Commit graph

426 commits

Author SHA1 Message Date
Jouni Malinen
7cba52d852 Use OpenSSL for RC4 instead of internal implementation 2009-08-16 22:26:13 +03:00
Jouni Malinen
ac73690c06 Move RC4 into crypto.h as a replaceable crypto function
This allows crypto library wrappers to override the internal RC4
implementation in the same way as can already be done for other crypto
algorithms.
2009-08-16 20:13:14 +03:00
Jouni Malinen
577072b116 Fix FIPS mode build of eapol_test 2009-08-16 19:00:49 +03:00
Jouni Malinen
ff916b9df7 Allow non-FIPS MD5 to be used with TLS PRF even in FIPS mode
This is allowed per FIPS1402IG.pdf since the TLS PRF depends fully on
both MD5 and SHA-1.
2009-08-16 18:56:48 +03:00
Jouni Malinen
76f04b38b0 Preliminary support for FIPS mode operation with OpenSSL
wpa_supplicant can now be built with FIPS capable OpenSSL for FIPS mode
operation. Currently, this is only enabling the FIPS mode in OpenSSL
without providing any higher level enforcement in wpa_supplicant.
Consequently, invalid configuration will fail during the authentication
run. Proper configuration (e.g., WPA2-Enterprise with EAP-TLS) allows
the connection to be completed.
2009-08-16 14:24:22 +03:00
Jouni Malinen
1430ba9b7e OpenSSL: Use library version of SHA256
There is no need to use the internal SHA256 implementation when using
OpenSSL.
2009-08-16 14:15:36 +03:00
Bjarke Istrup Pedersen
466940c55e Use LDFLAGS in all linker commands
When building hostapd and wpa_supplicant, the build system does not
respect the LDFLAGS selected in the environment in some cases. [Bug 311]
2009-08-16 09:47:56 +03:00
Witold Sowa
b2cc805619 Set current ssid when entering AP mode
After successful starting AP mode, current_ssid field is set to
ssid used to create AP.
2009-08-15 21:04:50 +03:00
Jouni Malinen
905a32a5f4 Added new SHA1 files into VS project files to fix the build 2009-08-15 20:51:35 +03:00
Jouni Malinen
49eba5f82f WPS: Workaround mixed-mode WPA+WPA2 auth type in credentials
An SMC router was reported to use 0x22 (WPAPSK + WPA2PSK) in the
authentication type of the provisioned credential and wpa_supplicant
rejected this as invalid. Work around this by replacing WPAPSK + WPA2PSK
with WPA2PSK.
2009-08-15 20:40:45 +03:00
Jouni Malinen
ba30964b60 Force rebuilding of src/drivers between hostapd and wpa_supplicant
This is a (hopefully) temporary workaround to allow the same source code
tree to be used for building hostapd and wpa_supplicant without having
to manually force recompilation of some files. Currently, some of the
driver wrapper files need to be built separately for hostapd and
wpa_supplicant (#ifdef's in the files based on AP functionality).

This is somewhat racy as far as parallel make execution is concerned,
i.e., it may be necessary to run "make -j#" twice (plain "make" works
fine. Since this is supposed to be a temporary workaround, there is not
much point in trying to fix this with any more complex make processing.
2009-08-14 20:40:37 +03:00
Johannes Berg
fe6bdb777e Replace NEED_MLME with NEED_AP_MLME
This makes it clearer that it's about the AP, not client-side MLME, even
when built into the client (wpa_supplicant).
2009-08-14 20:01:41 +03:00
Johannes Berg
e7cd16cac5 Create a common drivers makefile snippet
Instead of having all driver stuff collected across wpa_supplicant
and hostapd, create a common snippet that they both include and
that handles the build configuration.
2009-08-14 19:53:27 +03:00
Jouni Malinen
3e91d24260 wpa_passphrase does not need FIPS PRF, MD4, or AES extra functionality 2009-08-13 17:07:36 +03:00
Johannes Berg
4c9e03e0b2 Crypto build cleanup: remove CONFIG_NO_AES_*
Instead of using a defines and conditional building of AES parts,
move the conditional functionality into separate files.
2009-08-13 11:40:28 +03:00
Johannes Berg
27da6d4a0e Crypto build cleanup: remove CONFIG_NO_AES_ENCRYPT
Instead of using a define and conditional building of AES parts,
move the AES encryption routines into a separate file.
2009-08-13 11:21:32 +03:00
Johannes Berg
381fcbc9f4 Crypto build cleanup: remove CONFIG_NO_AES_DECRYPT
Instead of using a define and conditional building of AES parts,
move the AES decryption routines into a separate file.
2009-08-13 11:16:21 +03:00
Johannes Berg
18abe7acb0 Crypto build cleanup: remove CONFIG_NO_PBKDF2
Instead of using a define and conditional building of sha1.c parts,
move the PBKDF2 implementation into a separate file.
2009-08-11 20:31:39 +03:00
Johannes Berg
d9feab18fc Crypto build cleanup: remove CONFIG_NO_TLS_PRF
Instead of using a define and conditional building of sha1.c parts,
move the TLS PRF implementation into a separate file.
2009-08-11 20:24:06 +03:00
Johannes Berg
6f693b5d0b Crypto build cleanup: remove CONFIG_NO_T_PRF
Instead of using a define and conditional building of sha1.c parts,
move the T-PRF implementation into a separate file.
2009-08-11 20:19:37 +03:00
Johannes Berg
05edfe2994 Crypto build cleanup: remove NEED_FIPS186_2_PRF
Instead of using a define and conditional building of crypto wrapper
parts, move the FIPS 186-2 PRF implementation into separate files.
2009-08-11 20:06:23 +03:00
Johannes Berg
ad01a5315e Crypto build cleanup: remove INTERNAL_MD5
Instead of using a define and conditional building of md5.c parts,
move the internal-MD5 into a separate file.
2009-07-28 21:36:13 +03:00
Johannes Berg
bd4e28950d Crypto build cleanup: remove INTERNAL_MD4
In addition, rename md4.c to md4-internal.c to match in style with
SHA-1 conditionally built internal implementation.
2009-07-28 21:27:02 +03:00
Johannes Berg
598a792d8c Crypto build cleanup: remove INTERNAL_SHA256
Instead of using a define and conditional building of sha256.c parts,
move the internal-SHA256 into a separate file.
2009-07-28 21:20:04 +03:00
Johannes Berg
246157cba6 Crypto build cleanup: remove INTERNAL_AES
In addition, rename aes.c to aes-internal.c to match in style with
SHA-1 conditionally built internal implementation.
2009-07-28 21:09:57 +03:00
Johannes Berg
657f038102 Crypto build cleanup: remove INTERNAL_DES
In addition, rename des.c to des-internal.c to match in style with
SHA-1 conditionally built internal implementation.
2009-07-28 21:00:44 +03:00
Johannes Berg
928a50a355 Crypto build cleanup: remove INTERNAL_SHA1
Instead of using a define and conditional building of sha1.c parts,
move the internal-SHA-1 into a separate file.
2009-07-28 20:47:04 +03:00
Johannes Berg
602606091b CONFIG_WIRELESS_EXTENSION need not be in CFLAGS 2009-07-28 20:25:19 +03:00
Johannes Berg
91382de4d1 CONFIG_WIRELESS_EXTENSION is purely internal to the Makefile 2009-07-28 14:41:33 +03:00
Johannes Berg
b2840aafaf make the build process quieter to see warnings 2009-07-28 14:37:40 +03:00
Johannes Berg
8055fb781d Clean up some more binaries in wpa_supplicant 'make clean' 2009-07-28 14:15:04 +03:00
Jon Loeliger
2e8eac2d67 Allow wpa_supplicant to use libnl-2.0
Change existing CONFIG_LIBNL20 compatibility code in
driver_nl80211.c to be used by both wpa_supplicant
and hostapd, but take care of nl_handle too now.

Propagate CONFIG_LIBNL20 out of .config file and onto
CFLAGS in the Makefile.

Use libnl-gen now too.

Signed-off-by: Jon Loeliger <jdl@bigfootnetworks.com>
---
2009-07-25 17:21:52 +03:00
Witold Sowa
137fb724b3 Set state to COMPLETE when AP mode has been initialized successfully 2009-07-25 17:01:23 +03:00
Jouni Malinen
4625a47f4b WPS: Change wpa_supplicant wps_reg to not send out M8
Since we do not currently support changing the AP settings received
from M7, there is no point in actually sending out the M8 that would
likely trigger the AP to reconfigure itself and potentially reboot.
For now, we just receive the AP settings in M7 and add a local network
configuration block based on those, but NACK the message. This makes
wps_reg work like wps_pin, but by using the AP PIN instead of a client
PIN.
2009-06-10 15:53:35 +03:00
Jouni Malinen
b14912025f Comment out unused functions if IEEE8021X_EAPOL is not defined 2009-05-29 22:35:31 +03:00
Dan Williams
cb8564b1dd dbus: add 'scanning' property
When the supplicant is connected and performs a scan, it doesn't enter
WPA_SCANNING state for various reasons.  However, external programs
still need to know that the supplicant is scanning since they may not
wish to perform certain operations during a scan (as those operations
will likely fail or yield incorrect results).  Add a 'scanning' property
and signal to the supplicant dbus interface to allow clients to
synchronize better with the supplicant when it scans.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2009-05-27 21:06:40 +03:00
Jouni Malinen
077a781f7a WPS: Add support for setting timeout for PIN
hostapd_cli wps_pin command can now have an optional timeout
parameter that sets the PIN lifetime in seconds. This can be used
to reduce the likelihood of someone else using the PIN should an
active PIN be left in the Registrar.
2009-05-26 17:44:44 +03:00
Jaime Soriano Pastor
e8fa6039f6 WPS methods exported over DBus
I've exported the methods wpsPbc, wpsReg and wpsPin (patch attached),
so wpa_supplicant should be able to connect with WPS using the dbus
interface. I couldn't test it well because the problem seems to be in
my wireless card, a Broadcom BCM4328. At least it seems to do the same
using both interfaces. With ndiswrapper driver the "wpsie" entry
(thanks Dan!) didn't appear, and with the Broadcom wl driver it
appears but I cannot associate using WPS.
2009-05-06 13:23:41 +03:00
Helmut Schaa
01a569e8a1 wpa_supplicant: add DBus method for changing debug parameters
Add a new DBus method "setDebugParams" which takes the parameters
debug_level, debug_timestamp and show_keys as input and updates the
internal debug variables accordingly.

To change the debug level, enable/disable timestamps and enable/disable
show_keys the following dbus-send command can be used:

dbus-send --system --dest=fi.epitest.hostap.WPASupplicant --print-reply
/fi/epitest/hostap/WPASupplicant fi.epitest.hostap.WPASupplicant.setDebugParams
int32:0 boolean:false boolean:false

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2009-05-06 11:54:00 +03:00
Jouni Malinen
da1fb17ca7 Add handling of SME auth/assoc timeout events
This allows wpa_supplicant to start searching for other APs (or re-try)
if the MLME times out.
2009-04-24 00:08:24 +03:00
Jouni Malinen
4bc181ecc7 Add new wpa_supplicant driver op for setting 802.1X port status
This can be used with drivers that implement PAE to control whether
normal data frames (non-EAPOL) are allowed.
2009-04-22 16:01:37 +03:00
Jouni Malinen
3ec97afe57 wpa_supplicant AP: Add preliminary support for WPS Internal Registrar
When in AP mode, wpa_supplicant is now enabling WPS (only Internal
Registrar). wpa_cli wps_pbc and wps_pin commands can be used to initiate
WPS negotiation similarly to how this is done in station mode (though,
the BSSID parameter is ignored).
2009-04-21 16:45:16 +03:00
Jouni Malinen
a8d6ffa48f wpa_supplicant AP: Add sta_set_flags 2009-04-20 16:33:13 +03:00
Jouni Malinen
db149ac949 wpa_supplicant AP: Add EAPOL frame TX and RX
This allows WPA-Personal 4-way handshake to be completed successfully.
2009-04-20 16:27:45 +03:00
Jouni Malinen
07d9a55297 wpa_supplicant AP: Update WPA/RSN configuration
Couple of additional operations are needed to make hostapd configuration
valid for WPA.
2009-04-20 16:11:08 +03:00
Jouni Malinen
c3dc92e85f Make deauthentication and disassociation consistent
This fixes an issue where the station was not marked disassociated
properly with locally requested deauthentication.
2009-04-20 11:36:47 +03:00
Jouni Malinen
83935317a7 Disconnect if 4-way handshake processing fails
There is no point in trying to continue if a 4-way handshake frame is
discarded or if PTK/GTK/IGTK configuration fails. Force the client to
disconnect in such a case to avoid confusing user by claiming the
connection was successfully completed.
2009-04-20 11:35:21 +03:00
Jouni Malinen
0f4e8b4f65 wpa_supplicant AP: add sta_add() and sta_remove() 2009-04-17 20:09:20 +03:00
Jouni Malinen
be301e56b6 wpa_supplicant AP: Fix build after hostapd driver_ops changes 2009-04-17 16:41:53 +03:00
Jouni Malinen
b615a25e4e wpa_supplicant AP: Fix hw_mode for 5 GHz channels 2009-04-12 12:10:08 +03:00
Jouni Malinen
92f475b4d8 Merge hostapd driver init functions into one
Use a parameter structure to pass in information that can be more easily
extended in the future. Include some of the parameters that were
previously read directly from hapd->conf in order to reduce need for
including hostapd/config.h into driver wrappers.
2009-04-09 23:28:21 +03:00
Jouni Malinen
c3965310e6 Use common get_hw_feature_data for hostapd and wpa_supplicant
This merges the driver wrapper implementations to use the same
implementation both for hostapd and wpa_supplicant operations to avoid
code duplication.
2009-04-09 14:11:39 +03:00
Jouni Malinen
c51218372f Merge wpa_supplicant and hostapd driver wrapper implementations
This commit merges the driver_ops structures and implementations from
hostapd/driver*.[ch] into src/drivers. This is only an initial step and
there is room for number of cleanups to share code between the hostapd
and wpa_supplicant parts of the wrappers to avoid unnecessary source
code duplication.
2009-04-09 13:40:12 +03:00
Jouni Malinen
c2220ec0b7 Fix couple of forgotten wpa_hw_modes -> hostapd_hw_modes
Some build configurations resulted in failure due to missed structure
rename.
2009-04-06 15:02:48 +03:00
Jouni Malinen
a0b2f99bd7 nl80211: Fix static WEP key configuration when using SME
Need to set WEP keys before requesting authentication in order to get
Shared Key authentication working. Previously, the WEP keys were not set
at all when using SME in wpa_supplicant.
2009-04-04 16:58:16 +03:00
Jouni Malinen
282d55908b wpa_supplicant AP: Add get_hw_feature_data
This is enough to allow open mode association to be completed with
driver_nl80211.c.
2009-04-03 19:11:22 +03:00
Jouni Malinen
6caf9ca68c Share same hw_feature definitions between hostapd and wpa_supplicant 2009-04-03 19:04:20 +03:00
Jouni Malinen
0892aaaf51 Set own MAC address in AP data structures 2009-04-03 16:53:09 +03:00
Jouni Malinen
2c2010acda Implement management frame TX for wpa_supplicant AP mode 2009-04-03 16:45:09 +03:00
Jouni Malinen
0915d02c3c wpa_supplicant AP: Add management frame RX for nl80211 2009-04-02 21:59:14 +03:00
Jouni Malinen
d2440ba01b Add Beacon configuration for wpa_supplicant AP mode 2009-04-02 16:09:48 +03:00
Jouni Malinen
efa4607800 SME: Add processing for rejected associations 2009-04-01 17:10:36 +03:00
Jouni Malinen
c0a6190815 Fix SHA-256-based KDF when using CCMP as the pairwise cipher
IEEE 802.11r KDF uses key length in the derivation and as such, the PTK
length must be specified correctly. The previous version was deriving
using 512-bit PTK regardless of the negotiated cipher suite; this works
for TKIP, but not for CCMP. Update the code to use proper PTK length
based on the pairwise cipher.

This fixed PTK derivation for both IEEE 802.11r and IEEE 802.11w (when
using AKMP that specifies SHA-256-based key derivation). The fixed
version does not interoperate with the previous versions. [Bug 307]
2009-04-01 12:04:36 +03:00
Jouni Malinen
73267b9ca4 WPS: Fix local configuration update after AP configuration
Update credential to only include a single authentication and
encryption type in case the AP configuration includes more than one
option. Without this, the credential would be rejected if the AP was
configured to allow more than one authentication type.
2009-03-30 19:00:55 +03:00
Jouni Malinen
0f2b2c1973 Add needed AP driver wrappers (most of which are still to-do) 2009-03-27 17:13:54 +02:00
Jouni Malinen
07f117edb5 Set hostapd configuration based on wpa_supplicant AP mode config 2009-03-27 16:45:47 +02:00
Jouni Malinen
d3a9822542 Add support for specifying subset of enabled frequencies to scan
A new network block parameter, scan_freq, can be used to specify subset
of frequencies to scan. This can speed up scanning process considerably
if it is known that only a small subset of channels is actually used in
the network. A union of configured frequencies for all enabled network
blocks is used in scan requests.

Currently, only driver_nl80211.c has support for this functionality.

For example, following parameter marks 2.4 GHz channels 1, 6, 11 to be
scanned: scan_freq=2412 2437 2462
2009-03-26 21:55:01 +02:00
Jouni Malinen
2d5b792d2b Add preliminary hostapd data structure initialization for AP mode
wpa_supplicant can now initialize hostapd data structures when mode=2 is
used to set up an AP. The hostapd configuration is not yet set based on
wpa_supplicant network configuration block. In addition, the glue code
for hostapd driver_ops needs number of functions that will be needed for
AP functionality.
2009-03-26 20:37:05 +02:00
Jouni Malinen
1f1b62a0f0 Move wpa_supplicant_create_ap() into ap.c 2009-03-26 16:08:17 +02:00
Jouni Malinen
c746331b52 Allow hostapd/config.h and wpa_supplicant/config_ssid.h coexist
Move the shared IEEE 802.11w enum definition into src/common/defs.h to
avoid redefinition when both configuration structures are included into
the same file.
2009-03-26 16:06:15 +02:00
Jouni Malinen
089757c6a9 Fix wpa_supplicant AP build after hostapd header file cleanup 2009-03-25 16:35:26 +02:00
Jouni Malinen
f1a4871084 Link in AP functionality from hostapd when CONFIG_AP=y
This is only allowing the code to be compiled and linked in; the actual
functionality is not yet enabled.
2009-03-25 12:23:42 +02:00
Jouni Malinen
1581b38b67 Initial step in adding simple AP mode support into wpa_supplicant
This version is adding the configuration option (mode=2) for this and
driver capability reporting to figure out whether AP mode can be used.
However, this does not actually implement any real functionality yet.
2009-03-25 11:38:47 +02:00
Jouni Malinen
36b15723ca Deprecate set_drop_unencrypted(), set_auth_alg(), and set_mode()
All these driver handlers can be implemented in associate() handler
which gets all the needed information in the parameters structure. The
old functions that provided only a single parameter will be removed
eventually to clean up the driver_ops structure, so driver wrappers
should start using the newer mechanism.
2009-03-24 20:06:02 +02:00
Sam Leffler
19b9436c0e Fix UNIX domain socket address handling to be more portable
Removing just sun_family is not portable since some systems (e.g.,
FreeBSD) include an additional sun_len field. Using offsetof should be
portable. In addition, set sun_ken for FreeBSD.
2009-03-21 22:00:27 +02:00
Jouni Malinen
7d737d6bf9 Fix FreeBSD build by not adding -ldl
Unlike Linux, FreeBSD does not use libdl.
2009-03-21 20:59:07 +02:00
Jouni Malinen
26c9d7ea24 Fix IEEE 802.11r build without CONFIG_CLIENT_MLME 2009-03-21 20:57:21 +02:00
Jouni Malinen
c9d2ffbc4c Document CONFIG_CLIENT_MLME option as specific to test driver
Since user space MLME is not used with nl80211 anymore, this option is
only of use with driver_test.
2009-03-20 22:35:19 +02:00
Jouni Malinen
c2a0407851 Add SME support (separate authentication and association)
This can be used, e.g., with mac80211-based Linux drivers with
nl80211. This allows over-the-air FT protocol to be used (IEEE
802.11r).

Since the nl80211 interface needed for this is very recent (added
today  into wireless-testing.git), driver_nl80211.c has backwards
compatibility code that uses WEXT for association if the kernel does
not support the new commands. This compatibility code can be
disabled by defining NO_WEXT_COMPAT. That code will also be removed
at  some point to clean up driver_nl80211.c.
2009-03-20 22:26:41 +02:00
Jouni Malinen
4cb0dcd92d Fix IEEE 802.11r key derivation function to match with the standard
IEEE Std 802.11r-2008, 8.5.1.5.2 starts the 'i' counter from 1, not 0.
Note: this breaks interoperability with previous versions. [Bug 303]
2009-03-19 15:46:00 +02:00
Jouni Malinen
c5aaa01562 Detach ctrl_iface monitor if the client socket is removed
No need to wait for 10 errors when using UNIX domain socket; we can
detach the client immediately on ENOENT.
2009-03-17 16:56:30 +02:00
Jouni Malinen
babfbf15cc FT: Add RIC Request generation and validation (but not processing)
This adds first part of FT resource request as part of Reassocition
Request frame (i.e., FT Protocol, not FT Resource Request Protocol).
wpa_supplicant can generate a test resource request when driver_test.c
is used with internal MLME code and hostapd can verify the FTIE MIC
properly with the included RIC Request.

The actual RIC Request IEs are not processed yet and hostapd does not
yet reply with RIC Response (nor would wpa_supplicant be able to
validate the FTIE MIC for a frame with RIC Response).
2009-03-09 20:45:17 +02:00
Jouni Malinen
58d1f6d189 Fix EAP-FAST only build to include the needed EAPOL implementation 2009-03-08 11:29:31 +02:00
Jouni Malinen
c472ef754d driver_ndis: Add PAE group address to the multicast address
This is done with wired interfaces to fix IEEE 802.1X authentication
when the authenticator uses the group address (which should be happening
with wired Ethernet authentication).

This allows wpa_supplicant to complete wired authentication successfully
on Vista with a NDIS 6 driver, but the change is likely needed for
Windows XP, too.
2009-03-07 23:10:41 +02:00
Jouni Malinen
4ef1e644eb Determiner whether driver is wired at runtime based on capabilities
Do not use just the driver name for this since driver_ndis.c supports
both wired and wireless NDIS drivers and needs to indicate the driver
type after initialization.
2009-03-07 22:05:43 +02:00
Jouni Malinen
ed843aaa33 WMM-AC: Fix hostapd processing of ADDTS Request and add test code
Calculate the estimated medium time using integer variables since there
is no real need to use floating point arithmetics here. In addition,
make sure there is no division by zero regardless of how invalid the
request from the station is. Reject invalid parameters and refuse
requests that would take most of the bandwidth by themselves.

Add test code into wpa_supplicant mlme.c to allow WMM-AC negotiation to
be tested with driver_test.
2009-03-06 20:15:00 +02:00
Jouni Malinen
5c3dd4ebbe Enable WMM support in the test MLME code
This allows driver_test to be used to test WMM negotiation.
2009-03-06 17:28:00 +02:00
Jouni Malinen
9cf548c082 Allow PN531_PATH to be overriden from .config 2009-03-06 16:25:48 +02:00
Masashi Honma
e1ee6b600b WPS: Add support for NFC out-of-band mechanism
The new file wps_nfc.c and ndef.c implements NFC device independent
operation, wps_nfc_pn531.c implements NFC device dependent operation.

This patch is only for the following use case:
- Enrollee = wpa_supplicant
- Registrar = hostapd internal Registrar

Following NFC methods can be used:
- Enrollee PIN with NFC
- Registrar PIN with NFC
- unencrypted credential with NFC

Encrypted credentials are not supported.

Enrollee side operation:

Registrar side operation:

Example configuration.
CONFIG_WPS=y
CONFIG_WPS_NFC=y
CONFIG_WPS_NFC_PN531=y

I used NFC device "NXP PN531". The NFC device access method is
confidential, so I used outer library. Please download below files from
https://www.saice-wpsnfc.bz/index.php

[WPS NFC Library]
WpsNfcLibrary/WpsNfc.h
WpsNfcLibrary/WpsNfcType.h
WpsNfcLibrary/WpsNfcVersion.h
WpsNfcLibrary/linux/libnfc_mapping_pn53x.dll
WpsNfcLibrary/linux/wpsnfc.dll

[NFC Reader/Writer Kernel Driver]
NFCKernelDriver-1.0.3/linux/kobj/sonyrw.ko

<WiFi test>
The hostapd/wpa_supplicant with this patch passed below tests on
"Wi-Fi WPS Test Plan Version 1.6".
4.2.5 Add device using NFC Method with password token
(I used SONY STA instead of NXP STA.)

4.2.6 Add device using NFC Method with configuration token

5.1.9 Add to AP using NFC Method with password token
through internal registrar
(I used SONY AP instead of NXP AP.)

5.1.10 Add to AP using NFC Method with configuration token
through internal registrar
2009-03-06 16:16:22 +02:00
Jouni Malinen
7cc1b6c900 WPS: Add a workaround for TKIP/CCMP mixed mode credentials
Many deployed APs do not handle negotiation of security parameters well
when both TKIP and CCMP (or both WPA and WPA2) are enabled. The most
common end result seems to be ending up with the least secure option..

As a workaround, check whether the AP advertises WPA2/CCMP in Beacon
frames and add those options for the credential if needed. This allows
the client to select the most secure configuration regardless of how
broken the AP's WPS implementation is as far as auth/encr type
negotiation is concerned.
2009-03-05 21:39:39 +02:00
Jouni Malinen
77ac446621 Fix MLME build after WMM renames 2009-03-05 15:56:51 +02:00
Sam Leffler
a83d9c9652 Add build option CONFIG_TERMINATE_ONLASTIF
This makes wpa_supplicant terminate automatically if the configured
interface(s) disappear.
2009-03-02 21:57:00 +02:00
Sam Leffler
daa70d49de Add support for wpa_supplicant syslog output
Enable for build: CFLAGS += -DCONFIG_DEBUG_SYSLOG in .config
Enable at runtime: -s on command line
2009-03-02 21:40:44 +02:00
Jouni Malinen
049a292f89 Fix builds that need SHA256 or mod_exp, but not TLS functions 2009-02-27 17:46:40 +02:00
Jouni Malinen
f4c617ee4c WPS UFD: Add entry to ChangeLog 2009-02-26 22:10:50 +02:00
Jouni Malinen
116f7bb0a3 WPS UFD: Build OOB functionality only if UFD is enabled 2009-02-26 22:10:21 +02:00
Jouni Malinen
d5e2b2d274 WPS UFD: Use pre-configured DH keys only with OOB
The old behavior of generating new DH keys can be maintained for non-OOB
cases and only OOB (in this case, with UFD) will use the pre-configured
DH keys to allow the public key hash to be checked.
2009-02-26 22:09:35 +02:00
Jouni Malinen
7cbf51bbd8 WPS UFD: Remove oob_dev pointer from wps_context
This pointer and the especially the oob_dev->device_path does not remain
valid, so better not save it any longer than it is needed.
2009-02-26 22:07:55 +02:00
Jouni Malinen
390cd3105d WPS UFD: Make build conditional on CONFIG_WPS_UFD=y
Not all embedded devices have USB interface and it is useful to be able
to remove unneeded functionality from the binary. In addition, the
current implementation has some UNIX specific calls in it which may make
it not compile cleanly on all target systems.
2009-02-26 22:01:36 +02:00
Masashi Honma
46bdb83acd WPS: Add UFD support (USBA out-of-band mechanism)
This patch is only for the following use case:
- Enrollee = wpa_supplicant
- Registrar = hostapd internal Registrar

Following UFD methods can be used:
- Enrollee PIN with UFD
- Registrar PIN with UFD
- unencrypted credential with UFD

Encrypted credentials are not supported.

Enrollee side operation:
wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r

Registrar side operation:
./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 21:57:38 +02:00