Commit graph

819 commits

Author SHA1 Message Date
Masashi Honma
bab31499fd EAP-TTLS/PAP: User-Password obfuscation for zero length password
The password in User-Password AVP is padded to a multiple of 16 bytes
on EAP-TTLS/PAP. But when the password length is zero, no padding is
added. It doesn't cause connectivity issue. In fact, I could connect
with hostapd RADIUS server with zero length password.

I think it's better for obfuscation to pad the 16 bytes data when the
password length is zero with this patch.
2009-12-09 23:42:54 +02:00
Jouni Malinen
3484a18a13 hostapd: Remove unused bridge_packets configuration option
There was code for configuring this, but no driver wrapper actually
implements the actual setting. Remove this for now to reduce potential
confusion and to simply the driver interface.
2009-12-09 22:06:43 +02:00
Jouni Malinen
fb7842aa51 Remove struct hostapd_rate_data from driver API
In addition to the bitrate, the only other variable in this structure
is used internally in hostapd. Move this structure into hostapd.h and
make the driver API use simpler data structure (array of bitrates).
2009-12-09 21:57:50 +02:00
Jouni Malinen
217e7eeaf0 Remove unused rate flags from driver use
These are not really used and can be removed to clean up the driver
interface definition. The only remaining flag (HOSTAPD_RATE_BASIC) can
be removed once the basic rate set indication can be handled
differently.
2009-12-09 21:38:14 +02:00
Jouni Malinen
22a7c9d735 Merge bss_add/bss_remove drivers ops into if_add/if_remove
if_add/if_remove can now be used as the generic driver ops for adding
and removing virtual interfaces of various types. In addition,
driver_nl80211.c is now including this code unconditionally, so that
the functions are not limited only for hostapd.
2009-12-09 16:49:28 +02:00
Jouni Malinen
b5996353e7 Remove unused if_update() driver op 2009-12-09 15:47:20 +02:00
Masashi Honma
2a91091e15 Fix driver_bsd.c build
On NetBSD 5.0.1, driver_bsd.c build fails with message below.

../src/drivers/driver_bsd.c: In function 'wpa_driver_bsd_associate':
../src/drivers/driver_bsd.c:1170: warning: implicit declaration of function 'wpa_driver_bsd_set_auth_alg'
../src/drivers/driver_bsd.c: At top level:
../src/drivers/driver_bsd.c:1204: error: static declaration of 'wpa_driver_bsd_set_auth_alg' follows non-static declaration
../src/drivers/driver_bsd.c:1170: error: previous implicit declaration of 'wpa_driver_bsd_set_auth_alg' was here
gmake: *** [../src/drivers/driver_bsd.o] Error 1

This patch solves this issue.
2009-12-07 21:35:35 +02:00
Jouni Malinen
644a8f2208 Remove unused phytype RX info variable 2009-12-06 18:54:58 +02:00
Jouni Malinen
5c90d47657 Move EAP-SIM DB conditional build into hostapd 2009-12-06 18:23:53 +02:00
Jouni Malinen
74784010af Remove conditional no-RADIUS build from src/radius
Make it responsibility of the src/radius user to handle conditional
build rules.
2009-12-06 17:53:59 +02:00
Jouni Malinen
ab7ddc74ad Move asn1_test.c into tests subdirectory and split it in two
The new test-asn1 and test-x509 tools are built using libraries
from src/{utils,crypto,tls}. Currently, cross dependencies between
crypto and tls are still preventing the test-x509 from being linked
properly.
2009-12-06 16:45:36 +02:00
Jouni Malinen
0e574b07f8 Move hlr_auc_gw into hostapd directory
This is a separate program and is used mainly with hostapd, so it is
better to move this into the hostapd subdirectory now that Milenage
code has already been moved into src/crypto. Milenage was the only
generic component in hlr_auc_gw.
2009-12-06 16:33:19 +02:00
Jouni Malinen
912321e935 Add rules for building src/tls/libtls.a and use it with eap_example
eap_example is now using src/crypto/libcrypto.a and src/tls/libtls.a
instead of providing own rules for building the files for these
components. TLS library selection is temporarily disabled for
eap_example (it will be built using internal crypto/TLS), but the
configuration option for this will eventually be restored with a new
libcrypto.a configuration option.
2009-12-06 16:27:54 +02:00
Jouni Malinen
e77e0a8320 Include functionality to support EAP-FAST unconditionally
Clean up the internal TLS implementation by removing conditional
build blocks for (mostly) EAP-FAST specific functionality. This
will increase the size a big for non-EAP-FAST builds, but is quite
helpful in making src/tls/libtls.a with single build options. If
the potential size reduction is considered significant in the future,
this can be reconsider with a more library compatible way (e.g.,
external file with registration function, etc.).
2009-12-06 16:20:32 +02:00
Jouni Malinen
1a70777868 Remove unneeded CONFIG_INTERNAL_X509 and NEED_SHA256 defines 2009-12-06 16:19:13 +02:00
Jouni Malinen
be473f3f09 Split crypto_internal.c into parts to clean up build
This makes it easier to make src/libcrypto.a and only link in
code that is really used.
2009-12-06 14:37:46 +02:00
Jouni Malinen
507d87930c Fix rsn_preauth_scan_result() inline wrapper for no-EAP builds 2009-12-06 14:29:12 +02:00
Jouni Malinen
4bb1228e1c Use thin archives to allow libraries to be merged
This allows libeap.a and libeap.so to be built by merging in multiple
libraries from src subdirectories. In addition, this avoids wasting
extra space and time for local builds.
2009-12-06 13:49:31 +02:00
Jouni Malinen
f721aed4b1 Increase EAP server extra room for encryption overhead (for GnuTLS)
This fixes issues with some GnuTLS versions that seem to be adding
quite a bit of extra data into TLS messages. The EAP server code is
now using the same 300 byte extra room that was already used in the
EAP peer implementation.
2009-12-06 12:02:28 +02:00
Jouni Malinen
127608152e Move EAP method registration away from src/eap_{peer,server}
This makes it easier to make a library out of EAP methods without
losing possiblity of binary size optimization by linker dropping
unreferenced code.
2009-12-06 11:28:41 +02:00
Jouni Malinen
2d106f21aa Remove unnecessary defines
The following defines are not really needed in most places, so
remove them to clean up source code and build scripts:
EAP_TLS_FUNCS
EAP_TLS_OPENSSL
EAP_TLS_GNUTLS
CONFIG_TLS_INTERNAL
2009-12-05 22:51:08 +02:00
Jouni Malinen
36ee258db7 Add forgotten files into libcrypto.a 2009-12-05 22:25:50 +02:00
Jouni Malinen
631afd993f Add rules for building src/crypto as a library
For now, this is hardcoded to support only the internal crypto
implementation.
2009-12-05 22:03:46 +02:00
Jouni Malinen
6a230ba274 Add build rules for building a library from src/utils files
This is an initial step on providing an alternative build system that
uses libraries from src subdirectories.
2009-12-05 21:39:41 +02:00
Jouni Malinen
953f83439b Move Milenage test code into the new tests directory 2009-12-05 21:14:08 +02:00
Jouni Malinen
43df4cc2ca Move milenage.[ch] into src/crypto 2009-12-05 21:00:52 +02:00
Jouni Malinen
1801bd7fae Move base64 test code into a new tests subdirectory 2009-12-05 20:43:07 +02:00
Jouni Malinen
a95795ad61 nl80211: Add extra IEs into IBSS join request
This allows RSN IE to be added into Beacon and Probe Response frames
when using RSN IBSS.
2009-12-04 22:20:59 +02:00
Jouni Malinen
5cc4d64bf2 nl80211: Add support for IBSS networks 2009-12-04 00:15:32 +02:00
Jouni Malinen
362bd35f2d Add more Doxygen documentation for RADIUS server implementation 2009-12-02 21:29:32 +02:00
Jouni Malinen
d72aad942b nl80211: Clear BSS state mismatches with deauth as a workaround
There seem to be some cases in which wpa_supplicant and
cfg80211/mac80211 seem to have different understanding on
authentication/association state. Since cfg80211/mac80211 is very strict
on when it accepts new authentication/association/scan commands, try our
best at clearing such state mismatches by explicitly deauthenticating
from BSSes with which the driver claims we are associated with if we do
not have local information about such association.
2009-12-02 17:54:57 +02:00
Jouni Malinen
e6b8efeba0 nl80211: Add debug prints for BSS status in scan results
Print what the kernel believes the current BSS status (authenticated
or associated) is in scan results. In addition, check whether this
matches with the state that wpa_supplicant believes the driver to be
in.

This does not change the actual behavior, but will provide information
that will help in debugging potential issues where cfg80211/mac80211
seems to get into a different state from wpa_supplicant. In addition,
this provides an easy location for a workaround that could be added to
clear cfg80211/mac80211 state for unknown BSSes.
2009-12-02 16:45:31 +02:00
Jouni Malinen
e0e14a7bc3 Move internal EAPOL authenticator defines into their own file
This is an initial step in further cleaning up the EAPOL authenticator
use to avoid requiring direct accesses to the internal data structures.
For now, number of external files are still including the internal
definitions from eapol_auth_sm_i.h, but eventually, these direct
references should be removed.
2009-11-29 23:16:04 +02:00
Jouni Malinen
03da66bd59 Remove src/crypto from default include path
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.
2009-11-29 23:04:43 +02:00
Jouni Malinen
ffa2a30e33 Add Makefile for the new src/eapol_auth directory 2009-11-29 20:21:25 +02:00
Jouni Malinen
b60d6f61e4 Make HOSTAPD_DUMP_STATE configurable with CONFIG_NO_DUMP_STATE
This removes the hardcoded definition from Makefile and cleans up
source code by moving the mail HOSTAPD_DUMP_STATE blocks into separate
files to avoid conditional compilation within files.
2009-11-29 20:18:47 +02:00
Jouni Malinen
281c950be4 Move EAPOL authenticator state machine into src/eapol_auth
This is now completely independent from hostapd-specific code, so
it can be moved to be under the src tree.
2009-11-29 20:03:28 +02:00
Jouni Malinen
2773ca093e Replace eap_type_text() with EAP server methods function
While this may not include knowledge of all EAP methods since this
depends on build configuration, it is better to not have to include
ieee802_1x.h into eapol_sm.c.
2009-11-29 18:57:15 +02:00
Jouni Malinen
0c3abf8d22 Add driver wrapper callback for WPS push button pressed
This avoids the need to include ../hostapd/wps_hostapd.h into the
driver wrappers.
2009-11-29 18:18:02 +02:00
Jouni Malinen
b8be7f5c03 driver_prism54: Use hostapd_notif_disassoc() instead of private copy 2009-11-29 18:13:15 +02:00
Jouni Malinen
67470d5112 Remove some unneeded header file inclusions 2009-11-29 18:07:08 +02:00
Jouni Malinen
bcd154c343 Include sta_flags.h explicitly, not via sta_info.h 2009-11-29 18:00:39 +02:00
Jouni Malinen
90973fb2fd Remove src/common from default header file path
This makes it clearer which files are including header from src/common.
Some of these cases should probably be cleaned up in the future not to
do that.

In addition, src/common/nl80211_copy.h and wireless_copy.h were moved
into src/drivers since they are only used by driver wrappers and do not
need to live in src/common.
2009-11-29 17:51:55 +02:00
Jouni Malinen
6ae9318536 Split scan processing for RSN preauthentication into parts
This avoids passing the raw scan results into the RSN code and by
doing so, removes the only dependency on src/drivers from the
src/rsn_supp code (or from any src subdirectory for that matter).
2009-11-29 17:06:03 +02:00
Jouni Malinen
120158cc8b Move uuid_gen_mac_addr() from uuid.c into src/wps
This removes the only src/crypto dependency from src/utils files.
2009-11-29 13:15:32 +02:00
Jouni Malinen
197ef6abef nl80211: Remove unneeded header file: ieee802_11_common.h
driver_nl80211.c does not use anything from this header file.
2009-11-29 13:06:44 +02:00
Jouni Malinen
fc4e2d9501 HT: Remove unneeded struct ht_cap_ie wrapper
It is simpler to just use the HT Capabilities IE payload structure
as-is.
2009-11-29 13:04:21 +02:00
Jouni Malinen
3a328c8133 Remove unused/unneeded IEEE 802.11n definitions 2009-11-29 12:43:23 +02:00
Jouni Malinen
be8eb8ab3e Fix AP mode HT Capabilities IE to use A-MPDU Parameters from the driver
Instead of using hardcoded maximum A-MPDU length of 64 kB and no
restrictions on minimum MPDU Start Spacing, use the correct values
reported by the driver.
2009-11-29 12:21:26 +02:00
Jouni Malinen
a49148fd55 Rename HT Capabilities IE fields to match with IEEE Std 802.11n-2009 2009-11-29 12:02:29 +02:00
Jouni Malinen
15ef92d3cc Complete Doxygen documentation for RADIUS client
No more warnings from Doxygen about missing documentation from
radius_client.[ch].
2009-11-29 11:48:28 +02:00
Jouni Malinen
93704f8f95 Remove unused RADIUS client reconfig function
This is not actually used at all and it looks like the rules for
maintaining the old/new RADIUS configuration are not very clear in the
case the RADIUS client configuration did not change. Consequently, it
is better to just remove this for now and if similar functionality is
ever needed, redesign it to be easier to use without causing hard to
find issues with using freed memory.

Simpler approach to reconfiguring the RADIUS client would involve
just deinitializing the old context unconditionally and initializing
a new one whenever the configuration could have changed.
2009-11-28 23:04:35 +02:00
Jouni Malinen
5843e1c9a6 Move acct_interim_interval away from RADIUS client configuration
This is not used at all inside RADIUS client and as such, it belongs
into hostapd configuration.
2009-11-28 23:03:20 +02:00
Jouni Malinen
df1e24aceb Improved Doxygen documentation for RADIUS client code 2009-11-28 23:00:29 +02:00
Jouni Malinen
8d5aca73bb Fix doxygen file level comments 2009-11-28 21:34:14 +02:00
Jouni Malinen
e8f5625c45 Fix doxygen file level comments 2009-11-28 21:14:36 +02:00
Jouni Malinen
ed45947e9b WPS: Update couple of missed Primary Device Type uses 2009-11-26 11:54:37 +02:00
Jouni Malinen
96750ea5e5 WPS: Clean up Primary Device Type handling
Use shared functions for converting Primary Device Type between binary
and string formats. In addition, use array of eight octets instead of a
specific structure with multiple fields to reduce code complexity.
2009-11-26 11:39:29 +02:00
Jouni Malinen
8e2c104fa1 Resolve some sparse warnings
Mainly, this is including header files to get definitions for functions
which is good to verify that the parameters match. None of these are
issues that would have shown as incorrect behavior of the program.
2009-11-25 00:57:00 +02:00
Jouni Malinen
ec8d20187d Remove obsoleted get_scan_results() driver_ops
This has now been replaced with get_scan_results2() in every
in-tree driver.
2009-11-23 21:33:37 +02:00
Jouni Malinen
c2e8d0a092 Remove deprecated scan and set_probe_req_ie driver_ops
These have been replaced with scan2 driver_ops that provides all
parameters in a single call.
2009-11-23 21:13:46 +02:00
Jouni Malinen
4a867032ae Remove deprecated driver_ops handlers
This gets rid of previously deprecated driver_ops handlers set_wpa,
set_drop_unencrypted, set_auth_alg, set_mode. The same functionality
can be achieved by using the init/deinit/associate handlers.
2009-11-23 20:22:38 +02:00
Jouni Malinen
e90bba4c59 Add cleared deprecation notes on iwl,ndiswrapper,madwifi(sta) wrappers
These driver wrappers should not be used anymore; WEXT should be used
instead. However, there may still be users stuck on older kernel versions
that may require driver specific wrappers, so the source code still
remains in the repository.
2009-11-23 17:08:59 +02:00
Jouni Malinen
642187d6bf Merge set_key and hapd_set_key driver_ops into a single function 2009-11-23 16:58:32 +02:00
Jouni Malinen
fd7a5dd15f Move HOSTAPD_MTU definition into driver_hostap.c
This moves the MTU definition into driver_hostap.c since it was really
meant to be specific to this driver. Since this was the last remaining
definition in hostapd_defs.h, remove that header file as unnecessary.
2009-11-23 16:21:07 +02:00
Jouni Malinen
0715247aa8 Remove unneeded set-MTU operation from drivers
This code was copied from driver_hostap.c where it is used with the
special wlan#ap interface. It was not supposed to be used to change
the MTU for a normal data interface.
2009-11-23 16:17:41 +02:00
Jouni Malinen
d994a9b54e Move definitions away from hostapd_defs.h
Clean up definitions to reduce need to include header files from the
hostapd directory into files under the src subdirectories.
2009-11-23 16:14:39 +02:00
Jouni Malinen
c1bb3e0a62 nl80211: Build some client functionality unconditionally
Even though this makes the hostapd version a bit larger, the code will
be easier to maintain with the reduced number of complex ifdef blacks.
2009-11-23 15:40:29 +02:00
Jouni Malinen
dbb2618300 nl80211: Remove last remaining WEXT code
Clean up driver_nl80211.c by gettign rid of the last remaining WEXT use.
This requires that a recent mac80211 version is used to get full protection
in station mode via the authorized flag (IEEE 802.1X PAE).
2009-11-23 15:30:05 +02:00
Jouni Malinen
5d67487244 Merge set_beacon driver_ops into a single one
Clean up driver interface by merging hostapd and wpa_supplicant
specific set_beacon driver_ops into a single one. In addition,
merge set_beacon_int into to the same operation.
2009-11-23 15:26:05 +02:00
Jouni Malinen
3c2166d63c WPS: Do not try to send byebye advertisements if socket is not valid
If initialization fails, we could potentially try to sendto() on -1
socket which would fail. No point in doing that, so just return early
from the function.
2009-11-21 22:00:33 +02:00
Jouni Malinen
3617d81a70 Fix a typo in a comment 2009-11-21 21:13:19 +02:00
Jouni Malinen
55d0b0831e OpenSSL: Remove unneeded MinGW CryptoAPI compat code
The current MinGW/w32api versions seem to provide all the needed CryptoAPI
functions, so the code for loading these dynamically from the DLL can be
removed.
2009-11-21 20:33:41 +02:00
Jouni Malinen
e3992c3381 GnuTLS: Fix compilation with newer GnuTLS versions
Avoid duplicate defination of TLS_RANDOM_SIZE and TLS_MASTER_SIZE.
2009-11-21 20:23:58 +02:00
Jouni Malinen
6d798e8b7e Fix strict aliasing issue with the internal SHA-1 implementation
Need to define the workspace buffer properly to allow compiler to handle
strict aliasing between the incoming unsigned char[64] buffer as an u32
array. The previous version built with strict aliasing enabled can
result in SHA-1 producing incorrect results and consequently, with
4-way handshake failing.

This is based on a report and patch from Dan Williams <dcbw@redhat.com>
but with a different type (the union) used as a fix to avoid needing
extra type casting.

Discovered as part of the investigation of:

https://bugzilla.redhat.com/show_bug.cgi?id=494262#c32

if sha1 is built with gcc without turning off strict aliasing, it will
fail to correctly generate the hashes and will fail its own testcases as
well.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2009-11-21 20:17:24 +02:00
Jouni Malinen
11ff95783e WPS ER: Deinitialize protocol instance with STA after completion
In addition, remove the WPS ER Enrollee entry 10 seconds after
successful completion of the protocol run.
2009-11-21 18:39:12 +02:00
Jouni Malinen
a34a330706 WPS ER: Use random event identifier in event URL
This avoids some issues in cases where the ER has been started and
stopped multiple times on the same address and an AP may have stored
multiple event notification addresses for the same ER. The random
identifier allows the ER to filter out unexpected messages from further
processing.
2009-11-21 18:15:37 +02:00
Jouni Malinen
3f6dc111ff WPS: Cleanup subscription URL list handling
Do not give the allocated memory to the subscription code since it was
not using it as-is anyway. This makes it easier to understand who owns
the allocation an is responsible of freeing it. This may potentially
fix some memory leaks on error paths.
2009-11-21 18:06:02 +02:00
Jouni Malinen
ec72bd0c77 WPS ER: Move SSDP functionality into a separate file 2009-11-21 17:26:23 +02:00
Jouni Malinen
e694b34474 WPS ER: Add more AP information into the ctrl_interface message
This allow wpa_gui to show AP BSSID, WPS State (configured/unconfigured),
and primary device type.
2009-11-21 13:34:23 +02:00
Jouni Malinen
c3016248f4 WPS ER: Fetch AP's M1 to learn device type and WPS state 2009-11-21 13:13:02 +02:00
Jouni Malinen
52a45d20dd WPS ER: Use (addr,UUID) as the key for AP entries
This allows multiple WPS AP instances to be supported per IP address.
2009-11-21 12:51:40 +02:00
Jouni Malinen
7a082a83f0 WPS ER: Stop AP unlink loop on match
There is no need to continue through the list after this, since the
same AP entry can only be listed once.
2009-11-21 12:18:24 +02:00
Jouni Malinen
6a1e492a81 WPS ER: Move STA entry unlinking into a separate function 2009-11-21 12:18:03 +02:00
Jouni Malinen
7c04d5ec6c WPS ER: Fix AP entry freeing on timeout
Must unlink the entry first before trying to remove it to avoid
leaving behind pointers to freed memory.
2009-11-21 12:12:49 +02:00
Jouni Malinen
b3f371cabf WPS ER: Refresh ER data on WPS_ER_START when already started
This sends out the AP and Enrollee notifications for all tracked
devices and generates a new SSDP search to find more APs.
2009-11-20 21:57:30 +02:00
Jouni Malinen
7c009db2a6 WPS ER: Fix Enrollee entry freeing on timeout
Must unlink the entry first before trying to remove it to avoid
leaving behind pointers to freed memory.
2009-11-20 21:56:39 +02:00
Jouni Malinen
a3c6598fcd Add 'none' driver as an option for wpa_supplicant
This can be used, e.g., with WPS ER when no network interface is
actually used for IEEE 802.1X or wireless operations.
2009-11-20 21:12:49 +02:00
Jouni Malinen
4bdd556886 WPS: Fix MAC Address inside Credential be that of Enrollee's
The WPS 1.0h specification is quite unclear on what exactly should be
used as the MAC Address value in the Credential and AP Settings. It
looks like this should after all be the MAC Address of the Enrollee,
so change Registrar implementation to use that address instead of the
AP BSSID.

In addition, add validation code to the Enrollee implementation to
check the MAC Address value inside Credential (and also inside AP Settings)
to make sure it matches with the Enrollee's own address. However, since
there are deployed implementations that do not follow this interpretation
of the spec, only show the mismatch in debug information to avoid breaking
interoperability with existing devices.
2009-11-19 00:31:57 +02:00
Jouni Malinen
62fa124ce2 nl80211/SME: Use reassociation when roaming within the ESS 2009-11-17 19:25:05 +02:00
Jouni Malinen
33417cd75c WPS ER: Clear WPS protocol run on PutMessage failure 2009-11-15 22:56:39 +02:00
Jouni Malinen
2c073ad43d WPS ER: Deinit WPS protocol data when freeing AP entry 2009-11-15 22:53:10 +02:00
Jouni Malinen
cef4652f2c WPS ER: Use learnt AP settings to build credentials for an Enrollee 2009-11-15 22:46:30 +02:00
Jouni Malinen
e64dcfd54b WPS ER: Add command for fetching current AP settings 2009-11-15 22:27:06 +02:00
Jouni Malinen
82b857ec0b WPS: Determine the OpCode based on message type attribute (UPnP)
This allows WSC_ACK and WSC_NACK to be processed correctly in the AP
when operating as an Enrollee with an ER over UPnP transport.
2009-11-15 22:23:49 +02:00
Jouni Malinen
f6d23cfd9e WPS ER: Do not try to process AP Settings in proxied M7 to ER
In this case, the Enrollee is not an AP, so do not try to process
AP Settings in M7.
2009-11-15 18:54:37 +02:00
Jouni Malinen
564cd7fa2c WPS ER: Add preliminary PBC support
This will need some additional code in wps_er_pbc() to handle PBC mode
enabling for a single AP only. For now, this can only be expected to work
when the ER is connected to a single AP.
2009-11-15 18:46:03 +02:00
Jouni Malinen
5d34ab644d WPS ER: Only send Enrollee notification on Probe Request and M1
No need to do this for M3..M7 or NACK/ACK/Done messages.
2009-11-15 18:29:19 +02:00
Jouni Malinen
b78bc3a37e WPS ER: Add ctrl_iface notifications for AP/Enrollee add/remove 2009-11-15 12:07:27 +02:00
Jouni Malinen
462adee5fe WPS ER: Store AP UUID in binary format for future use 2009-11-15 11:07:20 +02:00
Jouni Malinen
fcac668faa WPS: Use a dummy WSC_ACK as WLANEvent as the initial event if needed
UPnP device architecture specification requires all evented variables to
be included in the initial event message after subscription. Since this
can happen before we have seen any events, generated a dummy event
(WSC_ACK with all-zeros nonces) if needed.
2009-11-15 01:11:28 +02:00
Jouni Malinen
44577e4c2e WPS: Send SSDP byebye notifications when stopping UPnP advertisements
This will notify control points of the services going away and allows
them to notice this without having to wait timeout on the
initial advertisements.
2009-11-15 00:46:58 +02:00
Jouni Malinen
d806a5588e WPS: Remove derivation of management keys
MgmtAuthKey and MgmtEncKey were not used for anything and are unlikely
to ever be used, so better remove the code to reduce binary size.
2009-11-14 14:18:15 +02:00
Jouni Malinen
00785aba71 WPS: Remove unused WFA WLANConfig Service actions
This removes following WFA WLANConfig Service actions and the related
state variables: GetAPSettings, SetAPSettings, DelAPSettings,
GetSTASettings, SetSTASettings, DelSTASettings, RebootAP,
ResetAP, RebootSTA, ResetSTA.

While WFA WLANConfig Service version 1.0 claims that some of these are
mandatory to implement for an AP, there are no known implementations
supporting these actions neither in an AP/proxy or an External Registrar
that would use them. These are unlikely to be supported in the future
either and as such, it is just simpler to get rid of them to clean up
the implementation and reduce code size.
2009-11-14 14:08:58 +02:00
Jouni Malinen
7ec2e26ddf WPS ER: Fix Op-Code for WSC_{ACK,NACK,Done}
When using UPnP transport, the Op-Code is not included, but the WPS
frame processing will need this. Generate a matching Op-Code based
on the message type.
2009-11-13 22:40:27 +02:00
Jouni Malinen
ed835e539b WPS: Fix AP to proxy WSC_NACK to ER 2009-11-13 22:40:07 +02:00
Jouni Malinen
04f5d74077 WPS: Fix OpCode when proxying WSC_ACK or WSC_NACK from ER
Previously, WSC_MSG was hardcoded for every message from ER, but
this needs to be changed based on message type to send a valid
message to the Enrollee via EAP transport.
2009-11-13 22:29:31 +02:00
Jouni Malinen
72df2f5fc6 WPS ER: Add PIN configuration and SetSelectedRegistrar call
New PINs can now be added to WPS ER. This results in the ER code
using SetSelectedRegistrar to modify AP state so that Enrollees
will be able to notice the actice registrar more easily.
2009-11-13 22:07:11 +02:00
Jouni Malinen
d64d9ddf6c WPS: Fix http_link_update() to nul terminate the result 2009-11-13 22:05:11 +02:00
Jouni Malinen
ecc6d04b89 WPS ER: Add PutWLANResponse generation and transmission
This allows the M2D message to be transmitted as a response to the
Enrollee via the proxying AP.
2009-11-12 01:24:50 +02:00
Jouni Malinen
b345031997 WPS ER: Add STA/Enrollee entries and start processing EAP messages
This keeps STA/Enrollee entries up to date and sets up registration
protocol session. M1 is processed and M2D generated, but the there
is no code yet to transmit the response back to the AP with
PutWLANResponse.
2009-11-11 23:50:17 +02:00
Felix Fietkau
6980c19127 hostapd: fix AP mode initialization for nl80211
Always bring down the wlan interface, even when not changing the
BSSID, the interface also needs to be down for changing its type
from managed to AP mode.
2009-11-11 16:47:01 +02:00
Jouni Malinen
dc6d9ac250 WPS ER: Parse WLANEvent notifications and send HTTP response
The receive Probe Request and EAP-WSC notifications are now parsed
(including the TLVs in them) and contents is shown in the debug log.
Actual processing of the received information is still missing (TODO
comments indicate the needed functionality).
2009-11-11 00:23:22 +02:00
Jouni Malinen
feae037c25 driver_prism54: Use os_zalloc instead of malloc to clear memory
This will make sure the full buffer is initialized even if some
fields were not explicitly set.
2009-11-10 17:08:33 +02:00
Jouni Malinen
6689218ec7 Fix comparison to use correct symbol name (__rand vs. rand)
rand would be the address of rand() function and never NULL. The previous
version could have crashed on invalid AKA-AUTS command. Though, these
commands are only from hostapd which sends valid requests and as such,
the actual issue did not show up.
2009-11-10 16:51:59 +02:00
Jouni Malinen
69856fadf7 Add wpa_msg_ctrl() for ctrl_interface-only messages
This is like wpa_msg(), but the output is directed only to
ctrl_interface listeners. In other words, the output will not be
shown on stdout or in syslog.

Change scan result reporting to use wpa_msg_ctrl() for
CTRL-EVENT-SCAN-RESULTS message at info level and wpa_printf() at
debug level to avoid showing scan result events in syslog in the
common configuration used with NetworkManager.
2009-11-10 15:59:41 +02:00
Jouni Malinen
efa6481438 WPS: Fixed printf size_t warning on 32-bit builds 2009-11-10 11:30:11 +02:00
Jouni Malinen
097c7b3723 WPS ER: Subscribe to UPnP events
This adds code to start a HTTP server and to subscribe to UPnP events
from each discovered WPS AP. The event messages are received, but there
is not yet any code to actually parse the contents of the event.
2009-11-09 20:01:50 +02:00
Jouni Malinen
875a4e5936 WPS: Read HTTP request within HTTP server code
This removes HTTP related code from wps_upnp_web.c and makes it easier
to use HTTP server functionality for new uses (e.g., WPS ER).
2009-11-08 22:33:34 +02:00
Jouni Malinen
b905c4a398 WPS: Add HTTP server module
Clean up code so that UPnP implementation does not need to include all
the HTTP functionality. In addition, make it easier to share HTTP server
functionality with other components in the future.
2009-11-08 17:26:55 +02:00
Jouni Malinen
585774f28a WPS ER: Fetch and parse device description 2009-11-08 16:46:03 +02:00
Jouni Malinen
0b40d03394 WPS: Move generic UPnP XML helper functionality into a separate file 2009-11-08 14:06:01 +02:00
Jouni Malinen
092794f480 WPS: Add HTTP client module to clean up code
Instead of implementing HTTP client functionality inside
wps_upnp_event.c, use a generic HTTP client module to do this. The HTTP
client code can now be shared more easily for other purposes, too.
2009-11-08 12:35:37 +02:00
Jouni Malinen
b02ee4a228 WPS: Mark functions static
These functions are used only within wps_upnp_event.c.
2009-11-07 17:04:19 +02:00
Jouni Malinen
e9bcfebfce WPS: Add initial part of External Registrar functionality
This is the first step in adding support for using wpa_supplicant as a
WPS External Registrar to manage APs over UPnP. Only the device
discovery part is implemented in this commit.
2009-11-07 12:41:01 +02:00
Jouni Malinen
08eb154db5 Fix MCS set field to be based on driver info
Instead of using hardcoded Rx MCS bitmask (indexes 0..15 enabled),
use the real information from the driver capabilities.
2009-11-05 12:38:47 +02:00
Jouni Malinen
5a641ae01e Use type-punning to avoid breaking strict aliasing rules
While the actual use here would be unlikely to be broken by any C
optimization, it is better to use explicit union construction to let
gcc know about the aliasing and avoid warnings from gcc 4.4.
2009-11-05 12:11:49 +02:00
Jouni Malinen
0ae7b08691 Work around some gcc 4.4 strict-aliasing warnings
gcc 4.4 ends up generating strict-aliasing warnings about some very common
networking socket uses that do not really result in a real problem and
cannot be easily avoided with union-based type-punning due to struct
definitions including another struct in system header files. To avoid having
to fully disable strict-aliasing warnings, provide a mechanism to hide the
typecast from aliasing for now. A cleaner solution will hopefully be found
in the future to handle these cases.
2009-11-04 19:49:14 +02:00
Jouni Malinen
eb999fefcb Add Xcode project file for building wpa_supplicant 2009-11-02 19:37:46 +02:00
Andriy Tkachuk
72ffc08242 WPS: SelectedRegistrar expiration for internal PIN registrar
Though we have such a timeout when handling SetSelectedRegistrar UPnP
message from an external registrar, it looks like we don't have one when
the internal registrar is activated for PIN connection. Thus we set the
SelectedRegistrar flag when AP is activated for PIN connection but we
never reset it - not by some timeout, nor when registration succeeds.
This lead to situations where AP everlastingly declare that it is
activated for WPS PIN connection when in reality it is not.

Use the same timeout (and also success with PIN) to clear the selected
registrar flag when using internal registrar, too.
2009-11-01 22:19:02 +02:00
Jouni Malinen
2e71444516 WPS: Abort ongoing PBC protocol run if session overlap is detected
If PBC session overlap is detected during an ongoing PBC protocol run,
reject the run (if M8, i.e., credentials, have not yet been sent). This
provides a bit longer monitoring time at the Registrar for PBC mode to
catch some cases where two Enrollees in PBC mode try to enroll
credentials at about the same time.
2009-11-01 21:59:30 +02:00
Oleg Kravtsov
63330c6832 WPS: Add PBC overlap and timeout events from WPS module
This provides information about PBC mode result from the WPS Registrar
module. This could be used, e.g., to provide a user notification on the
AP UI on PBC failures.
2009-11-01 21:26:13 +02:00
Jouni Malinen
7e3a67514f WPS: Use Config Error 12 to indicate PBC overlap in M2D
If PBC session overlap is detected between button press on the registrar
and M1 is reception, report session overlap with the Config Error
attribute in M2D to the Enrollee.
2009-11-01 20:57:36 +02:00
Jouni Malinen
e5fc45d7ae Fix dbus build without EAP 2009-10-22 11:11:53 -07:00
Jouni Malinen
08d38568df Move shared MD5/SHA-1 internal definitions into header files 2009-10-17 12:55:12 +03:00
Jouni Malinen
1e8c857abe Move shared DES definitions into a header file 2009-10-17 12:53:27 +03:00
Jouni Malinen
f1739bac4f Move PKCS# {1,5,8} functionality into separate files
This functionality fits better with src/tls (i.e., internal TLS
implementation), so move it there to make crypto_internal.c more
of a wrapper like other crypto_*.c files.
2009-10-17 12:48:55 +03:00
Jouni Malinen
3af9f2983c TLS: Replace set_key helpers to return key instead of status code
The status code was not being used anyway, so it is simpler to
just return the key as is done in crypto functions.
2009-10-17 12:15:46 +03:00
Jouni Malinen
3f4ed97a70 Add support for PKCS #5 encrypted PKCS #8 keys with internal crypto
Private keys can now be used in either unencrypted or encrypted
PKCS #8 encoding. Only the pbeWithMD5AndDES-CBC algorithm (PKCS #5)
is currently supported.
2009-10-17 12:06:36 +03:00
Jouni Malinen
506b45ed22 Add DES-CBC support into internal crypto implementation 2009-10-17 12:05:06 +03:00
Jouni Malinen
8ef74414fc Internal TLS: Add support for unencrypred PKCS#8 private keys in PEM
Recognize the PEM header "BEGIN PRIVATE KEY" as base64-decode the data
to be able to use PEM encoded, unencrypted PKCS#8 private keys with the
internal TLS implementation. Previously, only DER encoding of the
PKCS#8 private key was supported.
2009-10-16 22:00:45 +03:00
Jouni Malinen
43fb529750 Add AP mode WPA status into ctrl_iface 2009-10-16 18:35:45 +03:00
Jouni Malinen
20bd9547a1 Add ctrl_iface events for AP mode STA connect/disconnect
These are used to notify ctrl_iface monitors when a STA completes
connection (the port becomes authorized) and when a STA disconnects.
2009-10-16 17:51:49 +03:00
Jouni Malinen
278da1b52a openssl: Allow build with OpenSSL 0.9.7
OpenSSL 0.9.7 does not include get_rfc3526_prime_1536() function, so
provide that functionality internally if needed. In addition, make
sha256_vector() building depend on whether SHA256 support is included
in the OpenSSL library. This with CONFIG_INTERNAL_SHA256=y in .config
allows OpenSSL without SHA256 support to be used.
2009-10-16 15:57:17 +03:00
Jouni Malinen
d8130bdf13 openssl: Mark openssl_digest_vector() static 2009-10-16 15:54:52 +03:00
Masashi Honma
9b336bcef0 DragonFly BSD: Fix driver_bsd.c build
Both hostapd/wpa_supplicant compilation fails on DragonFly BSD.

This patch solves this issue.

I have tested only compilation. Not functionality.
Because I don't have any device which can work on DragonFly BSD.
2009-10-12 09:56:57 +03:00
Jouni Malinen
6d6f4bb87f nl80211: Work around mac80211 limitation on (re)auth when authenticated
mac80211 does not currently allow (re)authentication when we are already
authenticated. In order to work around this, force deauthentication if
nl80211 authentication command fails with EALREADY. Unfortunately, the
workaround code in driver_nl80211.c alone is not enough since the
following disconnection event would clear wpa_supplicant authentication
state. To handle this, add some code to restore authentication state
when using userspace SME.

This workaround will hopefully become unnecessary in some point should
mac80211 start accepting new authentication requests even when in
authenticated state.
2009-10-12 09:39:55 +03:00
Jouni Malinen
34c9910dc7 Fix EAP-AKA server build without EAP-SIM 2009-10-11 22:23:05 +03:00
Jouni Malinen
38b462868c Clean up crypto makefile segments
Reorganize the TLS/crypto library segments into a single set of blocks
for each library instead of multiple locations handling library-specific
operations. Group crypto functionality together and get wpa_supplicant
and hostapd Makefile closer to eachother in order to make it easier to
eventually move this into a shared makefile.
2009-10-11 22:04:29 +03:00
Jouni Malinen
f042122a57 Allow the internal DH implementation to be overridden
Crypto library wrappers can now override the internal DH (group 5)
implementation. As a starting point, this is done with OpenSSL. The
new mechanism is currently available only for WPS (i.e., IKEv2 still
depends on the internal DH implementation).
2009-10-11 19:17:22 +03:00