes the TLS PRF
based on the negotiated version number. Though, this commit does not
yet complete support for TLS v1.2.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 21:45:07 +02:00
Jouni Malinen
8307489840 Add implementation of TLS v1.2 PRF (P_SHA256)
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-27 21:10:06 +02:00
Alan T. DeKok
8205c82a48 wpa_supplicant: Make objects depend on the .config file
The source code compiles into different objects depending on
the contents of .config. Therefore, the objects should depend
on .config.

Previously, only the executables depended on .config. This meant
that they were re-linked when .config changed. But that relink
process used the old (and now wrong) objects.
2011-11-19 11:46:39 +02:00
Jouni Malinen
aea855d752 Move wpa_scan_results_free() into shared C file
Replace the inline helper function with a new C file that can be used
for common driver API related function.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 18:56:26 +02:00
Jouni Malinen
67a5206482 Remove obsoleted Qt3-based wpa_gui
This code has not been maintained for years and there is no plan on
doing so either in the future. The Qt4-based wpa_gui-qt4 version can be
used as a replacement for this older wpa_gui version.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 17:48:31 +02:00
Jouni Malinen
a624f20bcd wpa_cli: Add completion functions for P2P peers and BSSes
Keep a local list of found P2P peers and BSS entries and use those
to complete arguments for p2p_peer, p2p_connect, and bss commands.
2011-10-28 23:50:37 +03:00
Jouni Malinen
8271f14a4d Automatically include WPS and AP support if P2P is enabled
CONFIG_WPS=y and CONFIG_AP=y are required if CONFIG_P2P=y so
we may as well enable them automatically in that case.
2011-10-28 21:17:08 +03:00
Arik Nemtsov
ba3936d990 TDLS: Support setting CONFIG_TDLS_TESTING in .config
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:14:31 +03:00
Jouni Malinen
17fbb751e1 Remove user space client MLME
This code was used only with driver_test.c to allow MLME operations
in hostapd to be tested without having to use a real radio. There
are no plans on extending this to any other use than testing and
mac80211_hwsim has now obsoled the need for this type of testing.
As such, we can drop this code from wpa_supplicant to clean up the
implementation of unnecessary complexity.
2011-10-22 22:45:38 +03:00
Andrii Bordunov
d5695081c2 wpa_priv: Link in trace.o to fix CONFIG_WPA_TRACE build 2011-10-22 22:18:54 +03:00
Jouni Malinen
8d2639127f wpa_priv: Link in ieee802_11_common.o if driver_nl80211 is used 2011-10-22 22:17:41 +03:00
Jouni Malinen
062390efd4 Start deprecating various AP mode driver_ops
The preferred way of configuring AP mode will be to use set_ap() instead
of number of separate operations hostapd has collected over the years.
2011-10-17 18:35:25 +03:00
Mahesh Palivela
d4370eac2e Move SA Query mechanism into a file that can be shared more easily
This is the first step in allowing SA Query mechanism in hostapd to be
used with drivers that implement authentication and association MLME/SME
(i.e., do not use ieee802_11.c).
2011-10-17 17:33:17 +03:00
Jouni Malinen
afc064fe7a Interworking: Add ANQP query requests
Add mechanism for using GAS/ANQP to query Interworking related
information from APs. The received information is stored in the BSS
table and can be viewed with ctrl_iface BSS command.

New ctrl_iface command ANQP_GET can be used to fetch ANQP elements from
a specific AP. Additional commands FETCH_ANQP and STOP_FETCH_ANQP can be
used to initiate and stop an iteration through all APs in the BSS table
that indicate support Interworking to fetch ANQP elements from them.
2011-10-16 23:55:34 +03:00
Jouni Malinen
46ee0427b1 IEEE 802.11u: Allow Interworking and HESSID to be configured
The new wpa_supplicant.conf file global parameters interworking and
hessid can be used to configure wpa_supplicant to include
Interworking element in Probe Request frames.
2011-10-16 23:55:34 +03:00
Jouni Malinen
24f6497c34 GAS: Use off-channel operations for requests
This separates off-channel Action frame TX/RX from P2P into a generic
implementation that can now be used both for P2P and GAS needs.
2011-09-29 22:19:51 +03:00
Jouni Malinen
04ea7b7947 GAS: Add a generic GAS query module
This implements GAS request mechanism that is aimed at being used to
replace use case specific GAS/ANQP implementations in the future.
Compared to the earlier implementation in P2P SD, this implementation
includes support for multiple concurrent requests and more thorough
validation of frames against the pending query data.

GAS header processing, including comeback and reassembly, are handled
within gas_query.c and the users of this module will only need to
provide the Query Request and process the (possibly reassembled)
Query Response.
2011-09-29 22:19:15 +03:00
Jouni Malinen
0c840c33f7 Move GAS/ANQP build routines to a separate file from P2P
GAS/ANQP is a generic protocol and in no way specific to P2P, so move
routines used to build GAS/ANQP frames to a separate file that can be
shared for other uses than just P2P service discovery.
2011-09-29 22:18:46 +03:00
Jouni Malinen
fd2f2d0489 Remove EAP-TTLSv1 and TLS/IA
These protocols seem to be abandoned: latest IETF drafts have expired
years ago and it does not seem likely that EAP-TTLSv1 would be
deployed. The implementation in hostapd/wpa_supplicant was not complete
and not fully tested. In addition, the TLS/IA functionality was only
available when GnuTLS was used. Since GnuTLS removed this functionality
in 3.0.0, there is no available TLS/IA implementation in the latest
version of any supported TLS library.

Remove the EAP-TTLSv1 and TLS/IA implementation to clean up unwanted
complexity from hostapd and wpa_supplicant. In addition, this removes
any potential use of the GnuTLS extra library.
2011-09-25 21:28:32 +03:00
Jouni Malinen
5c47af9a7a TLS: Add support for TLS v1.1 (RFC 4346) with internal TLS
This is disabled by defautl and can be enabled with CONFIG_TLSV11=y
build configuration parameter.
2011-09-25 17:24:46 +03:00
Jouni Malinen
5e67037b3a Fix SIM/USIM simulator build to include AES encryption function 2011-09-07 16:17:08 +03:00
Henry Gebhardt
f0573c7989 wpa_supplicant: Edit BINDIR in dbus and systemd service files
This is useful, since in Gentoo BINDIR=/usr/sbin.
2011-07-15 12:25:02 +03:00
Paul Stewart
572a171f4f wpa_supplicant: Respect PKG_CONFIG variable if set in the environment
This is required for cross-compilation support on certain
platforms to avoid changing the pkg-config files themselves.

Signed-off-by: David James <davidjames@chromium.org>
Signed-off-by: Paul Stewart <pstew@chromium.org>
2011-07-04 20:35:38 +03:00
Jouni Malinen
62b98282ba Fix CONFIG_NO_WPA_PASSPHRASE=y build
Need to define CONFIG_NO_PBKDF2 even though the crypto cleanup moved
the function to a separate file since there is conditional code in
wpa_supplicant/config.c. In addition, wpa_passphrase should not be
built at all if passphrase functionality is removed.
2011-06-23 19:53:45 +03:00
Johannes Berg
9abafccc0d DBus: Add support for P2P primitives
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-06-12 15:08:19 -07:00
Sam Leffler
3e1996216e Add support for setting the syslog facility from the config file
This enables setting the syslog facility at build time.
2011-03-20 11:48:42 +02:00
Jouni Malinen
586bad514b Make the link process quieter unless V=1 is specified
Hide the long command lines used for linking the binaries in the
default build. "make V=1" can be used to show the actual commands
if needed.
2011-03-17 12:31:38 +02:00
Ganesh Prasadh
281ff0aa76 TDLS: Add initial support for TDLS (IEEE Std 802.11z-2010) 2011-03-06 14:53:49 +02:00
Jouni Malinen
f981eabcf0 WPS: Add option to disable open networks by default
CONFIG_WPS_REG_DISABLE_OPEN=y can be used to configure wpa_supplicant
to disable open networks by default when wps_reg command is used to
learn the current AP settings. When this is enabled, there will be a
WPS-OPEN-NETWORK ctrl_iface event and the user will need to explicitly
enable the network (e.g., with "select_network <id>") to connect to
the open network.
2010-12-30 12:28:13 +02:00
Jouni Malinen
34dbfc0cb3 Fix CONFIG_AP=y build without NEED_AP_MLME driver 2010-11-25 23:41:32 +02:00
Jouni Malinen
bbb921daaa Maintain internal entropy pool for augmenting random number generation
By default, make hostapd and wpa_supplicant maintain an internal
entropy pool that is fed with following information:

hostapd:
- Probe Request frames (timing, RSSI)
- Association events (timing)
- SNonce from Supplicants

wpa_supplicant:
- Scan results (timing, signal/noise)
- Association events (timing)

The internal pool is used to augment the random numbers generated
with the OS mechanism (os_get_random()). While the internal
implementation is not expected to be very strong due to limited
amount of generic (non-platform specific) information to feed the
pool, this may strengthen key derivation on some devices that are
not configured to provide strong random numbers through
os_get_random() (e.g., /dev/urandom on Linux/BSD).

This new mechanism is not supposed to replace proper OS provided
random number generation mechanism. The OS mechanism needs to be
initialized properly (e.g., hw random number generator,
maintaining entropy pool over reboots, etc.) for any of the
security assumptions to hold.

If the os_get_random() is known to provide strong ramdom data (e.g., on
Linux/BSD, the board in question is known to have reliable source of
random data from /dev/urandom), the internal hostapd random pool can be
disabled. This will save some in binary size and CPU use. However, this
should only be considered for builds that are known to be used on
devices that meet the requirements described above. The internal pool
is disabled by adding CONFIG_NO_RANDOM_POOL=y to the .config file.
2010-11-24 01:29:40 +02:00
Jouni Malinen
e8ecb5fb49 Move wpa_cli readline integration into src/utils/edit_readline.c
All three line editing options are now located in src/utils/edit*.c
and provide the same API to allow easy build time selection.
2010-11-14 22:37:43 +02:00
Jouni Malinen
82a855bda8 Move command line editing routines into src/utils/edit*.[ch]
This allows the same routines to be shared with other programs
since these are not really specific to wpa_cli.
2010-11-14 20:59:29 +02:00
Jouni Malinen
aee680e8b2 wpa_cli: Add internal line edit implementation
CONFIG_WPA_CLI_EDIT=y can now be used to build wpa_cli with internal
implementation of line editing and history support. This can be used
as a replacement for CONFIG_READLINE=y.
2010-11-14 19:15:23 +02:00
Jouni Malinen
cd10156798 wpa_cli: Replace CONFIG_WPA_CLI_FORK design with eloop
Instead of using a separate process to receive and print event
messages, use a single-process design with eloop to simply
wpa_cli and interaction with readline.
2010-11-14 13:16:51 +02:00
Jouni Malinen
b4e34f2fdf WPS: Make testing operations configurable at runtime
Instead of build time options (CONFIG_WPS_TESTING_EXTRA_CRED and
CONFIG_WPS_EXTENSIBILITY_TESTING), use a single build option
(CONFIG_WPS_TESTING) and runtime configuration of which testing
operations are enabled. This allows a single binary to be used
for various tests.

The runtime configuration can be done through control interface
with wpa_cli/hostapd_cli commands:
Enable extensibility tests:
set wps_version_number 0x57
Disable extensibility tests (WPS2 build):
set wps_version_number 0x20
Enable extra credential tests:
set wps_testing_dummy_cred 1
Disable extra credential tests:
set wps_testing_dummy_cred 0
2010-09-21 19:51:23 -07:00
Dan Harkins
df684d82ff EAP-pwd: Add support for EAP-pwd server and peer functionality
This adds an initial EAP-pwd (RFC 5931) implementation. For now,
this requires OpenSSL.
2010-09-14 21:51:40 -10:00
Jouni Malinen
b22128efdc P2P: Add initial version of P2P Module 2010-09-09 07:17:17 -07:00
Jouni Malinen
cae67937ca WPS: Fix CONFIG_WPS_STRICT build option
This was not supposed to be depending on CONFIG_WPS_NFC.
2010-09-09 06:07:49 -07:00
Jouni Malinen
53587ec183 WPS 2.0: Make WSC 2.0 support to be build option (CONFIG_WPS2)
For now, the default build will only include WSC 1.0 support.
CONFIG_WPS2=y can be used to add support for WSC 2.0.
2010-09-09 06:07:48 -07:00
Jouni Malinen
54f489be45 WPS 2.0: Validate WPS attributes in management frames and WSC messages
If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and
reject the frames if any of the mandatory attributes is missing or if an
included attribute uses an invalid value. In addition, verify that all
mandatory attributes are included and have valid values in the WSC
messages.
2010-09-09 06:07:48 -07:00
Jouni Malinen
c4d71c2505 bgscan: Add starting point for more advanced bgscan module: learn
This is based on the bgscan "simple" module and this initial commit
does not add any new functionality.
2010-07-10 15:55:48 -07:00
Jouni Malinen
25c226ea45 Fix CONFIG_AP=y build without CONFIG_IEEE8021X_EAPOL=y 2010-05-23 12:18:47 +03:00
Masashi Honma
37a86b7b36 Fix: AP mode wpa_supplicant build
The wpa_supplicant compilation with CONFIG_AP option and without
CONFIG_IEEE80211R, CONFIG_WPS, NEED_SME, CONFIG_CLIENT_MLME options
results in following messages.

../src/ap/drv_callbacks.o: In function `hostapd_notif_assoc':
../src/ap/drv_callbacks.c:59: undefined reference to
`ieee802_11_parse_elems'
gmake: *** [wpa_supplicant] Error 1
2010-05-23 12:12:40 +03:00
Jouni Malinen
0b86f67a29 Add wpa_gui-qt4 translation files into build 2010-04-18 19:15:07 +03:00
Masashi Honma
5008cb5e55 Support for Solaris default shell restriction
Some shells (like Solaris default /bin/sh) doesn't allow -e
option for file existence check. Use -f instead.
2010-04-17 17:15:23 +03:00
Jouni Malinen
20e26395c8 SME: Fix build without 802.11r or WPS 2010-04-12 09:39:36 +03:00
Jouni Malinen
94d9bfd59b Rename EAP server source files to avoid duplicate names
This makes it easier to build both EAP peer and server functionality
into the same project with some toolchains.
2010-02-19 18:54:07 +02:00
Jouni Malinen
00468b4650 Add TLS client events, server probing, and srv cert matching
This allows external programs (e.g., UI) to get more information
about server certificate chain used during TLS handshake. This can
be used both to automatically probe the authentication server to
figure out most likely network configuration and to get information
about reasons for failed authentications.

The follow new control interface events are used for this:
CTRL-EVENT-EAP-PEER-CERT
CTRL-EVENT-EAP-TLS-CERT-ERROR

In addition, there is now an option for matching the server certificate
instead of the full certificate chain for cases where a trusted CA is
not configured or even known. This can be used, e.g., by first probing
the network and learning the server certificate hash based on the new
events and then adding a network configuration with the server
certificate hash after user have accepted it. Future connections will
then be allowed as long as the same server certificate is used.

Authentication server probing can be done, e.g., with following
configuration options:
    eap=TTLS PEAP TLS
    identity=""
    ca_cert="probe://"

Example set of control events for this:
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' hash=5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a
CTRL-EVENT-EAP-TLS-CERT-ERROR reason=8 depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' err='Server certificate chain probe'
CTRL-EVENT-EAP-FAILURE EAP authentication failed

Server certificate matching is configured with ca_cert, e.g.:
    ca_cert="hash://server/sha256/5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a"

This functionality is currently available only with OpenSSL. Other
TLS libraries (including internal implementation) may be added in
the future.
2010-02-13 11:14:23 +02:00
Jouni Malinen
d1f9c410c1 Remove src/drivers/scan_helpers.c
Most of this file was already moved into wpa_supplicant/scan.c and
we can remove the file completely by having couple of small helper
functions copied to the remaining users outside core wpa_supplicant
code.
2010-01-03 20:27:32 +02:00
Jouni Malinen
ce4f7fdbdd dbus: Get rid of libxml2 dependency with introspection
The XML used in D-Bus introspection is simple and there is no need to use
libxml2 to generate it. This gets rid of the dependency on the large
library by using internal XML generation.
2010-01-01 17:51:15 +02:00
Jouni Malinen
04551ee6d6 dbus: Move introspection support into a separate file 2010-01-01 14:03:00 +02:00
Jouni Malinen
bacfd05fe5 dbus: Rename old D-Bus API files to include "_old"
This makes it easier to figure out which file is used by which
D-Bus interface.
2009-12-31 21:55:32 +02:00
Jouni Malinen
8ddef94bd4 dbus: Share common initialization code for both old and new interface
This was mostly identical code that had been copied for the new D-Bus
API implementation and as such, should really have been shared from
the beginning. In addition, the copied code ended up generating
interesting stack traces since the actual D-Bus connection was being
shared even though the pointer to it was stored in two distinct
data structures. The old D-Bus code ended up dispatching some
D-Bus callbacks which ended up running the new D-Bus code.

Since the private context pointers were mostly identical, everything
seemed to more or less work, but this design was just making things
more complex and potentially very easy to break.
2009-12-31 00:15:56 +02:00
Jouni Malinen
34359a3fb1 Include BSS table unconditionally in the wpa_supplicant build
This will allow more cleanup to be done for scan results processing
since all code can now be made to depend on the BSS table instead of
the temporary scan results.

Once remaining code has been converted to use the BSS table, the new
scan results can be freed immediately after the BSS table has been
updated. In addition, filtering of BSS information should be added
to better support systems with limited resources. For now, memory
use can be limited by defining WPA_BSS_MAX_COUNT to be smaller.
Anyway, better filtering of results to only the configured networks
should be added to improve this.
2009-12-28 01:14:56 +02:00
Jouni Malinen
83922c2d34 Add BSS table to track scan results without dropping information
Collect information from scan results into a BSS table that will not
expire information as quickly as scan results where every new scan,
no matter for how limited set of channels/SSIDs, clears all old
information.

For now, this is only used for D-Bus BSS added/removed notifications,
but this will likely be extended to be used internally instead of the
scan results to better support partial scans.
2009-12-27 21:07:47 +02:00
Jouni Malinen
6226e38d00 Rename some src/ap files to avoid duplicate file names
Doxygen and some build tools may get a bit confused about same file
name being used in different directories. Clean this up a bit by
renaming some of the duplicated file names in src/ap.
2009-12-26 00:05:40 +02:00
Jouni Malinen
70db2ab308 Move rest of the generic AP mode functionality into src/ap 2009-12-25 20:06:07 +02:00
Jouni Malinen
c442055ecf Move WPA authenticator glue code into a separate file 2009-12-25 14:02:17 +02:00
Jouni Malinen
2586bc64d0 Move authentication server setup into separate file 2009-12-25 13:43:43 +02:00
Jouni Malinen
0e2d35c614 Move ctrl_iface_ap.c into src/ap 2009-12-25 12:25:55 +02:00
Jouni Malinen
32da61d9c9 Move wps_hostapd.c into src/ap 2009-12-25 01:26:37 +02:00
Jouni Malinen
1057d78eb8 Move generic AP functionality implementation into src/ap
This code can be shared by both hostapd and wpa_supplicant and this
is an initial step in getting the generic code moved to be under the
src directories. Couple of generic files still remain under the
hostapd directory due to direct dependencies to files there. Once the
dependencies have been removed, they will also be moved to the src/ap
directory to allow wpa_supplicant to be built without requiring anything
from the hostapd directory.
2009-12-25 01:12:50 +02:00
Jouni Malinen
bf65bc638f hostapd: Use separate driver operations abstraction
It would be bettet to avoid including driver_i.h, i.e., direct driver
operation calls from hostapd components. This is an initial step in
that direction for WPS IE updates.
2009-12-24 16:15:22 +02:00
Jouni Malinen
f2f7d965b8 Add option libbfd support for tracing code
CONFIG_WPA_TRACE=y and CONFIG_WPA_TRACE_BFD=y can now be used to get
even more complete symbols (func/file/line and inline functions) for
backtraces.
2009-12-20 23:35:06 +02:00
Jouni Malinen
a206a29a54 dbus: Remove the confusing "ctrl_iface_" prefix from file names
The D-Bus interface does not really have anything to do with the
wpa_supplicant ctrl_iface interface and as such, this prefix in
dbus files is both confusing and unnecessarily. Make the file names
shorter by removing this prefix.
2009-12-20 21:11:35 +02:00
Jouni Malinen
36da1358bc dbus: Move some of conditional WPS code into separate files 2009-12-20 21:04:40 +02:00
Jouni Malinen
eb3b34ceea dbus: Clean dbus build files on wpa_supplicant 'make clean'
In addition, add preliminary build rules for build libwpadbus.a.
2009-12-20 20:29:09 +02:00
Jouni Malinen
19b3211d19 Move D-Bus related files into their own subdirectory 2009-12-20 20:11:14 +02:00
Jouni Malinen
94c3e91fc5 Add empty FIPS PRF wrapper for CryptoAPI 2009-12-20 18:14:20 +02:00
Jouni Malinen
fb4baa688b Add memory allocation analyzer to verify OS wrapper use
WPA_TRACE=y builds will now verify that memory allocation in done
consistently using os_{zalloc,malloc,realloc,strdup,free} (i.e., no
mixing of os_* functions and unwrapper functions). In addition, some
common memory allocation issues (double-free, memory leaks, etc.) are
detected automatically.
2009-12-19 21:47:56 +02:00
Jouni Malinen
930f704aac Add backtrace support for debugging
WPA_TRACE=y can now be used to enable internal backtrace support that
will provide more details about implementation errors, e.g., when some
resources are not released correctly. In addition, this will print out
a backtrace automatically if SIGSEGV is received.
2009-12-19 18:40:54 +02:00
Jouni Malinen
7e683ceeb4 WPS: Handle Selected Registrar as a union of info from all Registrars
Instead of using the latest selected registrar change, collect selected
registrar information separately from all registrars and use the union
of this information when building the WPS IE for Beacon and Probe
Response frames.

Note: SetSelectedRegistrar UPnP action does not include a unique
identifier, so the ER matching routine is based only on the IP address
of the ER. In theory, there could be multiple ERs using the same IP
address (but different port or URL), so there may be some corner cases
that would not always match the correct ER entry at the AP. Anyway, this
is not really expected to occur in normal use cases and even if it did
happen, the selected registrar information is not any worse than it was
before when only the last change from any registrar for being
advertized.
2009-12-12 16:54:59 +02:00
Jouni Malinen
50ceddcfd6 Fix dh_groups.o build for some configurations
Need to include dh_groups.o in the build even if not all DH groups
are included. Only internal crypto build case was doing this properly.
2009-12-11 17:24:42 +02:00
Jouni Malinen
803a811b73 Add support for building IEEE 802.11n support into wpa_supplicant AP 2009-12-06 19:50:40 +02:00
Jouni Malinen
bed4d57488 Fix some issues with test program builds 2009-12-06 18:30:12 +02:00
Jouni Malinen
655702f38d Move test_x509v3 into the new tests subdirectory 2009-12-06 18:10:52 +02:00
Jouni Malinen
6b282c3951 Remove forgotten asn1_test build target
This is now in tests/Makefile.
2009-12-06 17:57:23 +02:00
Jouni Malinen
74784010af Remove conditional no-RADIUS build from src/radius
Make it responsibility of the src/radius user to handle conditional
build rules.
2009-12-06 17:53:59 +02:00
Jouni Malinen
1a70777868 Remove unneeded CONFIG_INTERNAL_X509 and NEED_SHA256 defines 2009-12-06 16:19:13 +02:00
Jouni Malinen
be473f3f09 Split crypto_internal.c into parts to clean up build
This makes it easier to make src/libcrypto.a and only link in
code that is really used.
2009-12-06 14:37:46 +02:00
Jouni Malinen
127608152e Move EAP method registration away from src/eap_{peer,server}
This makes it easier to make a library out of EAP methods without
losing possiblity of binary size optimization by linker dropping
unreferenced code.
2009-12-06 11:28:41 +02:00
Jouni Malinen
2d106f21aa Remove unnecessary defines
The following defines are not really needed in most places, so
remove them to clean up source code and build scripts:
EAP_TLS_FUNCS
EAP_TLS_OPENSSL
EAP_TLS_GNUTLS
CONFIG_TLS_INTERNAL
2009-12-05 22:51:08 +02:00
Jouni Malinen
f8cf3ce6a6 Move more tests from wpa_supplicant/tests into tests 2009-12-05 22:25:32 +02:00
Jouni Malinen
668562d5fb Move MD4 test from wpa_supplicant/tests into tests 2009-12-05 22:11:50 +02:00
Jouni Malinen
43df4cc2ca Move milenage.[ch] into src/crypto 2009-12-05 21:00:52 +02:00
Jouni Malinen
3680a5dbbf Fix build with both CONFIG_AP=y and CONFIG_IBSS_RSN=y enabled 2009-12-04 21:34:34 +02:00
Jouni Malinen
03da66bd59 Remove src/crypto from default include path
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.
2009-11-29 23:04:43 +02:00
Jouni Malinen
281c950be4 Move EAPOL authenticator state machine into src/eapol_auth
This is now completely independent from hostapd-specific code, so
it can be moved to be under the src tree.
2009-11-29 20:03:28 +02:00
Jouni Malinen
3acb50056c Remove src/rsn_supp from default header path 2009-11-29 18:28:08 +02:00
Jouni Malinen
90973fb2fd Remove src/common from default header file path
This makes it clearer which files are including header from src/common.
Some of these cases should probably be cleaned up in the future not to
do that.

In addition, src/common/nl80211_copy.h and wireless_copy.h were moved
into src/drivers since they are only used by driver wrappers and do not
need to live in src/common.
2009-11-29 17:51:55 +02:00
Jouni Malinen
41fa8a892f Remove old wpa_supplicant/hostapd doxygen files 2009-11-28 21:24:15 +02:00
Jouni Malinen
73d0ad78c8 Fix internal crypto build with some configurations
crypto_internal.c requires both aes-internal-enc.o and
aes-internal-dec.o, so make sure they get included in the build when
using internal crypto.
2009-11-24 10:24:54 +02:00
Jouni Malinen
ec72bd0c77 WPS ER: Move SSDP functionality into a separate file 2009-11-21 17:26:23 +02:00
Witold Sowa
8fc2fb56e4 wpa_supplicant: new DBus API implementation
This patch implements the new DBus API. Both, the new and the
previous API may work concurrently and may be turned on or off
separately in .config file.
Some features of the new API are:
 - more wpa_supplicant's events are signaled with DBus signals,
 - introspection data (requires libxml2 and may be disabled),
 - CurrentBSS and CurrentNetwork properties,
 - PropertyChanged signal for most of properties,
 - Relatively easy to extend.
.config options for the new API are: CONFIG_CTRL_IFACE_DBUS_NEW=y and
CONFIG_CTRL_IFACE_DBUS_INTRO=y for introspection.

This commit misses couple of parts from the full implementation
(these are still under review):
- fetching all configuration parameters for learning WPS information
- scan result BSS add/remove notification (register_bss() and
  unregister_bss() notification callbacks)
2009-11-09 23:51:59 +02:00
Jouni Malinen
b905c4a398 WPS: Add HTTP server module
Clean up code so that UPnP implementation does not need to include all
the HTTP functionality. In addition, make it easier to share HTTP server
functionality with other components in the future.
2009-11-08 17:26:55 +02:00
Jouni Malinen
0b40d03394 WPS: Move generic UPnP XML helper functionality into a separate file 2009-11-08 14:06:01 +02:00
Jouni Malinen
092794f480 WPS: Add HTTP client module to clean up code
Instead of implementing HTTP client functionality inside
wps_upnp_event.c, use a generic HTTP client module to do this. The HTTP
client code can now be shared more easily for other purposes, too.
2009-11-08 12:35:37 +02:00
Jouni Malinen
e9bcfebfce WPS: Add initial part of External Registrar functionality
This is the first step in adding support for using wpa_supplicant as a
WPS External Registrar to manage APs over UPnP. Only the device
discovery part is implemented in this commit.
2009-11-07 12:41:01 +02:00
Sam Leffler
cca8773165 Allow CONFIG_DEBUG_SYSLOG=y to be used
Instead of having to add the syslog define manually into CFLAGS,
CONFIG_DEBUG_SYSLOG=y can now be used in .config.
2009-10-22 11:17:05 -07:00
Jouni Malinen
f1739bac4f Move PKCS# {1,5,8} functionality into separate files
This functionality fits better with src/tls (i.e., internal TLS
implementation), so move it there to make crypto_internal.c more
of a wrapper like other crypto_*.c files.
2009-10-17 12:48:55 +03:00
Jouni Malinen
385f16c611 Remove wpa_priv on 'make clean' 2009-10-16 21:49:45 +03:00
Jouni Malinen
3afe7b61e0 Fix AES dependencies for CONFIG_AP=y (and IBSS) builds 2009-10-13 11:16:05 +03:00
Masashi Honma
279d859b8f Fix IEEE 802.11r/w compilation error
The hostapd/wpa_supplicant compilation failed with CONFIG_IEEE80211R=y
or CONFIG_IEEE80211W=y option if CONFIG_EAP_PSK and CONFIG_EAP_GPSK are
not used.
2009-10-13 10:04:46 +03:00
Jouni Malinen
bd4e9d033b Replace CONFIG_NO_AES_EXTRAS with auto-detection during build
There is no need to do this manually since it is possible to figure
out automatically which AES extra files need to be included in the
build.
2009-10-11 22:23:50 +03:00
Jouni Malinen
38b462868c Clean up crypto makefile segments
Reorganize the TLS/crypto library segments into a single set of blocks
for each library instead of multiple locations handling library-specific
operations. Group crypto functionality together and get wpa_supplicant
and hostapd Makefile closer to eachother in order to make it easier to
eventually move this into a shared makefile.
2009-10-11 22:04:29 +03:00
Jouni Malinen
7137456941 Move TLS_FUNCS and NEED_CRYPTO segment next to each other 2009-10-11 20:34:26 +03:00
Jouni Malinen
9d388d5007 Further crypto makefile unification 2009-10-11 20:31:15 +03:00
Jouni Malinen
0dba0175c5 Fix crypto config for minimal builds 2009-10-11 20:19:12 +03:00
Jouni Malinen
000bbd77c9 Cleaned up and unified some of the crypto Makefile code 2009-10-11 19:42:04 +03:00
Jouni Malinen
f042122a57 Allow the internal DH implementation to be overridden
Crypto library wrappers can now override the internal DH (group 5)
implementation. As a starting point, this is done with OpenSSL. The
new mechanism is currently available only for WPS (i.e., IKEv2 still
depends on the internal DH implementation).
2009-10-11 19:17:22 +03:00
Jouni Malinen
dd01b1ff9d Include only the used DH groups in the build
This reduces the binary size by 3 kB or so when WPS is included in
the build, but IKEv2 is not.
2009-10-11 15:24:40 +03:00
Jouni Malinen
9fac49c15c Fix wpa_passphrase build with NSS 2009-09-30 19:14:43 +03:00
Jouni Malinen
289ffc2b61 Add preliminary version of NSS TLS/crypto wrapper for wpa_supplicant
This brings in the first step in adding support for using NSS
(Mozilla Network Security Services) as the crypto and TLS library
with wpa_supplicant. This version is able to run through EAP-PEAP
and EAP-TTLS authentication, but does not yet implement any
certificate/private key configuration. In addition, this does not
implement proper key fetching functions either, so the end result
is not really of much use in real world yet.
2009-09-29 01:21:09 +03:00
Jouni Malinen
60b94c9819 Add preliminary background scan and roaming module design
This allows background scanning and roaming decisions to be contained in
a single place based on a defined set of notification events which will
hopefully make it easier to experiment with roaming improvements. In
addition, this allows multiple intra-ESS roaming policies to be used
(each network configuration block can configure its own bgscan module).

The beacon loss and signal strength notifications are implemented for
the bgscan API, but the actual events are not yet available from the
driver.

The included sample bgscan module ("simple") is an example of what can
be done with the new bgscan mechanism. It requests periodic background
scans when the device remains associated with an ESS and has couple of
notes on what a more advanced bgscan module could do to optimize
background scanning and roaming. The periodic scans will cause the scan
result handler to pick a better AP if one becomes available. This bgscan
module can be taken into use by adding bgscan="simple" (or
bgscan="simple:<bgscan interval in seconds>") into the network
configuration block.
2009-09-15 00:08:24 +03:00
Masashi Honma
f1b0de09d9 WPS: Fix CONFIG_WPS=y compilation of wpa_supplicant
The wpa_supplicant compilation failed with CONFIG_WPS=y option
if CONFIG_CLIENT_MLME and CONFIG_IEEE80211R are not used.
2009-09-14 16:50:53 +03:00
Jouni Malinen
8bac466b00 Add wpa_supplicant notification calls
This introduces a new mechanism for collecting notification calls into
a single place (notify.c). As a result of this, most of the
wpa_supplicant code does not need to know about dbus (etc. mechanisms
that could use the notifications). Some empty placeholder functions are
also added in preparation of new dbus code that needs more event
notifications.
2009-09-13 20:53:32 +03:00
Jouni Malinen
e653b62275 Add station table query to wpa_supplicant AP ctrl_iface
"wpa_cli all_sta" and "wpa_cli sta <addr>" can now be used to fetch
information about stations associated with the
wpa_supplicant-controlled AP.
2009-09-08 12:58:02 +03:00
Jouni Malinen
7cba52d852 Use OpenSSL for RC4 instead of internal implementation 2009-08-16 22:26:13 +03:00
Jouni Malinen
ac73690c06 Move RC4 into crypto.h as a replaceable crypto function
This allows crypto library wrappers to override the internal RC4
implementation in the same way as can already be done for other crypto
algorithms.
2009-08-16 20:13:14 +03:00
Jouni Malinen
577072b116 Fix FIPS mode build of eapol_test 2009-08-16 19:00:49 +03:00
Jouni Malinen
ff916b9df7 Allow non-FIPS MD5 to be used with TLS PRF even in FIPS mode
This is allowed per FIPS1402IG.pdf since the TLS PRF depends fully on
both MD5 and SHA-1.
2009-08-16 18:56:48 +03:00
Jouni Malinen
76f04b38b0 Preliminary support for FIPS mode operation with OpenSSL
wpa_supplicant can now be built with FIPS capable OpenSSL for FIPS mode
operation. Currently, this is only enabling the FIPS mode in OpenSSL
without providing any higher level enforcement in wpa_supplicant.
Consequently, invalid configuration will fail during the authentication
run. Proper configuration (e.g., WPA2-Enterprise with EAP-TLS) allows
the connection to be completed.
2009-08-16 14:24:22 +03:00
Jouni Malinen
1430ba9b7e OpenSSL: Use library version of SHA256
There is no need to use the internal SHA256 implementation when using
OpenSSL.
2009-08-16 14:15:36 +03:00
Bjarke Istrup Pedersen
466940c55e Use LDFLAGS in all linker commands
When building hostapd and wpa_supplicant, the build system does not
respect the LDFLAGS selected in the environment in some cases. [Bug 311]
2009-08-16 09:47:56 +03:00
Jouni Malinen
ba30964b60 Force rebuilding of src/drivers between hostapd and wpa_supplicant
This is a (hopefully) temporary workaround to allow the same source code
tree to be used for building hostapd and wpa_supplicant without having
to manually force recompilation of some files. Currently, some of the
driver wrapper files need to be built separately for hostapd and
wpa_supplicant (#ifdef's in the files based on AP functionality).

This is somewhat racy as far as parallel make execution is concerned,
i.e., it may be necessary to run "make -j#" twice (plain "make" works
fine. Since this is supposed to be a temporary workaround, there is not
much point in trying to fix this with any more complex make processing.
2009-08-14 20:40:37 +03:00
Johannes Berg
fe6bdb777e Replace NEED_MLME with NEED_AP_MLME
This makes it clearer that it's about the AP, not client-side MLME, even
when built into the client (wpa_supplicant).
2009-08-14 20:01:41 +03:00
Johannes Berg
e7cd16cac5 Create a common drivers makefile snippet
Instead of having all driver stuff collected across wpa_supplicant
and hostapd, create a common snippet that they both include and
that handles the build configuration.
2009-08-14 19:53:27 +03:00
Jouni Malinen
3e91d24260 wpa_passphrase does not need FIPS PRF, MD4, or AES extra functionality 2009-08-13 17:07:36 +03:00
Johannes Berg
4c9e03e0b2 Crypto build cleanup: remove CONFIG_NO_AES_*
Instead of using a defines and conditional building of AES parts,
move the conditional functionality into separate files.
2009-08-13 11:40:28 +03:00
Johannes Berg
27da6d4a0e Crypto build cleanup: remove CONFIG_NO_AES_ENCRYPT
Instead of using a define and conditional building of AES parts,
move the AES encryption routines into a separate file.
2009-08-13 11:21:32 +03:00
Johannes Berg
381fcbc9f4 Crypto build cleanup: remove CONFIG_NO_AES_DECRYPT
Instead of using a define and conditional building of AES parts,
move the AES decryption routines into a separate file.
2009-08-13 11:16:21 +03:00
Johannes Berg
18abe7acb0 Crypto build cleanup: remove CONFIG_NO_PBKDF2
Instead of using a define and conditional building of sha1.c parts,
move the PBKDF2 implementation into a separate file.
2009-08-11 20:31:39 +03:00
Johannes Berg
d9feab18fc Crypto build cleanup: remove CONFIG_NO_TLS_PRF
Instead of using a define and conditional building of sha1.c parts,
move the TLS PRF implementation into a separate file.
2009-08-11 20:24:06 +03:00
Johannes Berg
6f693b5d0b Crypto build cleanup: remove CONFIG_NO_T_PRF
Instead of using a define and conditional building of sha1.c parts,
move the T-PRF implementation into a separate file.
2009-08-11 20:19:37 +03:00
Johannes Berg
05edfe2994 Crypto build cleanup: remove NEED_FIPS186_2_PRF
Instead of using a define and conditional building of crypto wrapper
parts, move the FIPS 186-2 PRF implementation into separate files.
2009-08-11 20:06:23 +03:00
Johannes Berg
ad01a5315e Crypto build cleanup: remove INTERNAL_MD5
Instead of using a define and conditional building of md5.c parts,
move the internal-MD5 into a separate file.
2009-07-28 21:36:13 +03:00
Johannes Berg
bd4e28950d Crypto build cleanup: remove INTERNAL_MD4
In addition, rename md4.c to md4-internal.c to match in style with
SHA-1 conditionally built internal implementation.
2009-07-28 21:27:02 +03:00
Johannes Berg
598a792d8c Crypto build cleanup: remove INTERNAL_SHA256
Instead of using a define and conditional building of sha256.c parts,
move the internal-SHA256 into a separate file.
2009-07-28 21:20:04 +03:00
Johannes Berg
246157cba6 Crypto build cleanup: remove INTERNAL_AES
In addition, rename aes.c to aes-internal.c to match in style with
SHA-1 conditionally built internal implementation.
2009-07-28 21:09:57 +03:00
Johannes Berg
657f038102 Crypto build cleanup: remove INTERNAL_DES
In addition, rename des.c to des-internal.c to match in style with
SHA-1 conditionally built internal implementation.
2009-07-28 21:00:44 +03:00
Johannes Berg
928a50a355 Crypto build cleanup: remove INTERNAL_SHA1
Instead of using a define and conditional building of sha1.c parts,
move the internal-SHA-1 into a separate file.
2009-07-28 20:47:04 +03:00
Johannes Berg
602606091b CONFIG_WIRELESS_EXTENSION need not be in CFLAGS 2009-07-28 20:25:19 +03:00
Johannes Berg
91382de4d1 CONFIG_WIRELESS_EXTENSION is purely internal to the Makefile 2009-07-28 14:41:33 +03:00
Johannes Berg
b2840aafaf make the build process quieter to see warnings 2009-07-28 14:37:40 +03:00
Johannes Berg
8055fb781d Clean up some more binaries in wpa_supplicant 'make clean' 2009-07-28 14:15:04 +03:00
Jon Loeliger
2e8eac2d67 Allow wpa_supplicant to use libnl-2.0
Change existing CONFIG_LIBNL20 compatibility code in
driver_nl80211.c to be used by both wpa_supplicant
and hostapd, but take care of nl_handle too now.

Propagate CONFIG_LIBNL20 out of .config file and onto
CFLAGS in the Makefile.

Use libnl-gen now too.

Signed-off-by: Jon Loeliger <jdl@bigfootnetworks.com>
---
2009-07-25 17:21:52 +03:00
Jouni Malinen
2d5b792d2b Add preliminary hostapd data structure initialization for AP mode
wpa_supplicant can now initialize hostapd data structures when mode=2 is
used to set up an AP. The hostapd configuration is not yet set based on
wpa_supplicant network configuration block. In addition, the glue code
for hostapd driver_ops needs number of functions that will be needed for
AP functionality.
2009-03-26 20:37:05 +02:00
Jouni Malinen
f1a4871084 Link in AP functionality from hostapd when CONFIG_AP=y
This is only allowing the code to be compiled and linked in; the actual
functionality is not yet enabled.
2009-03-25 12:23:42 +02:00
Jouni Malinen
1581b38b67 Initial step in adding simple AP mode support into wpa_supplicant
This version is adding the configuration option (mode=2) for this and
driver capability reporting to figure out whether AP mode can be used.
However, this does not actually implement any real functionality yet.
2009-03-25 11:38:47 +02:00
Jouni Malinen
7d737d6bf9 Fix FreeBSD build by not adding -ldl
Unlike Linux, FreeBSD does not use libdl.
2009-03-21 20:59:07 +02:00
Jouni Malinen
26c9d7ea24 Fix IEEE 802.11r build without CONFIG_CLIENT_MLME 2009-03-21 20:57:21 +02:00
Jouni Malinen
c2a0407851 Add SME support (separate authentication and association)
This can be used, e.g., with mac80211-based Linux drivers with
nl80211. This allows over-the-air FT protocol to be used (IEEE
802.11r).

Since the nl80211 interface needed for this is very recent (added
today  into wireless-testing.git), driver_nl80211.c has backwards
compatibility code that uses WEXT for association if the kernel does
not support the new commands. This compatibility code can be
disabled by defining NO_WEXT_COMPAT. That code will also be removed
at  some point to clean up driver_nl80211.c.
2009-03-20 22:26:41 +02:00
Jouni Malinen
58d1f6d189 Fix EAP-FAST only build to include the needed EAPOL implementation 2009-03-08 11:29:31 +02:00
Jouni Malinen
9cf548c082 Allow PN531_PATH to be overriden from .config 2009-03-06 16:25:48 +02:00
Masashi Honma
e1ee6b600b WPS: Add support for NFC out-of-band mechanism
The new file wps_nfc.c and ndef.c implements NFC device independent
operation, wps_nfc_pn531.c implements NFC device dependent operation.

This patch is only for the following use case:
- Enrollee = wpa_supplicant
- Registrar = hostapd internal Registrar

Following NFC methods can be used:
- Enrollee PIN with NFC
- Registrar PIN with NFC
- unencrypted credential with NFC

Encrypted credentials are not supported.

Enrollee side operation:

Registrar side operation:

Example configuration.
CONFIG_WPS=y
CONFIG_WPS_NFC=y
CONFIG_WPS_NFC_PN531=y

I used NFC device "NXP PN531". The NFC device access method is
confidential, so I used outer library. Please download below files from
https://www.saice-wpsnfc.bz/index.php

[WPS NFC Library]
WpsNfcLibrary/WpsNfc.h
WpsNfcLibrary/WpsNfcType.h
WpsNfcLibrary/WpsNfcVersion.h
WpsNfcLibrary/linux/libnfc_mapping_pn53x.dll
WpsNfcLibrary/linux/wpsnfc.dll

[NFC Reader/Writer Kernel Driver]
NFCKernelDriver-1.0.3/linux/kobj/sonyrw.ko

<WiFi test>
The hostapd/wpa_supplicant with this patch passed below tests on
"Wi-Fi WPS Test Plan Version 1.6".
4.2.5 Add device using NFC Method with password token
(I used SONY STA instead of NXP STA.)

4.2.6 Add device using NFC Method with configuration token

5.1.9 Add to AP using NFC Method with password token
through internal registrar
(I used SONY AP instead of NXP AP.)

5.1.10 Add to AP using NFC Method with configuration token
through internal registrar
2009-03-06 16:16:22 +02:00
Jouni Malinen
049a292f89 Fix builds that need SHA256 or mod_exp, but not TLS functions 2009-02-27 17:46:40 +02:00
Jouni Malinen
116f7bb0a3 WPS UFD: Build OOB functionality only if UFD is enabled 2009-02-26 22:10:21 +02:00
Jouni Malinen
390cd3105d WPS UFD: Make build conditional on CONFIG_WPS_UFD=y
Not all embedded devices have USB interface and it is useful to be able
to remove unneeded functionality from the binary. In addition, the
current implementation has some UNIX specific calls in it which may make
it not compile cleanly on all target systems.
2009-02-26 22:01:36 +02:00
Masashi Honma
46bdb83acd WPS: Add UFD support (USBA out-of-band mechanism)
This patch is only for the following use case:
- Enrollee = wpa_supplicant
- Registrar = hostapd internal Registrar

Following UFD methods can be used:
- Enrollee PIN with UFD
- Registrar PIN with UFD
- unencrypted credential with UFD

Encrypted credentials are not supported.

Enrollee side operation:
wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r

Registrar side operation:
./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 21:57:38 +02:00
Daniel Mierswa
d94d4bafbb Improved 'make install' (use BINDIR/LIBDIR, install shared objects) 2009-02-15 14:22:50 +02:00
Jouni Malinen
4225097c5a Fix test-sha256 build 2009-02-10 14:31:27 +02:00
Jouni Malinen
53c256a476 Fix MinGW build with CONFIG_EAP_TNC=y
MinGW does not use -ldl so do not add this unconditionally.
2009-02-08 12:47:28 +02:00
Daniel Mierswa
716d543d5c Include wpabuf.o in wpa_priv build
If you choose to use CONFIG_PRIVSEP=y, the wpabuf functions seem to
miss. The attached patch is against trunk and should probably fix it.
2009-02-07 10:19:28 +02:00
Jouni Malinen
6dbcd00912 Removed CONFIG_EAP_WSC=dyn option
Build EAP-WSC dynamically does not make much sense and with the
dependencies to WPS code from number of places resolving this is not
trivial. It is simpler to just remove this option.
2009-02-07 10:09:49 +02:00
Pavel Roskin
4c2660c2b0 Fix building dynamic EAP peer modules
Strip directory name from the target in the pattern rule for dynamic
modules.  Remove dynamic modules on "make clean".
2009-02-07 10:05:23 +02:00
Jouni Malinen
e1c7954d5d Added CONFIG_WPS_UPNP for wpa_supplicant tests
For now, this is just an undocumented build option to make it possible
to build ../src/wps/*.o in a way that matches with hostapd needs.
2009-02-06 13:52:30 +02:00
Daniel Mierswa
b77eab282a Explicitly link against libdl when including TNC support
If you don't choose OpenSSL as TLS implementation and choose to enable
CONFIG_EAP_TNC you have to link against libdl. The OpenSSL libraries
implicitly link against them, so this might be a reason why it wasn't
noticed yet. I assume the same applies to hostapd.
2009-02-05 19:24:16 +02:00
Jouni Malinen
a7baefda28 Fixed eapol_test linking with CONFIG_IBSS_RSN=y 2009-02-05 18:20:26 +02:00
Jouni Malinen
11ef8d3578 Added initial step for IBSS RSN support
This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used
to enable RSN support for IBSS. This links in RSN Authenticator code
from hostapd and adds code for managing per-peer information for IBSS. A
new wpa_cli command or driver event can be used to request RSN
authentication with an IBSS peer. New RSN Authenticator and Supplicant
will be allocated for each peer.

The basic state machine setup code is included in this commit, but the
state machines are not properly started yet. In addition, some of the
callback functions are not yet complete.
2009-01-15 01:21:55 +02:00
Jouni Malinen
93ea8ed034 Partial fix for test_wpa build 2009-01-13 19:37:22 +02:00
Jouni Malinen
76e2592190 Share the same radiotap helper implementation 2009-01-09 15:22:19 +02:00
Jouni Malinen
d953d9ab80 Removed sparse destinations since "CC=cgcc make" works fine 2009-01-03 20:39:52 +02:00
Jouni Malinen
875f6d7b93 Create all doxygen docs from root directory to get proper path names
This updated all doxygen runs to use the same style that was used for
wpa_supplicant full documents. The full vs. fast configurations are now
otherwise identical apart from fast not generating dot files or
latex/pdf version of the documentation.
2009-01-03 09:59:12 +02:00
Andriy Tkachuk
d9f5626293 NEED_BASE64 for WPS
It looks like we need base64 routines when compiling WPS in hostapd
(used in src/wps/wps_registrar.c:910).
2008-12-26 16:40:27 +02:00
Jouni Malinen
1edb9533f1 SHA256 is needed for EAP-AKA' and WPS 2008-12-11 00:48:13 +02:00
Jouni Malinen
a9d1364c5f Merged EAP-AKA' into eap_aka.c and added it to defconfig/ChangeLog 2008-12-07 19:24:56 +02:00
Jouni Malinen
8c37556cd1 Add a starting point for EAP-AKA' (draft-arkko-eap-aka-kdf-10)
This is just making an as-is copy of EAP-AKA server and peer
implementation into a new file and by using the different EAP method
type that is allocated for EAP-AKA' (50). None of the other differences
between EAP-AKA and EAP-AKA' are not yet included.

It is likely that once EAP-AKA' implementation is done and is found to
work correctly, large part of the EAP-AKA and EAP-AKA' code will be
shared. However, it is not reasonable to destabilize EAP-AKA
implementation at this point before it is clearer what the final
differences will be.
2008-12-02 20:12:49 +02:00
Jouni Malinen
7d7b8e960a WPS: Split wps_common.c into parts
To make it easier to find various functions, attribute functions were
split into wps_attr_{build,parse,process}.c.
2008-11-29 13:16:26 +02:00
Jouni Malinen
fa201b694f WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c
This cleans up the internal interface between different modules and is
the first step in getting wpa_supplicant design closer to hostapd as far
as WPS is concerned.
2008-11-28 19:46:22 +02:00
Jouni Malinen
ad08c3633c Added preliminary Wi-Fi Protected Setup (WPS) implementation
This adds WPS support for both hostapd and wpa_supplicant. Both programs
can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN
methods are supported.

Currently, hostapd has more complete configuration option for WPS
parameters and wpa_supplicant configuration style will likely change in
the future. External Registrars are not yet supported in hostapd or
wpa_supplicant. While wpa_supplicant has initial support for acting as
an Registrar to configure an AP, this is still using number of hardcoded
parameters which will need to be made configurable for proper operation.
2008-11-23 19:34:26 +02:00
Jouke Witteveen
e519314ee9 Add RoboSwitch driver interface for wpa_supplicant
Find attached the patch that creates a new driver: roboswitch. This
driver adds support for wired authentication with a Broadcom
RoboSwitch chipset. For example it is now possible to do wired
authentication with a Linksys WRT54G router running OpenWRT.

LIMITATIONS
- At the moment the driver does not support the BCM5365 series (though
adding it requires just some register tweaks).
- The driver is also limited to Linux (this is a far more technical
restriction).
- In order to compile against a 2.4 series you need to edit
include/linux/mii.h and change all references to "u16" in "__u16". I
have submitted a patch upstream that will fix this in a future version
of the 2.4 kernel. [These modifications (and more) are now included in
the kernel source and can be found in versions 2.4.37-rc2 and up.]

USAGE
- Usage is similar to the wired driver. Choose the interfacename of
the vlan that contains your desired authentication port on the router.
This name must be formatted as <interface>.<vlan>, which is the
default on all systems I know.
2008-11-18 16:30:32 +02:00
Jouni Malinen
46690a3b9b Added an optional mitigation mechanism for certain attacks against TKIP by
delaying Michael MIC error reports by a random amount of time between 0 and
60 seconds if multiple Michael MIC failures are detected with the same PTK
(i.e., the Authenticator does not rekey PTK on first failure report). This
is disabled by default and can be enabled with a build option
CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config.

This may help in making a chopchop attack take much longer time by forcing
the attacker to wait 60 seconds before knowing whether a modified frame
resulted in a MIC failure.
2008-11-08 04:43:12 +02:00
Jouni Malinen
81eec387dd Added Milenage-GSM simulator for EAP-SIM
CONFIG_SIM_SIMULATOR=y in .config and password="Ki:OPc" in network config
to enable.
2008-11-06 04:21:32 +02:00
Jouni Malinen
2a24bb3199 Added Milenage USIM emulator for EAP-AKA (can be used to simulate test
USIM card with a known private key; enable with CONFIG_USIM_SIMULATOR in
.config and password="Ki:OPc:SQN" in network configuration).
2008-11-05 23:02:13 +02:00
Jouni Malinen
1add3c3387 Use the common ieee802_11_parse_elems() implementations for mlme.c 2008-10-29 21:57:01 +02:00
Jouni Malinen
1d8ce433c9 Internal X.509/TLSv1: Support SHA-256 in X.509 certificate digest 2008-08-16 11:21:22 +03:00
Jouni Malinen
1c8735848d nl80211: Preliminary code for usermode MLME support
This adds some parts needed to use usermode MLME with the current mac80211
(plus a patch to add a new cfg80211 command; not yet submitted to
wireless-testing). This version creates a monitor interface for management
frames and is able to send Probe Request frames during scan. However, it
looks like management frame reception is not yet working properly. In
addition, mlme_{add,remove}_sta() handlers are still missing.
2008-08-15 22:14:49 +03:00
Jouni Malinen
6724f4d07a Fixed MinGW build without CONFIG_NDIS_EVENTS_INTEGRATED defined 2008-08-10 18:11:41 +03:00
Jouni Malinen
2eeaa5c9d0 EAP-PEAP: Moved the common peap_prfplus() function into a shared file 2008-06-09 10:32:12 +03:00
Jouni Malinen
3f5285e852 Added a preliminary nl80211/cfg80211 driver interface for wpa_supplicant
driver_nl80211.c is based on driver_wext.c and it is still using Linux
wireless extensions for many functions. Over time, the new driver interface
code should be modified to use nl80211/cfg80211 for everything.
2008-06-06 16:55:42 +03:00
Jouni Malinen
b95394c66f Combined internal LibTomMath configuration into one option
CONFIG_INTERNAL_LIBTOMMATH_FAST=y in .config can now be used to enable all
optimized routines at a cost of about 4 kB. This is small enough increase
in size to justify simplified configuration.
2008-06-06 10:21:28 +03:00
Jouni Malinen
ec0205a87a Added an option to build internal LibTomMath with faster div routine
At the cost of about 1 kB of additional binary size, the internal
LibTomMath can be configured to include faster div routine to speed up DH
and RSA. This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_DIV=y in
.config.
2008-06-06 10:11:17 +03:00
Jouni Malinen
c5f5c91aeb Add faster, optional sqr routine for internal LibTomMath
At the cost of about 0.5 kB of additional binary size, the internal
LibTomMath can be configured to include faster sqr routine to speed up DH
and RSA. This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_SQR=y in
.config.
2008-06-05 18:33:46 +03:00
Jouni Malinen
8ccc0402b2 Internal LibTomMath: add optional support for Montgomery reduction
Add a cost of about 2.5 kB of additional cost, the internal LibTomMath can
be configured to include fast exptmod routine to speed up DH and RSA.
This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_EXPTMOD=y in
.config.
2008-06-04 11:57:55 +03:00
Jouni Malinen
0ac0e4df1c EAP-PEAP: Moved EAP-TLV processing into eap_peap.c
EAP-PEAP was the only method that used the external eap_tlv.c peer
implementation. This worked fine just for the simple protected result
notification, but extending the TLV support for cryptobinding etc. is not
trivial with such separation. With the TLV processing integrated into
eap_peap.c, all the needed information is now available for using
additional TLVs.
2008-03-18 11:26:17 +02:00
Masakazu Mokuno
b5a357b476 Add support for PS3 Linux wireless driver
This adds support for PS3 wireless to wpa_supplicant.

Although PS3 wireless driver is designed to conform the WEXT standard
as much as possible, unfortunately the wext driver wrapper of
wpa_supplicant can not support PS3 wireless fully because:

 - PS3 wireless driver uses private WEXT ioctls for accepting PSK of
   WPA-Personal from the userland.
   WEXT does not specify the way to do it.

 - The association and 4-way handshake are done by PS3 virtual
   wireless device. The guest OSes can not interfere it.

 - No EAPOL frames are allowed to go outside of the
   hypervisor/firmware nor come from. They are eaten by the firmware.

Thus I needed to make a new driver wrapper for PS3 wireless.

This patch can be applied against the latest 0.6.x tree.

Signed-off-by: Masakazu Mokuno <mokuno@sm.sony.co.jp>
2008-03-13 19:00:37 +02:00
Jouni Malinen
a4819630f6 EAP-FAST: Added shared helper functions for building TLVs 2008-02-27 17:56:30 -08:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00