DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests1 Projects Releases Packages Wiki Activity Actions

Compare commits

...
Sign in to create a new pull request.

91 commits
main ... openwrt-ve

Author SHA1 Message Date
sinavir
d8391401a1
openwrt: Add additional files 2025-02-11 11:39:33 +01:00
Mark Mentovai
fd63cf1558
hostapd: allow hostapd under ujail to communicate with hostapd_cli 
When procd-ujail is available, 1f78538 runs hostapd as user
"network", with only limited additional capabilities (CAP_NET_ADMIN and
CAP_NET_RAW).

hostapd_cli (CONFIG_PACKAGE_hostapd-utils) communicates with hostapd
over a named UNIX-domain socket. hostapd_cli is responsible for creating
this socket at /tmp/wpa_ctrl_$pid_$counter. Since it typically runs as
root, this endpoint is normally created with uid root, gid root, mode
0755. As a result, hostapd running as uid network is able to receive
control messages sent through this interface, but is not able to respond
to them. If debug-level logging is enabled (CONFIG_WPA_MSG_MIN_PRIORITY
<= 2 at build, and log_level <= 2 in /etc/config/wireless wifi-device),
this message will appear from hostapd:

CTRL: sendto failed: Permission denied

As a fix, hostapd_cli should create the socket node in the filesystem
with uid network, gid network, mode 0770. This borrows the presently
Android-only strategy already in hostapd intended to solve the same
problem on Android.

If procd-ujail is not available and hostapd falls back to running as
root, it will still be able to read from and write to the socket even if
the node in the filesystem has been restricted to the network user and
group. This matches the logic in
package/network/services/hostapd/files/wpad.init, which sets the uid and
gid of /var/run/hostapd to network regardless of whether procd-ujail is
available.

As it appears that the "network" user and group are statically allocated
uid 101 and gid 101, respectively, per
package/base-files/files/etc/passwd and USERID in
package/network/services/hostapd/Makefile, this patch also uses a
constant 101 for the uid and gid.
 2025-02-11 11:39:33 +01:00
Felix Fietkau
b971bbb6f4
hostapd: initial prototype of an ubus binding 
Supports listing, removing and banning clients, and hooking into
probe/assoc/auth requests via object subscribe.
 2025-02-11 11:39:33 +01:00
David Bauer
cce2ed0f0f
hostapd: add OpenWrt specific statistic counters 
This adds a new struct for storing statistics not (yet) tracked by
hostapd regarding RRM and WNM activity.

These statistics can be read using the get_status hostapd interface ubus
method.
 2025-02-11 11:39:33 +01:00
Felix Fietkau
1d6e53a569
hostapd: implement fallback for incomplete survey data 2025-02-11 11:39:33 +01:00
David Bauer
f9d49d7408
hostapd: config: support random BSS color 
Configure the HE BSS color to a random value in case the config defines
a BSS color which exceeds the max BSS color (63).

Signed-off-by: David Bauer <mail@david-bauer.net>
 2025-02-11 11:39:33 +01:00
Felix Fietkau
d6138a763b
Fix issues with disabling obss scan when using fixed_freq on mesh 2025-02-11 11:39:33 +01:00
Sven Eckelmann
f0491d0512
set mcast_rate in mesh mode 
The wpa_supplicant code for IBSS allows to set the mcast rate. It is
recommended to increase this value from 1 or 6 Mbit/s to something higher
when using a mesh protocol on top which uses the multicast packet loss as
indicator for the link quality.

This setting was unfortunately not applied for mesh mode. But it would be
beneficial when wpa_supplicant would behave similar to IBSS mode and set
this argument during mesh join like authsae already does. At least it is
helpful for companies/projects which are currently switching to 802.11s
(without mesh_fwding and with mesh_ttl set to 1) as replacement for IBSS
because newer drivers seem to support 802.11s but not IBSS anymore.

Signed-off-by: Sven Eckelmann <sven.eckelmann@openmesh.com>
Tested-by: Simon Wunderlich <simon.wunderlich@openmesh.com>
 2025-02-11 11:39:33 +01:00
Antonio Quartulli
f8778360f8
wpa_supplicant: add new config params to be used with the ibss join command 
Signed-hostap: Antonio Quartulli <ordex@autistici.org>
 2025-02-11 11:39:33 +01:00
Felix Fietkau
8580056c28
hostapd: add configurable debug message minimum priority to cut down on bloat generated by excessive debug messages 2025-02-11 11:39:33 +01:00
Felix Fietkau
710e402cd3
hostapd: only advertise a single encryption type via WPS if multiple are supported 
Fixes windows 7 interop issues
 2025-02-11 11:39:33 +01:00
Denton Gentry
10bbad15ac
hostapd: make cli treat UNKNOWN COMMAND as failing 
Avoid infinite loop at 100% CPU when running hostapd_cli
if CONFIG_CTRL_IFACE_MIB is not defined.

  _newselect(4, [3], NULL, NULL, ...)
  recvfrom(3, "UNKNOWN COMMAND\n", 4095, 0, NULL, NULL) = 16
  sendto(3, "STA-NEXT UNKNOWN COMMAND", 24, 0, NULL, 0) = 24
 2025-02-11 11:39:33 +01:00
Felix Fietkau
dd29de8196
nl80211_del_beacon_bss.patch 2025-02-11 11:39:33 +01:00
Felix Fietkau
6d0258017a
wpa_supplicant: fix calling channel switch via wpa_cli on mesh interfaces 2025-02-11 11:39:33 +01:00
Felix Fietkau
1fbdd1c913
nl80211_fix_set_freq.patch 2025-02-11 11:39:33 +01:00
Felix Fietkau
9845c4d778
hostapd: make rfkill support optional 2025-02-11 11:39:33 +01:00
Felix Fietkau
65696cd9d7
rescan_immediately.patch 2025-02-11 11:39:33 +01:00
Daniel Golle
9f19475170
Allow HT40 also on 2.4GHz if noscan option is set, which also skips secondary channel scan just like noscan works in AP mode. 2025-02-11 11:39:33 +01:00
Felix Fietkau
498f318216
Add noscan, no_ht_coex config options 2025-02-11 11:39:33 +01:00
Felix Fietkau
fbd403ac84
Remove some unnecessary control interface functionality 2025-02-11 11:39:33 +01:00
Felix Fietkau
61164db8f3
hostapd: always include p2p options in wpa_cli 2025-02-11 11:39:33 +01:00
Felix Fietkau
da9d6738e1
hostapd: support wps in hostapd_cli even when built from the mini variant 2025-02-11 11:39:33 +01:00
Jo-Philipp Wich
efb493a087
hostapd: support optional argument for the -v switch of hostapd and wpa_supplicant to query build features, e.g. hostapd -veap to test whether 802.11i support is compiled in 2025-02-11 11:39:32 +01:00
Leon M. George
f25d79b410
hostapd: declare struct wpa_bss early 
wps_supplicant.h assumes that 'struct wpa_bss' is forward declared if
CONFIG_WPS is not defined.  With the later inclusion of
600-ubus_support, the issue manifests in warnings like these:

wps_supplicant.h:113:15: warning: 'struct wpa_bss' declared inside parameter list will not be visible outside of this definition or declaration
        struct wpa_bss *bss)
               ^~~~~~~
This patch forward declares 'struct wpa_bss' regardless.
 2025-02-11 11:39:32 +01:00
Eneas U de Queiroz
daadbcc258
Move definition of WLAN_SUPP_RATES_MAX to defs.h 
Patch 460-wpa_supplicant-add-new-config-params-to-be-used-with.patch
("wpa_supplicant: add new config params to be used with the ibss join
command") adds the definition of unsigned char
rates[WLAN_SUPP_RATES_MAX] to driver.h, which needs to have
WLAN_SUPP_RATES_MAX defined.  So it includes sta_info.h to get the
definition.

Commit c74739250a ("AP MLD: Use a helper function to check if a STA is a
non-AP MLD") makes sta_info.h include driver.h before
it defines WLAN_SUPP_RATES_MAX, causing an error:

src/drivers/driver.h:969:29: error: 'WLAN_SUPP_RATES_MAX' undeclared here (not in a function)

Move the definition of WLAN_SUPP_RATES_MAX to defs.h to ensure it gets
defined before other headers are included.  The inclusion of sta_info.h
in driver.h can be reverted as well.

Signed-off-by: Eneas U de Queiroz <cotequeiroz@gmail.com>
 2025-02-11 11:39:32 +01:00
David Bauer
7840cec664
ctrl: make WNM_AP functions dependant on CONFIG_AP 
This fixes linking errors found when compiling wpa_supplicant with
CONFIG_WNM_AP enabled but CONFIG_AP disabled.

Signed-off-by: David Bauer <mail@david-bauer.net>
 2025-02-11 11:39:32 +01:00
Felix Fietkau
642f727edc
hostapd: build with LTO enabled (using jobserver for parallel build) 2025-02-11 11:39:32 +01:00
Felix Fietkau
433ed95af3
Add option to build a multicall binary 
This allows building both hostapd and wpa_supplicant as a single binary
(wpad).
 2025-02-11 11:39:32 +01:00
sinavir
500ceaeb52
openwrt-patch: fix_owe_ssid_update 2025-02-11 11:39:32 +01:00
P Praneesh
182f84d634
hostapd: update cfs0 and cfs1 for 160MHz 
As per standard Draft P802.11ax_D8.0,( Table 26-9—Setting
of the VHT Channel Width and VHT NSS at an HE STA
transmitting the OM Control subfield ), center frequency of
160MHz should be published in HT information subset 2 of
HT information when EXT NSS BW field is enabled.

If the supported number of NSS in 160MHz is at least max NSS
support, then center_freq_seg0 indicates the center frequency of 80MHz and
center_freq_seg1 indicates the center frequency of 160MHz.

If the supported number of NSS in 160MHz is less than max NSS
support, then center_freq_seg0 indicates the center frequency of 80MHz and
center_freq_seg1 is 0. The center frequency of 160MHz is published in HT
operation information element instead.

Signed-off-by: P Praneesh <ppranees@codeaurora.org>
 2025-02-11 11:39:32 +01:00
Glenn Strauss
c82091cbaa
dpp_pkex: EC point mul w/ value < prime 
crypto_ec_point_mul() with mbedtls requires point
be multiplied by a multiplicand with value < prime

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2025-02-11 11:39:32 +01:00
Glenn Strauss
687ef821ce
add NULL checks (encountered during tests/hwsim) 
sae_derive_commit_element_ecc NULL pwe_ecc check
dpp_gen_keypair() NULL curve check

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2025-02-11 11:39:32 +01:00
Glenn Strauss
41cdd916ba
tests/Makefile make run-tests with CONFIG_TLS=... 
add test-crypto_module.c to run crypto_module_tests()

adjust some tests/hwsim/*.py for mbed TLS (work in progress)

option to build and run-tests with CONFIG_TLS=internal # (default)
$ cd tests; make clean
$ make run-tests

option to build and run-tests with CONFIG_TLS=gnutls
$ cd tests; make clean CONFIG_TLS=gnutls
$ make run-tests CONFIG_TLS=gnutls

option to build and run-tests with CONFIG_TLS=mbedtls
$ cd tests; make clean CONFIG_TLS=mbedtls
$ make run-tests CONFIG_TLS=mbedtls

option to build and run-tests with CONFIG_TLS=openssl
$ cd tests; make clean CONFIG_TLS=openssl
$ make run-tests CONFIG_TLS=openssl

option to build and run-tests with CONFIG_TLS=wolfssl
$ cd tests; make clean CONFIG_TLS=wolfssl
$ make run-tests CONFIG_TLS=wolfssl

RFE: Makefile logic for crypto objects should be centralized
     instead of being duplicated in hostapd/Makefile,
     wpa_supplicant/Makefile, src/crypto/Makefile,
     tests/Makefile, ...

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2025-02-11 11:39:32 +01:00
David Bauer
09d6720d6d
hostapd: fix OWE association with mbedtls 
The code for hostapd-mbedtls did not work when used for OWE association.

When handling association requests, the buffer offsets and length
assumptions were incorrect, leading to never calculating the y point,
thus denying association.

Also when crafting the association response, the buffer contained the
trailing key-type.

Fix up both issues to adhere to the specification and make
hostapd-mbedtls work with the OWE security type.
 2025-02-11 11:39:32 +01:00
Glenn Strauss
da1c0bb385
mbedtls: annotate with TEST_FAIL() for hwsim tests 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2025-02-11 11:39:32 +01:00
Glenn Strauss
557108f5f0
mbedtls: fips186_2_prf() 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2025-02-11 11:39:32 +01:00
Glenn Strauss
ea571b808c
mbedtls: TLS/crypto option (initial port) 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2025-02-11 11:39:32 +01:00
Felix Fietkau
772b9986a1
AP: add missing null pointer check in hostapd_free_hapd_data 
When called from wpa_supplicant, iface->interfaces can be NULL

Signed-off-by: Felix Fietkau <nbd@nbd.name>
 2025-02-11 11:39:32 +01:00
David Bauer
f2302cddf2
nl80211: add extra-ies only if allowed by driver 
Upgrading wpa_supplicant from 2.9 to 2.10 breaks broadcom-wl
based adapters. The reason for it is hostapd tries to install additional
IEs for scanning while the driver does not support this.

The kernel indicates the maximum number of bytes for additional scan IEs
using the NL80211_ATTR_MAX_SCAN_IE_LEN attribute. Save this value and
only add additional scan IEs in case the driver can accommodate these
additional IEs.

Reported-by: Étienne Morice <neon.emorice@mail.com>
Tested-by: Étienne Morice <neon.emorice@mail.com>
Signed-off-by: David Bauer <mail@david-bauer.net>
 2025-02-11 11:39:32 +01:00
Stijn Tintel
0c5dcf5fe4
Revert "Do prune_association only after the STA is authorized" 
Commit e978072baa ("Do prune_association only after the STA is
authorized") causes issues when an STA roams from one interface to
another interface on the same PHY. The mt7915 driver is not able to
handle this properly. While the commits fixes a DoS, there are other
devices and drivers with the same limitation, so revert to the orginal
behavior for now, until we have a better solution in place.

Ref: https://github.com/openwrt/openwrt/issues/13156
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
 2025-02-11 11:39:32 +01:00
Felix Fietkau
125fb92ea5
fix adding back stations after a missed deauth/disassoc 2025-02-11 11:39:32 +01:00
Markus Theil
72573cdb95
mesh: use deterministic channel on channel switch 
This patch uses a deterministic channel on DFS channel switch
in mesh networks. Otherwise, when switching to a usable but not
available channel, no CSA can be sent and a random channel is choosen
without notification of other nodes. It is then quite likely, that
the mesh network gets disconnected.

Fix this by using a deterministic number, based on the sha256 hash
of the mesh ID, in order to use at least a different number in each
mesh network.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
 2025-02-11 11:39:32 +01:00
Peter Oh
945aea6ff0
mesh: Allow DFS channels to be selected if dfs is enabled 
Note: DFS is assumed to be usable if a country code has been set

Signed-off-by: Benjamin Berg <benjamin@sipsolutions.net>
Signed-off-by: Peter Oh <peter.oh@bowerswilkins.com>
 2025-02-11 11:39:32 +01:00
sinavir
ba99627140
openwrt: add aditional source files 2025-02-11 11:39:32 +01:00
Jouni Malinen
5ace39b0a4 tests: D-Bus interface for NAN USD 
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 2024-09-15 12:33:50 +03:00
Lo,Chin-Ran
85cd98976d dbus: Methods for NAN USD 
USD had a control interface commands and events defined for it. Extend
this by providing similar USD methods through the dbus control
interface.

Signed-off-by: Lo,Chin-Ran <chin-ran.lo@nxp.com>
 2024-09-15 12:33:46 +03:00
Lo,Chin-Ran
dcf58aec8d dbus: Signals for NAN USD 
USD had a control interface events defined for it. Extend this by
providing similar USD signals through the dbus control interface.

Signed-off-by: Lo,Chin-Ran <chin-ran.lo@nxp.com>
 2024-09-15 11:59:54 +03:00
Jouni Malinen
d2408e3032 dbus: Dict helpers for fetching integers of any type 
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 2024-09-15 11:59:54 +03:00
Jouni Malinen
fd1a149d91 NAN: Fix UpdatePublish offload to driver 
This was supposed to call wpa_drv_nan_update_publish() instead of
wpa_drv_nan_cancel_publish().

Fixes: 633e969311 ("NAN: Option to offload NAN DE for USD into the driver")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 2024-09-14 14:12:46 +03:00
Jouni Malinen
b3bd49f3c0 NAN: Handle A3 copying internally to simplify control interface 
There is no need to copy the A3 value for follow-up frames through the
control interface events and commands since it can be handled internally
in the service with sufficient accuracy. More parallel operations with
multiple peers might need per-peer information, but that can be extended
in the future, if that level of complexity is really needed in practice.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 2024-09-14 13:06:03 +03:00
Jouni Malinen
650d1ab600 Revert "tests: Copy A3 into NAN SDF Follow-up" 
This reverts commit 81322fa43d ("tests: Copy A3 into NAN SDF
Follow-up") to allow simplification of the control interface by removing
the external A3 copying.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 2024-09-14 13:06:03 +03:00
Jouni Malinen
81322fa43d tests: Copy A3 into NAN SDF Follow-up 
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 2024-09-13 22:11:54 +03:00
Jouni Malinen
fbbc9cb9e2 NAN: Update A3 for USD to use NAN Network ID or NAN Cluster ID in A3 
Wi-Fi Aware spec v4.0 was not clear on all cases and used a bit unclear
definition of A3 use in Table 5 (Address field definiton for NAN SDF
frames in USD). That resulted in the initial implementation using
Wildcard BSSID to comply with the IEEE 802.11 rules on Public Action
frame addressing.

For USD to have chances of working with synchronized NNA devices, A3
needs to be set to the NAN Cluster ID when replying to a frame received
from a synchronized NAN device. While there is no cluster ID for USD,
this can be done by copying the A3 from the received frame. For the
cases where sending out an unsolicited multicast frame, the NAN Network
ID should be used instead of the Wildcard BSSID.

While this behavior is not strictly speaking compliant with the IEEE
802.11 standard, this is the expected behavior for NAN devices, so
update the USD implementation to match.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 2024-09-13 22:11:54 +03:00
Jouni Malinen
e0496580a4 hostapd: Add drv_send_action variant for forcing A3 
This is needed for cases that are not compliant with the IEEE 802.11
standard rules for Public Action frame addressing. For example, NAN USD
needs this.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 2024-09-13 22:11:54 +03:00
Jouni Malinen
83f9dcbb35 NAN: Process received NAN SDFs with NAN Network ID in A3 on AP 
hostapd did not accept NAN SDFs that used NAN Network ID instead of
Wildcard BSSID in A3. Extend this to process NAN Network ID just like
Wildcard BSSID for these frames to allow the specific group address to
be used.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 2024-09-13 22:08:15 +03:00
Jouni Malinen
ccba6921de SAE: Recognize Basic MLE in Authentication frames even without H2E 
IEEE P802.11be requires H2E to be used whenever SAE is used for ML
association. However, some early Wi-Fi 7 APs enable MLO without H2E.
Recognize this special case based on the fixed length Basic Multi-Link
element being at the end of the data that would contain the unknown
variable length Anti-Clogging Token field. The Basic Multi-Link element
in Authentication frames include the MLD MAC addreess in the Common Info
field and all subfields of the Presence Bitmap subfield of the
Multi-Link Control field of the element zero and consequently, has a
fixed length of 12 octets.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 2024-09-13 03:30:58 +03:00
Jouni Malinen
c97168f58a FT: Discard EAPOL-Start frames when FT was used for association 
When FT is used, reauthentication to generate a new PMK-R0 would be
complicated since the current AP might not be the one with which the
currently used PMK-R0 was generated. IEEE Std 802.11-2020, 13.4.2 (FT
initial mobility domain association in an RSN) mandates STA to perform a
new FT initial mobility domain association whenever its Supplicant would
trigger sending of an EAPOL-Start frame.

Discard received EAPOL-Start frames from STAs that use FT to avoid
unexpected behavior. This is important in particular if a driver were to
allow unprotected EAPOL-Start frames to be processed when TK has been
configured.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 2024-09-12 22:26:24 +03:00
Shivani Baranwal
f543599156 nl80211: Remove nl_msg free on send failure for NAN USD commands 
Remove nl_msg_free() after send failure for NAN USD commands. Freeing
the nl_msg is already taken care as part of send_and_recv_cmd() for both
success and failure cases.

Fixes: 58f04221fd ("nl80211: NAN USD commands for offloading")
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-12 21:39:08 +03:00
Jouni Malinen
8e9cfbf602 PASN: Fix pasn-resp fuzzing tester build 
The recently added calls to src/ap/pmksa_cache_auth.c needs to be faked
to allow pasn-resp to be built without having to pull in multiple
additional files from src/ap.

Fixes: b7de417c8a ("PASN: Define PMKSA helper functions for initiator and responder")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 2024-09-12 21:33:30 +03:00
Jouni Malinen
c402848c50 PASN: Fix fuzzing tester compilation after function prototype change 
Addition of the new argument to handle_auth_pasn_1() forgot to update
testing code.

Fixes: 8f21cdf9d7 ("PASN: Add support to reject PASN auth 1 based on user input")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 2024-09-12 21:26:03 +03:00
Shivani Baranwal
61960e6c6b P2P2: Add alternative PASN RX handler 
This is needed for P2P2 pairing using PASN. The actual processing will
be covered in separate commits.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-12 02:58:32 +03:00
Jouni Malinen
7d13410a82 SAE: Mark the groups argument to sae_derive_pt() const 
This makes it clearer that the list of groups is not going to be
modified.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 2024-09-12 02:58:32 +03:00
Shivani Baranwal
9edd8b441e nl80211: Fix conditional checks of nlmsg attributes for NAN publish 
Some of the cleanup changes had lost the "goto fail" and broken the
logic. Restore correct behavior.

Fixes: 58f04221fd ("nl80211: NAN USD commands for offloading")
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-12 02:58:32 +03:00
Veerendranath Jakkam
204ebcce3e wlantest: Adjust kdk_len according to RSNX capability for FT roaming cases 
This is needed to derive the PTK correct when Secure LTF support is used
and the additional KDK component needs to be considered.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
 2024-09-12 02:58:32 +03:00
Shivani Baranwal
a8655be0b1 Fix documentation for vendor interface command 
Fix the placement of documentation of attribute used for the
QCA_NL80211_VENDOR_SUBCMD_CONNECT_EXT command.

Fixes: 97c6ef2588 ("QCA vendor interface to set the P2P mode configuration")
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-11 13:50:08 +03:00
Shivani Baranwal
a803fa9daa Include the NAN header file into driver.h to avoid C++ constraints 
Include src/common/nan.h file into src/drivers/driver.h to resolve the
compilation issue "ISO C++ forbids forward references to 'enum' types"
by pulling in the full definition of enum nan_service_protocol_type.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-11 13:47:14 +03:00
Jouni Malinen
9c17ae96a3 tests: SAE anti-clogging token with MLO 
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 2024-09-11 12:58:43 +03:00
Jouni Malinen
2d92cae655 nl80211: Check nla_parse_nested() result 
This recently added instance did not verify that parsing of nested
attributes succeeded.

Fixes: 15bf093b5b ("hostapd: Fetch multiple radios information from the driver")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 2024-09-06 01:06:32 +03:00
Jouni Malinen
ba6b3dc78e AP MLD: Fix link_id validity check for own links 
The check against MAX_NUM_MLD_LINKS was off by one for the loop that
goes through hapd->partner_links[]. It does not look like this would
actually result in any real issues since the loop is on own set of
configured links. Anyway, it is better to have the bounds checking
accurate.

Fixes: 2042cae9b3 ("AP MLD: Generate and keep per STA profiles for each link")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 2024-09-06 01:06:32 +03:00
Jouni Malinen
ffc9fa0132 Pass CSA parameters by reference instead by value 
There is no need to make a copy of the full struct csa_settings for
this.

Fixes: 5cb6747f97 ("Add support to switch channel when CAC is in progress")
Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 2024-09-06 01:06:32 +03:00
Shivani Baranwal
1527a95ba0 Add QCA vendor subcommand to trigger Channel Usage Request 
Add a new QCA vendor subcommand QCA_NL80211_VENDOR_SUBCMD_CHAN_USAGE_REQ
to support Channel Usage Request. It carries channel usage information
for BSSs that are not infrastructure BSSs or an off channel TDLS direct
link.

Implementation and scheduling of Channel Usage frames are present in the
driver/firmware. One of the key reason for this is that the TSF
timestamp required to be filled in these frames is available only in the
firmware.  So, this interface is used to configure the required
parameters to the driver/firmware for Channel Usage Request frame.

This uses attributes defined in enum
qca_wlan_vendor_attr_chan_usage_req.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-06 01:06:32 +03:00
Veerendranath Jakkam
c0c877a1f1 QCA vendor test configuration to add random PMKIDs in RSNE 
Add QCA vendor test configuration interface to add random PMKIDs in the
RSNE of the (Re)Association Request frames.

Signed-off-by: Veerendranath Jakkam <quic_vjakkam@quicinc.com>
 2024-09-06 01:06:32 +03:00
Shivani Baranwal
a6fd2467b9 PASN: Allow frequency to be set for responder 
This will be needed for P2P2 cases.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-06 01:06:32 +03:00
Shivani Baranwal
d5c07aaab9 P2P2: Parse new attributes 
Recognize new attributes when parsing P2P2 IE.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-06 01:06:32 +03:00
Shivani Baranwal
0f854cb351 P2P2: Add PMKSA caches for PASN initiator and responder 
These are needed for pairing.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-06 01:06:32 +03:00
Shivani Baranwal
8426e5274f PASN: Use allocated memory for RSNXE and allow its contents to be set 
This will be needed for P2P2 cases.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-06 01:06:32 +03:00
Shivani Baranwal
d582f8ce9b PASN: PASN Encrypted Data element parsing 
Add the PASN Encrypted Data element from IEEE P802.11bh/D6.0 into the
element parser. This is needed for P2P2.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-06 01:06:32 +03:00
Shivani Baranwal
58cc67c72f P2P2: Export p2p_build_go_neg_req() 
This is needed for PASN pairing.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-06 01:06:32 +03:00
Shivani Baranwal
ff97a762bc P2P: Debug print details on address mapping errors 
Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-06 01:06:32 +03:00
Shivani Baranwal
27de11ca5c nl80211: Configure capability flag for NAN USD offload 
Configure the capability flag based on the nl80211 feature advertisement
for NAN USD offload support.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-06 01:06:32 +03:00
Vinay Gannevaram
5cb1929da6 Add QCA vendor feature flags to indicate NAN USD offload support 
Add a separate feature flag to indicate support for NAN USD offload
feature.

Signed-off-by: Vinay Gannevaram <quic_vganneva@quicinc.com>
 2024-09-06 01:06:32 +03:00
Shivani Baranwal
58f04221fd nl80211: NAN USD commands for offloading 
Add driver nl80211 support for the NAN USD flush, publish, subscribe,
update publish, cancel publish and cancel subscribe commands for cases
where these operations are offloaded to the driver
(WPA_DRIVER_FLAGS2_NAN_OFFLOAD).

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-06 01:06:32 +03:00
Shivani Baranwal
456c3a0237 P2P2: Do not include WPS IE in GO Negotiation 
Do not include WPS IE when going through GO Negotiation with a P2P2
peer.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-06 01:06:32 +03:00
Shivani Baranwal
839b52eaf8 P2P2: Fragment P2P IE if subelements are too long in GO Negotiation 
Add a function to fragment P2P/P2P2 IE exceeding 255 bytes in size and
use this for P2P IE in GO Negotiation frames in preparation for P2P2.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-06 01:06:32 +03:00
Shivani Baranwal
c958a571a4 P2P2: GO Negotiation Action frame contents for wrapped case 
Support generation of the GO Negotiation frames with contents that is
needed for P2P2 wrapped case.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-06 01:06:32 +03:00
Jouni Malinen
64bfba98bd P2P: Use enum p2p_status_code more consistently for PD 
It is clearer to use enum p2p_status_code instead of u8 when processing
and passing the P2P Status Code to other components.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
 2024-09-06 01:06:32 +03:00
Shivani Baranwal
e633b471bc P2P2: Refactor GO Negotiation and Invitation processing 
Add wrapper functions to process and prepare a response for GO
Negotiation and Invitation frames. Send the response Action frames in
handle_ functions. This is in preparation for encapsulating these
messages within PASN Authentication frames for P2P2.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-06 01:06:27 +03:00
Shivani Baranwal
b7de417c8a PASN: Define PMKSA helper functions for initiator and responder 
Define helper functions to init, add, get, remove, flush, and deinit
PMKSA cache for PASN initiator and responder. P2P devices can be in
a role of pairing initiator and responder. Hence define a cache for
each role separately.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-05 23:56:16 +03:00
Shivani Baranwal
cb9b1f8c5a PASN: Optional KEK derivation in PTK 
Add support to derive KEK in PTK per IEEE P802.11bh/D6.0. This can be
used to encrypt keys and passwords in opportunistic P2P pairing defined
in P2P2.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-05 23:56:16 +03:00
Shivani Baranwal
17a891fd5e P2P2: Notify bootstrapping request and completed events 
Add support to notify P2P2 bootstrapping request and completed events to
the user.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-05 23:56:13 +03:00
Shivani Baranwal
11a573f313 P2P2: Add a new method to P2P_CONNECT control interface command 
Add a new method "pair" to indicate the connect request perform the
Wi-Fi Direct R2 methods like bootstrapping and pairing for connection.
This fixes control interface command parsing which expects method as
mandatory.

Signed-off-by: Shivani Baranwal <quic_shivbara@quicinc.com>
 2024-09-03 11:05:45 +03:00
156 changed files with 20594 additions and 480 deletions

186
doc/dbus.doxygen
View file

@ -732,6 +732,147 @@ fi.w1.wpa_supplicant1.CreateInterface.
<dd>Subscription in place, but for another process.</dd>
</dl>
</li>
<li>
<h3>NANPublish ( a{sv} : args ) --> u : publish_id</h3>
<p>Publish a NAN USD service.</p>
<h4>Arguments</h4>
<dl>
<dt>a{sv} : args</dt>
<dd>
A dictionary with following parameters:
<table>
<tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th></tr>
<tr><td>srv_name</td><td>s</td><td>Service name.</td><td>yes</td></tr>
<tr><td>srv_proto_type</td><td>u</td><td>Service Protocol Type</td><td>yes</td></tr>
<tr><td>solicited</td><td>b</td><td>Solicited Publish</td><td></td></tr>
<tr><td>unsolicited</td><td>b</td><td>Unsolicited Publish</td><td></td></tr>
<tr><td>solicited_multicast</td><td>b</td><td>Solicited transmission type multicast</td><td></td></tr>
<tr><td>ttl</td><td>u</td><td>Time to live (in seconds); 0 = one TX only</td><td>yes</td></tr>
<tr><td>disable_events</td><td>b</td><td>Event conditions</td><td></td></tr>
<tr><td>fsd</td><td>b</td><td>Further Service Discovery flag</td><td></td></tr>
<tr><td>fsd_gas</td><td>b</td><td>Further Service Discovery function GAS</td><td></td></tr>
<tr><td>p2p</td><td>b</td><td>Allow P2P IE to be added into NAN SDFs</td><td></td></tr>
<tr><td>freq</td><td>q</td><td>Default frequency in MHz</td><td>yes</td></tr>
<tr><td>announcement_period</td><td>u</td><td>Announcement period in ms</td><td></td></tr>
<tr><td>ssi</td><td>ay</td><td>Service specific information</td><td>yes</td></tr>
<tr><td>freq_list</td><td>aq</td><td>frequency list</td><td></td></tr>
</table>
</dd>
</dl>
<h4>Possible errors</h4>
<dl>
<dt>fi.w1.wpa_supplicant1.NoMemory</dt>
<dd>Needed memory was not possible to get allocated.</dd>
<dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
<dd>Invalid entries were found in the passed argument.</dd>
</dl>
</li>
<li>
<h3>NANCancelPublish ( u : publish_id ) --> nothing</h3>
<p>Cancel a previously added NAN USD published service.</p>
<h4>Arguments</h4>
<dl>
<dt>u : publish_id</dt>
<dd>Publish ID from NANPublish().</dd>
</dl>
<h4>Possible errors</h4>
<dl>
<dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
<dd>Invalid entries were found in the passed argument.</dd>
</dl>
</li>
<li>
<h3>NANUpdatePublish ( a{sv} : args ) --> nothing</h3>
<p>Update the SSI of a previous added NAN publish for the interface.</p>
<h4>Arguments</h4>
<dl>
<dt>a{sv} : args</dt>
<dd>
A dictionary with following parameters:
<table>
<tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th></tr>
<tr><td>publish_id</td><td>i</td><td>Publish ID to be updated</td><td>yes</td></tr>
<tr><td>ssi</td><td>ay</td><td>Service specific information</td><td></td></tr>
</table>
</dd>
</dl>
<h4>Possible errors</h4>
<dl>
<dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
<dd>Invalid entries were found in the passed argument.</dd>
<dt>fi.w1.wpa_supplicant1.NoMemory</dt>
<dd>Needed memory was not possible to get allocated.</dd>
</dl>
</li>
<li>
<h3>NANSubscribe ( a{sv} : args ) --> u : subscribe_id</h3>
<p>Subscribe to a NAN USD service.</p>
<h4>Arguments</h4>
<dl>
<dt>a{sv} : args</dt>
<dd>
A dictionary with following parameters:
<table>
<tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th></tr>
<tr><td>srv_name</td><td>s</td><td>Service name</td><td>yes</td></tr>
<tr><td>srv_proto_type</td><td>u</td><td>Service Protocol Type</td><td>yes</td></tr>
<tr><td>active</td><td>b</td><td>Subscribe type</td><td></td></tr>
<tr><td>p2p</td><td>b</td><td>Allow P2P IE to be added into NAN SDFs</td><td></td></tr>
<tr><td>ttl</td><td>u</td><td>Time to live (in seconds); 0 = one TX only</td><td></td></tr>
<tr><td>freq</td><td>q</td><td>Default frequency in MHz</td><td>yes</td></tr>
<tr><td>query_period</td><td>u</td><td>Query period in ms</td><td></td></tr>
<tr><td>ssi</td><td>ay</td><td>Service specific information</td><td>yes</td></tr>
<tr><td>freq_list</td><td>aq</td><td>frequency list</td><td></td></tr>
</table>
</dd>
</dl>
<h4>Possible errors</h4>
<dl>
<dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
<dd>Invalid entries were found in the passed argument.</dd>
</dl>
</li>
<li>
<h3>NANCancelSubscribe ( u : subscribe_id ) --> nothing</h3>
<p>Cancel a previously started NAN USD subscription.</p>
<h4>Arguments</h4>
<dl>
<dt>u : subscribe_id</dt>
<dd>Subscription ID from NANSubscribe().</dd>
</dl>
<h4>Possible errors</h4>
<dl>
<dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
<dd>Invalid entries were found in the passed argument.</dd>
</dl>
</li>
<li>
<h3>NANTransmit ( a{sv} : args ) --> nothing</h3>
<p>Send a follow-up message for NAN USD service discovery.</p>
<h4>Arguments</h4>
<dl>
<dt>a{sv} : args</dt>
<dd>
A dictionary with following parameters:
<table>
<tr><th>Key</th><th>Value type</th><th>Description</th><th>Required</th></tr>
<tr><td>handle</td><td>u</td><td>id from NANPublish or NANSubscribe.</td><td>yes</td></tr>
<tr><td>req_instance_id</td><td>u</td><td>peer's id</td><td>yes</td></tr>
<tr><td>peer_addr</td><td>s</td><td>peer's MAC address</td><td>yes</td></tr>
<tr><td>ssi</td><td>ay</td><td>Service specific information</td><td>yes</td></tr>
</table>
</dd>
</dl>
<h4>Possible errors</h4>
<dl>
<dt>fi.w1.wpa_supplicant1.InvalidArgs</dt>
<dd>Invalid entries were found in the passed argument.</dd>
<dt>fi.w1.wpa_supplicant1.NoMemory</dt>
<dd>Needed memory was not possible to get allocated.</dd>
</dl>
</li>
</ul>
\subsection dbus_interface_properties Properties
@ -1385,6 +1526,51 @@ fi.w1.wpa_supplicant1.CreateInterface.
<dd>Determine if the request was successful. If so fields are available in BSS.</dd>
</dl>
</li>
<li>
<h3>NANDiscoveryResult ( a{sv} : args )</h3>
<p>The DiscoveryResult event in the NAN Discovery Engine to indicate the result of an NANSubscribe.</p>
<dl>
<dt>a{sv} : args</dt>
<dd>A dictionary with pairs of field names and their values. Possible dictionary keys are: "subscribe_id", "publish_id", "peer_addr", "fsd", "fsd_gas", "srv_proto_type", "ssi"</dd>
</dl>
</li>
<li>
<h3>NANReplied ( a{sv} : args )</h3>
<p>The Replied event in the NAN Discovery Engine.</p>
<dl>
<dt>a{sv} : args</dt>
<dd>A dictionary with pairs of field names and their values. Possible dictionary keys are: "publish_id", "subscribe_id", "peer_addr", "srv_proto_type", "ssi"</dd>
</dl>
</li>
<li>
<h3>NANReceive ( a{sv} : args )</h3>
<p>The Receive event in the NAN Discovery Engine.</p>
<dl>
<dt>a{sv} : nanrx</dt>
<dd>A dictionary with pairs of field names and their values. Possible dictionary keys are: "id", "peer_id", "peer_addr", "ssi"</dd>
</dl>
</li>
<li>
<h3>NANPublishTerminated ( u : publish_id, s : reason )</h3>
<p>The PublishTerminated event in the NAN Discovery Engine.</p>
<dl>
<dt>u : publish_id</dt>
<dd>The terminated publish_id</dd>
<dt>s : reason</dt>
<dd>The reason of termination</dd>
</dl>
</li>
<li>
<h3>NANSubscribeTerminated ( u : subscribe_id, s : reason )</h3>
<p>The SubscribeTerminated event in the NAN Discovery Engine.</p>
<dl>
<dt>u : subscribe_id</dt>
<dd>The terminated subscribe_id</dd>
<dt>s : reason</dt>
<dd>The reason of termination</dd>
</dl>
</li>
</ul>

132
hostapd/Makefile
View file

@ -1,6 +1,7 @@
ALL=hostapd hostapd_cli
CONFIG_FILE = .config
-include $(if $(MULTICALL), ../wpa_supplicant/.config)
include ../src/build.rules
ifdef LIBS
@ -166,6 +167,12 @@ OBJS += ../src/common/hw_features_common.o
OBJS += ../src/eapol_auth/eapol_auth_sm.o
ifdef CONFIG_UBUS
CFLAGS += -DUBUS_SUPPORT
OBJS += ../src/utils/uloop.o
OBJS += ../src/ap/ubus.o
LIBS += -lubox -lubus
endif
ifdef CONFIG_CODE_COVERAGE
CFLAGS += -O0 -fprofile-arcs -ftest-coverage -U_FORTIFY_SOURCE
@ -200,7 +207,8 @@ endif
ifdef CONFIG_NO_VLAN
CFLAGS += -DCONFIG_NO_VLAN
else
endif
ifneq ($(findstring CONFIG_NO_VLAN,$(CFLAGS)), CONFIG_NO_VLAN)
OBJS += ../src/ap/vlan_init.o
OBJS += ../src/ap/vlan_ifconfig.o
OBJS += ../src/ap/vlan.o
@ -220,6 +228,9 @@ endif
ifdef CONFIG_NO_CTRL_IFACE
CFLAGS += -DCONFIG_NO_CTRL_IFACE
else
ifdef CONFIG_CTRL_IFACE_MIB
CFLAGS += -DCONFIG_CTRL_IFACE_MIB
endif
ifeq ($(CONFIG_CTRL_IFACE), udp)
CFLAGS += -DCONFIG_CTRL_IFACE_UDP
else
@ -359,10 +370,14 @@ CFLAGS += -DCONFIG_MBO
OBJS += ../src/ap/mbo_ap.o
endif
ifndef MULTICALL
CFLAGS += -DNO_SUPPLICANT
endif
include ../src/drivers/drivers.mak
OBJS += $(DRV_AP_OBJS)
CFLAGS += $(DRV_AP_CFLAGS)
LDFLAGS += $(DRV_AP_LDFLAGS)
OBJS += $(sort $(DRV_AP_OBJS) $(if $(MULTICALL),$(DRV_WPA_OBJS)))
CFLAGS += $(DRV_AP_CFLAGS) $(if $(MULTICALL),$(DRV_WPA_CFLAGS))
LDFLAGS += $(DRV_AP_LDFLAGS) $(if $(MULTICALL),$(DRV_WPA_LDFLAGS))
LIBS += $(DRV_AP_LIBS)
ifdef CONFIG_L2_PACKET
@ -708,6 +723,7 @@ CFLAGS += -DCONFIG_TLSV12
endif
ifeq ($(CONFIG_TLS), wolfssl)
CFLAGS += -DCONFIG_TLS_WOLFSSL
CONFIG_CRYPTO=wolfssl
ifdef TLS_FUNCS
OBJS += ../src/crypto/tls_wolfssl.o
@ -728,6 +744,7 @@ endif
endif
ifeq ($(CONFIG_TLS), openssl)
CFLAGS += -DCONFIG_TLS_OPENSSL
CFLAGS += -DCRYPTO_RSA_OAEP_SHA256
CONFIG_CRYPTO=openssl
ifdef TLS_FUNCS
@ -757,7 +774,39 @@ endif
CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\"
endif
ifeq ($(CONFIG_TLS), mbedtls)
CFLAGS += -DCONFIG_TLS_MBEDTLS
ifndef CONFIG_CRYPTO
CONFIG_CRYPTO=mbedtls
endif
ifdef TLS_FUNCS
OBJS += ../src/crypto/tls_mbedtls.o
LIBS += -lmbedtls
ifndef CONFIG_DPP
LIBS += -lmbedx509
endif
endif
OBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
HOBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
SOBJS += ../src/crypto/crypto_$(CONFIG_CRYPTO).o
ifeq ($(CONFIG_CRYPTO), mbedtls)
ifdef CONFIG_DPP
LIBS += -lmbedx509
LIBS_h += -lmbedx509
LIBS_n += -lmbedx509
LIBS_s += -lmbedx509
endif
LIBS += -lmbedcrypto
LIBS_h += -lmbedcrypto
LIBS_n += -lmbedcrypto
LIBS_s += -lmbedcrypto
# XXX: create a config option?
CFLAGS += -DCRYPTO_RSA_OAEP_SHA256
endif
endif
ifeq ($(CONFIG_TLS), gnutls)
CFLAGS += -DCONFIG_TLS_GNUTLS
ifndef CONFIG_CRYPTO
# default to libgcrypt
CONFIG_CRYPTO=gnutls
@ -788,6 +837,7 @@ endif
endif
ifeq ($(CONFIG_TLS), internal)
CFLAGS += -DCONFIG_TLS_INTERNAL
ifndef CONFIG_CRYPTO
CONFIG_CRYPTO=internal
endif
@ -866,6 +916,7 @@ endif
endif
ifeq ($(CONFIG_TLS), linux)
CFLAGS += -DCONFIG_TLS_INTERNAL
OBJS += ../src/crypto/crypto_linux.o
ifdef TLS_FUNCS
OBJS += ../src/crypto/crypto_internal-rsa.o
@ -936,9 +987,11 @@ endif
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), wolfssl)
ifneq ($(CONFIG_TLS), mbedtls)
AESOBJS += ../src/crypto/aes-wrap.o
endif
endif
endif
ifdef NEED_AES_EAX
AESOBJS += ../src/crypto/aes-eax.o
NEED_AES_CTR=y
@ -948,38 +1001,48 @@ AESOBJS += ../src/crypto/aes-siv.o
NEED_AES_CTR=y
endif
ifdef NEED_AES_CTR
ifneq ($(CONFIG_TLS), mbedtls)
AESOBJS += ../src/crypto/aes-ctr.o
endif
endif
ifdef NEED_AES_ENCBLOCK
ifneq ($(CONFIG_TLS), mbedtls)
AESOBJS += ../src/crypto/aes-encblock.o
endif
endif
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), linux)
ifneq ($(CONFIG_TLS), wolfssl)
ifneq ($(CONFIG_TLS), mbedtls)
AESOBJS += ../src/crypto/aes-omac1.o
endif
endif
endif
endif
ifdef NEED_AES_UNWRAP
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), linux)
ifneq ($(CONFIG_TLS), wolfssl)
ifneq ($(CONFIG_TLS), mbedtls)
NEED_AES_DEC=y
AESOBJS += ../src/crypto/aes-unwrap.o
endif
endif
endif
endif
endif
ifdef NEED_AES_CBC
NEED_AES_DEC=y
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), linux)
ifneq ($(CONFIG_TLS), wolfssl)
ifneq ($(CONFIG_TLS), mbedtls)
AESOBJS += ../src/crypto/aes-cbc.o
endif
endif
endif
endif
endif
ifdef NEED_AES_DEC
ifdef CONFIG_INTERNAL_AES
AESOBJS += ../src/crypto/aes-internal-dec.o
@ -994,12 +1057,16 @@ ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), linux)
ifneq ($(CONFIG_TLS), gnutls)
ifneq ($(CONFIG_TLS), wolfssl)
ifneq ($(CONFIG_TLS), mbedtls)
SHA1OBJS += ../src/crypto/sha1.o
endif
endif
endif
endif
endif
ifneq ($(CONFIG_TLS), mbedtls)
SHA1OBJS += ../src/crypto/sha1-prf.o
endif
ifdef CONFIG_INTERNAL_SHA1
SHA1OBJS += ../src/crypto/sha1-internal.o
ifdef NEED_FIPS186_2_PRF
@ -1008,16 +1075,22 @@ endif
endif
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), wolfssl)
ifneq ($(CONFIG_TLS), mbedtls)
SHA1OBJS += ../src/crypto/sha1-pbkdf2.o
endif
endif
endif
ifdef NEED_T_PRF
ifneq ($(CONFIG_TLS), mbedtls)
SHA1OBJS += ../src/crypto/sha1-tprf.o
endif
endif
ifdef NEED_TLS_PRF
ifneq ($(CONFIG_TLS), mbedtls)
SHA1OBJS += ../src/crypto/sha1-tlsprf.o
endif
endif
endif
ifdef NEED_SHA1
OBJS += $(SHA1OBJS)
@ -1027,11 +1100,13 @@ ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), linux)
ifneq ($(CONFIG_TLS), gnutls)
ifneq ($(CONFIG_TLS), wolfssl)
ifneq ($(CONFIG_TLS), mbedtls)
OBJS += ../src/crypto/md5.o
endif
endif
endif
endif
endif
ifdef NEED_MD5
ifdef CONFIG_INTERNAL_MD5
@ -1070,56 +1145,81 @@ ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), linux)
ifneq ($(CONFIG_TLS), gnutls)
ifneq ($(CONFIG_TLS), wolfssl)
ifneq ($(CONFIG_TLS), mbedtls)
OBJS += ../src/crypto/sha256.o
endif
endif
endif
endif
endif
ifneq ($(CONFIG_TLS), mbedtls)
OBJS += ../src/crypto/sha256-prf.o
endif
ifdef CONFIG_INTERNAL_SHA256
OBJS += ../src/crypto/sha256-internal.o
endif
ifdef NEED_TLS_PRF_SHA256
ifneq ($(CONFIG_TLS), mbedtls)
OBJS += ../src/crypto/sha256-tlsprf.o
endif
endif
ifdef NEED_TLS_PRF_SHA384
ifneq ($(CONFIG_TLS), mbedtls)
OBJS += ../src/crypto/sha384-tlsprf.o
endif
endif
ifdef NEED_HMAC_SHA256_KDF
CFLAGS += -DCONFIG_HMAC_SHA256_KDF
ifneq ($(CONFIG_TLS), mbedtls)
OBJS += ../src/crypto/sha256-kdf.o
endif
endif
ifdef NEED_HMAC_SHA384_KDF
CFLAGS += -DCONFIG_HMAC_SHA384_KDF
ifneq ($(CONFIG_TLS), mbedtls)
OBJS += ../src/crypto/sha384-kdf.o
endif
endif
ifdef NEED_HMAC_SHA512_KDF
CFLAGS += -DCONFIG_HMAC_SHA512_KDF
ifneq ($(CONFIG_TLS), mbedtls)
OBJS += ../src/crypto/sha512-kdf.o
endif
endif
ifdef NEED_SHA384
CFLAGS += -DCONFIG_SHA384
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), linux)
ifneq ($(CONFIG_TLS), gnutls)
ifneq ($(CONFIG_TLS), wolfssl)
ifneq ($(CONFIG_TLS), mbedtls)
OBJS += ../src/crypto/sha384.o
endif
endif
endif
endif
endif
ifneq ($(CONFIG_TLS), mbedtls)
OBJS += ../src/crypto/sha384-prf.o
endif
endif
ifdef NEED_SHA512
CFLAGS += -DCONFIG_SHA512
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), linux)
ifneq ($(CONFIG_TLS), gnutls)
ifneq ($(CONFIG_TLS), wolfssl)
ifneq ($(CONFIG_TLS), mbedtls)
OBJS += ../src/crypto/sha512.o
endif
endif
endif
endif
endif
ifneq ($(CONFIG_TLS), mbedtls)
OBJS += ../src/crypto/sha512-prf.o
endif
endif
ifdef CONFIG_INTERNAL_SHA384
CFLAGS += -DCONFIG_INTERNAL_SHA384
@ -1164,11 +1264,13 @@ HOBJS += $(SHA1OBJS)
ifneq ($(CONFIG_TLS), openssl)
ifneq ($(CONFIG_TLS), linux)
ifneq ($(CONFIG_TLS), wolfssl)
ifneq ($(CONFIG_TLS), mbedtls)
HOBJS += ../src/crypto/md5.o
endif
endif
endif
endif
endif
ifdef CONFIG_RADIUS_SERVER
CFLAGS += -DRADIUS_SERVER
@ -1306,8 +1408,14 @@ install: $(addprefix $(DESTDIR)$(BINDIR)/,$(ALL))
_OBJS_VAR := OBJS
include ../src/objs.mk
hostapd_multi.a: $(BCHECK) $(OBJS)
$(Q)$(CC) -c -o hostapd_multi.o -Dmain=hostapd_main $(CFLAGS) main.c
@$(E) " CC " $<
@rm -f $@
@$(AR) cr $@ hostapd_multi.o $(OBJS)
hostapd: $(OBJS)
$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
+$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
@$(E) " LD " $@
ifdef CONFIG_WPA_TRACE
@ -1318,7 +1426,7 @@ _OBJS_VAR := OBJS_c
include ../src/objs.mk
hostapd_cli: $(OBJS_c)
$(Q)$(CC) $(LDFLAGS) -o hostapd_cli $(OBJS_c) $(LIBS_c)
+$(Q)$(CC) $(LDFLAGS) -o hostapd_cli $(OBJS_c) $(LIBS_c)
@$(E) " LD " $@
NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS)
@ -1342,7 +1450,9 @@ NOBJS += ../src/utils/trace.o
endif
HOBJS += hlr_auc_gw.o ../src/utils/common.o ../src/utils/wpa_debug.o ../src/utils/os_$(CONFIG_OS).o ../src/utils/wpabuf.o ../src/crypto/milenage.o
ifneq ($(CONFIG_TLS), mbedtls)
HOBJS += ../src/crypto/aes-encblock.o
endif
ifdef CONFIG_INTERNAL_AES
HOBJS += ../src/crypto/aes-internal.o
HOBJS += ../src/crypto/aes-internal-enc.o
@ -1365,13 +1475,17 @@ SOBJS += ../src/common/sae.o
SOBJS += ../src/common/sae_pk.o
SOBJS += ../src/common/dragonfly.o
SOBJS += $(AESOBJS)
ifneq ($(CONFIG_TLS), mbedtls)
SOBJS += ../src/crypto/sha256-prf.o
SOBJS += ../src/crypto/sha384-prf.o
SOBJS += ../src/crypto/sha512-prf.o
endif
SOBJS += ../src/crypto/dh_groups.o
ifneq ($(CONFIG_TLS), mbedtls)
SOBJS += ../src/crypto/sha256-kdf.o
SOBJS += ../src/crypto/sha384-kdf.o
SOBJS += ../src/crypto/sha512-kdf.o
endif
_OBJS_VAR := NOBJS
include ../src/objs.mk
@ -1380,6 +1494,12 @@ include ../src/objs.mk
_OBJS_VAR := SOBJS
include ../src/objs.mk
dump_cflags:
@printf "%s " "$(CFLAGS)"
dump_ldflags:
@printf "%s " "$(LDFLAGS) $(LIBS) $(EXTRALIBS)"
nt_password_hash: $(NOBJS)
$(Q)$(CC) $(LDFLAGS) -o nt_password_hash $(NOBJS) $(LIBS_n)
@$(E) " LD " $@

8
hostapd/config_file.c
View file

@ -1229,6 +1229,8 @@ static int hostapd_config_vht_capab(struct hostapd_config *conf,
conf->vht_capab |= VHT_CAP_RX_ANTENNA_PATTERN;
if (os_strstr(capab, "[TX-ANTENNA-PATTERN]"))
conf->vht_capab |= VHT_CAP_TX_ANTENNA_PATTERN;
if (os_strstr(capab, "[EXT-NSS-BW-SUPP]"))
conf->vht_capab |= VHT_CAP_EXTENDED_NSS_BW_SUPPORT;
return 0;
}
#endif /* CONFIG_IEEE80211AC */
@ -3745,6 +3747,10 @@ static int hostapd_config_fill(struct hostapd_config *conf,
if (bss->ocv && !bss->ieee80211w)
bss->ieee80211w = 1;
#endif /* CONFIG_OCV */
} else if (os_strcmp(buf, "noscan") == 0) {
conf->noscan = atoi(pos);
} else if (os_strcmp(buf, "ht_coex") == 0) {
conf->no_ht_coex = !atoi(pos);
} else if (os_strcmp(buf, "ieee80211n") == 0) {
conf->ieee80211n = atoi(pos);
} else if (os_strcmp(buf, "ht_capab") == 0) {
@ -3795,6 +3801,8 @@ static int hostapd_config_fill(struct hostapd_config *conf,
} else if (os_strcmp(buf, "he_bss_color") == 0) {
conf->he_op.he_bss_color = atoi(pos) & 0x3f;
conf->he_op.he_bss_color_disabled = 0;
if (atoi(pos) > 63)
conf->he_op.he_bss_color = os_random() % 63 + 1;
} else if (os_strcmp(buf, "he_bss_color_partial") == 0) {
conf->he_op.he_bss_color_partial = atoi(pos);
} else if (os_strcmp(buf, "he_default_pe_duration") == 0) {

6
hostapd/ctrl_iface.c
View file

@ -2772,7 +2772,7 @@ static int hostapd_ctrl_iface_chan_switch(struct hostapd_iface *iface,
if (iface->cac_started) {
wpa_printf(MSG_DEBUG,
"CAC is in progress - switching channel without CSA");
return hostapd_force_channel_switch(iface, settings);
return hostapd_force_channel_switch(iface, &settings);
}
for (i = 0; i < iface->num_bss; i++) {
@ -4022,7 +4022,7 @@ static int hostapd_ctrl_nan_transmit(struct hostapd_data *hapd, char *cmd)
}
ret = hostapd_nan_usd_transmit(hapd, handle, ssi, NULL, peer_addr,
req_instance_id);
req_instance_id);
fail:
wpabuf_free(ssi);
return ret;
@ -4057,6 +4057,7 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
reply_size);
} else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
reply_len = hostapd_drv_status(hapd, reply, reply_size);
#ifdef CONFIG_CTRL_IFACE_MIB
} else if (os_strcmp(buf, "MIB") == 0) {
reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
if (reply_len >= 0) {
@ -4098,6 +4099,7 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
reply_size);
#endif
} else if (os_strcmp(buf, "ATTACH") == 0) {
if (hostapd_ctrl_iface_attach(hapd, from, fromlen, NULL))
reply_len = -1;

15
hostapd/defconfig
View file

@ -6,9 +6,21 @@
# just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cass, these lines should use += in order not
# be modified from here. In most cases, these lines should use += in order not
# to override previous values of the variables.
# Uncomment following two lines and fix the paths if you have installed TLS
# libraries in a non-default location
#CFLAGS += -I/usr/local/openssl/include
#LIBS += -L/usr/local/openssl/lib
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
# the kerberos files are not in the default include path. Following line can be
# used to fix build issues on such systems (krb5.h not found).
#CFLAGS += -I/usr/include/kerberos
# Driver interface for Host AP driver
CONFIG_DRIVER_HOSTAP=y
@ -281,6 +293,7 @@ CONFIG_IPV6=y
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# mbedtls = mbed TLS
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
#CONFIG_TLS=openssl

10
hostapd/hostapd_cli.c
View file

@ -409,7 +409,6 @@ static int hostapd_cli_cmd_disassociate(struct wpa_ctrl *ctrl, int argc,
}
#ifdef CONFIG_TAXONOMY
static int hostapd_cli_cmd_signature(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
@ -422,7 +421,6 @@ static int hostapd_cli_cmd_signature(struct wpa_ctrl *ctrl, int argc,
os_snprintf(buf, sizeof(buf), "SIGNATURE %s", argv[0]);
return wpa_ctrl_command(ctrl, buf);
}
#endif /* CONFIG_TAXONOMY */
static int hostapd_cli_cmd_sa_query(struct wpa_ctrl *ctrl, int argc,
@ -439,7 +437,6 @@ static int hostapd_cli_cmd_sa_query(struct wpa_ctrl *ctrl, int argc,
}
#ifdef CONFIG_WPS
static int hostapd_cli_cmd_wps_pin(struct wpa_ctrl *ctrl, int argc,
char *argv[])
{
@ -665,7 +662,6 @@ static int hostapd_cli_cmd_wps_config(struct wpa_ctrl *ctrl, int argc,
ssid_hex, argv[1]);
return wpa_ctrl_command(ctrl, buf);
}
#endif /* CONFIG_WPS */
static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc,
@ -765,7 +761,7 @@ static int wpa_ctrl_command_sta(struct wpa_ctrl *ctrl, const char *cmd,
}
buf[len] = '\0';
if (memcmp(buf, "FAIL", 4) == 0)
if (memcmp(buf, "FAIL", 4) == 0 || memcmp(buf, "UNKNOWN COMMAND", 15) == 0)
return -1;
if (print)
printf("%s", buf);
@ -1694,13 +1690,10 @@ static const struct hostapd_cli_cmd hostapd_cli_commands[] = {
{ "disassociate", hostapd_cli_cmd_disassociate,
hostapd_complete_stations,
"<addr> = disassociate a station" },
#ifdef CONFIG_TAXONOMY
{ "signature", hostapd_cli_cmd_signature, hostapd_complete_stations,
"<addr> = get taxonomy signature for a station" },
#endif /* CONFIG_TAXONOMY */
{ "sa_query", hostapd_cli_cmd_sa_query, hostapd_complete_stations,
"<addr> = send SA Query to a station" },
#ifdef CONFIG_WPS
{ "wps_pin", hostapd_cli_cmd_wps_pin, NULL,
"<uuid> <pin> [timeout] [addr] = add WPS Enrollee PIN" },
{ "wps_check_pin", hostapd_cli_cmd_wps_check_pin, NULL,
@ -1725,7 +1718,6 @@ static const struct hostapd_cli_cmd hostapd_cli_commands[] = {
"<SSID> <auth> <encr> <key> = configure AP" },
{ "wps_get_status", hostapd_cli_cmd_wps_get_status, NULL,
"= show current WPS status" },
#endif /* CONFIG_WPS */
{ "disassoc_imminent", hostapd_cli_cmd_disassoc_imminent, NULL,
"= send Disassociation Imminent notification" },
{ "ess_disassoc", hostapd_cli_cmd_ess_disassoc, NULL,

13
hostapd/main.c
View file

@ -31,7 +31,7 @@
#include "config_file.h"
#include "eap_register.h"
#include "ctrl_iface.h"
#include "build_features.h"
struct hapd_global {
void **drv_priv;
@ -696,6 +696,11 @@ fail:
return -1;
}
void hostapd_wpa_event(void *ctx, enum wpa_event_type event,
union wpa_event_data *data);
void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event,
union wpa_event_data *data);
#ifdef CONFIG_WPS
static int gen_uuid(const char *txt_addr)
@ -817,8 +822,10 @@ int main(int argc, char *argv[])
return -1;
#endif /* CONFIG_DPP */
wpa_supplicant_event = hostapd_wpa_event;
wpa_supplicant_event_global = hostapd_wpa_event_global;
for (;;) {
c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:q");
c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:g:G:qv::");
if (c < 0)
break;
switch (c) {
@ -855,6 +862,8 @@ int main(int argc, char *argv[])
break;
#endif /* CONFIG_DEBUG_LINUX_TRACING */
case 'v':
if (optarg)
exit(!has_feature(optarg));
show_version();
exit(1);
case 'g':

715
hostapd/radius.c Normal file
View file

@ -0,0 +1,715 @@
#include "utils/includes.h"
#include "utils/common.h"
#include "utils/eloop.h"
#include "crypto/crypto.h"
#include "crypto/tls.h"
#include "ap/ap_config.h"
#include "eap_server/eap.h"
#include "radius/radius.h"
#include "radius/radius_server.h"
#include "eap_register.h"
#include <libubox/blobmsg_json.h>
#include <libubox/blobmsg.h>
#include <libubox/avl.h>
#include <libubox/avl-cmp.h>
#include <libubox/kvlist.h>
#include <sys/stat.h>
#include <fnmatch.h>
#define VENDOR_ID_WISPR 14122
#define VENDOR_ATTR_SIZE 6
struct radius_parse_attr_data {
unsigned int vendor;
u8 type;
int size;
char format;
const char *data;
};
struct radius_parse_attr_state {
struct hostapd_radius_attr *prev;
struct hostapd_radius_attr *attr;
struct wpabuf *buf;
void *attrdata;
};
struct radius_user_state {
struct avl_node node;
struct eap_user data;
};
struct radius_user_data {
struct kvlist users;
struct avl_tree user_state;
struct blob_attr *wildcard;
};
struct radius_state {
struct radius_server_data *radius;
struct eap_config eap;
struct radius_user_data phase1, phase2;
const char *user_file;
time_t user_file_ts;
int n_attrs;
struct hostapd_radius_attr *attrs;
};
struct radius_config {
struct tls_connection_params tls;
struct radius_server_conf radius;
};
enum {
USER_ATTR_PASSWORD,
USER_ATTR_HASH,
USER_ATTR_SALT,
USER_ATTR_METHODS,
USER_ATTR_RADIUS,
USER_ATTR_VLAN,
USER_ATTR_MAX_RATE_UP,
USER_ATTR_MAX_RATE_DOWN,
__USER_ATTR_MAX
};
static void radius_tls_event(void *ctx, enum tls_event ev,
union tls_event_data *data)
{
switch (ev) {
case TLS_CERT_CHAIN_SUCCESS:
wpa_printf(MSG_DEBUG, "radius: remote certificate verification success");
break;
case TLS_CERT_CHAIN_FAILURE:
wpa_printf(MSG_INFO, "radius: certificate chain failure: reason=%d depth=%d subject='%s' err='%s'",
data->cert_fail.reason,
data->cert_fail.depth,
data->cert_fail.subject,
data->cert_fail.reason_txt);
break;
case TLS_PEER_CERTIFICATE:
wpa_printf(MSG_DEBUG, "radius: peer certificate: depth=%d serial_num=%s subject=%s",
data->peer_cert.depth,
data->peer_cert.serial_num ? data->peer_cert.serial_num : "N/A",
data->peer_cert.subject);
break;
case TLS_ALERT:
if (data->alert.is_local)
wpa_printf(MSG_DEBUG, "radius: local TLS alert: %s",
data->alert.description);
else
wpa_printf(MSG_DEBUG, "radius: remote TLS alert: %s",
data->alert.description);
break;
case TLS_UNSAFE_RENEGOTIATION_DISABLED:
/* Not applicable to TLS server */
break;
}
}
static void radius_userdata_init(struct radius_user_data *u)
{
kvlist_init(&u->users, kvlist_blob_len);
avl_init(&u->user_state, avl_strcmp, false, NULL);
}
static void radius_userdata_free(struct radius_user_data *u)
{
struct radius_user_state *s, *tmp;
kvlist_free(&u->users);
free(u->wildcard);
u->wildcard = NULL;
avl_remove_all_elements(&u->user_state, s, node, tmp)
free(s);
}
static void
radius_userdata_load(struct radius_user_data *u, struct blob_attr *data)
{
enum {
USERSTATE_USERS,
USERSTATE_WILDCARD,
__USERSTATE_MAX,
};
static const struct blobmsg_policy policy[__USERSTATE_MAX] = {
[USERSTATE_USERS] = { "users", BLOBMSG_TYPE_TABLE },
[USERSTATE_WILDCARD] = { "wildcard", BLOBMSG_TYPE_ARRAY },
};
struct blob_attr *tb[__USERSTATE_MAX], *cur;
int rem;
if (!data)
return;
blobmsg_parse(policy, __USERSTATE_MAX, tb, blobmsg_data(data), blobmsg_len(data));
blobmsg_for_each_attr(cur, tb[USERSTATE_USERS], rem)
kvlist_set(&u->users, blobmsg_name(cur), cur);
if (tb[USERSTATE_WILDCARD])
u->wildcard = blob_memdup(tb[USERSTATE_WILDCARD]);
}
static void
load_userfile(struct radius_state *s)
{
enum {
USERDATA_PHASE1,
USERDATA_PHASE2,
__USERDATA_MAX
};
static const struct blobmsg_policy policy[__USERDATA_MAX] = {
[USERDATA_PHASE1] = { "phase1", BLOBMSG_TYPE_TABLE },
[USERDATA_PHASE2] = { "phase2", BLOBMSG_TYPE_TABLE },
};
struct blob_attr *tb[__USERDATA_MAX], *cur;
static struct blob_buf b;
struct stat st;
int rem;
if (stat(s->user_file, &st))
return;
if (s->user_file_ts == st.st_mtime)
return;
s->user_file_ts = st.st_mtime;
radius_userdata_free(&s->phase1);
radius_userdata_free(&s->phase2);
blob_buf_init(&b, 0);
blobmsg_add_json_from_file(&b, s->user_file);
blobmsg_parse(policy, __USERDATA_MAX, tb, blob_data(b.head), blob_len(b.head));
radius_userdata_load(&s->phase1, tb[USERDATA_PHASE1]);
radius_userdata_load(&s->phase2, tb[USERDATA_PHASE2]);
blob_buf_free(&b);
}
static struct blob_attr *
radius_user_get(struct radius_user_data *s, const char *name)
{
struct blob_attr *cur;
int rem;
cur = kvlist_get(&s->users, name);
if (cur)
return cur;
blobmsg_for_each_attr(cur, s->wildcard, rem) {
static const struct blobmsg_policy policy = {
"name", BLOBMSG_TYPE_STRING
};
struct blob_attr *pattern;
if (blobmsg_type(cur) != BLOBMSG_TYPE_TABLE)
continue;
blobmsg_parse(&policy, 1, &pattern, blobmsg_data(cur), blobmsg_len(cur));
if (!name)
continue;
if (!fnmatch(blobmsg_get_string(pattern), name, 0))
return cur;
}
return NULL;
}
static struct radius_parse_attr_data *
radius_parse_attr(struct blob_attr *attr)
{
static const struct blobmsg_policy policy[4] = {
{ .type = BLOBMSG_TYPE_INT32 },
{ .type = BLOBMSG_TYPE_INT32 },
{ .type = BLOBMSG_TYPE_STRING },
{ .type = BLOBMSG_TYPE_STRING },
};
static struct radius_parse_attr_data data;
struct blob_attr *tb[4];
const char *format;
blobmsg_parse_array(policy, ARRAY_SIZE(policy), tb, blobmsg_data(attr), blobmsg_len(attr));
if (!tb[0] || !tb[1] || !tb[2] || !tb[3])
return NULL;
format = blobmsg_get_string(tb[2]);
if (strlen(format) != 1)
return NULL;
data.vendor = blobmsg_get_u32(tb[0]);
data.type = blobmsg_get_u32(tb[1]);
data.format = format[0];
data.data = blobmsg_get_string(tb[3]);
data.size = strlen(data.data);
switch (data.format) {
case 's':
break;
case 'x':
if (data.size & 1)
return NULL;
data.size /= 2;
break;
case 'd':
data.size = 4;
break;
default:
return NULL;
}
return &data;
}
static void
radius_count_attrs(struct blob_attr **tb, int *n_attr, size_t *attr_size)
{
struct blob_attr *data = tb[USER_ATTR_RADIUS];
struct blob_attr *cur;
int rem;
blobmsg_for_each_attr(cur, data, rem) {
struct radius_parse_attr_data *data;
size_t prev = *attr_size;
data = radius_parse_attr(cur);
if (!data)
continue;
*attr_size += data->size;
if (data->vendor)
*attr_size += VENDOR_ATTR_SIZE;
(*n_attr)++;
}
*n_attr += !!tb[USER_ATTR_VLAN] * 3 +
!!tb[USER_ATTR_MAX_RATE_UP] +
!!tb[USER_ATTR_MAX_RATE_DOWN];
*attr_size += !!tb[USER_ATTR_VLAN] * (4 + 4 + 5) +
!!tb[USER_ATTR_MAX_RATE_UP] * (4 + VENDOR_ATTR_SIZE) +
!!tb[USER_ATTR_MAX_RATE_DOWN] * (4 + VENDOR_ATTR_SIZE);
}
static void *
radius_add_attr(struct radius_parse_attr_state *state,
u32 vendor, u8 type, u8 len)
{
struct hostapd_radius_attr *attr;
struct wpabuf *buf;
void *val;
val = state->attrdata;
buf = state->buf++;
buf->buf = val;
attr = state->attr++;
attr->val = buf;
attr->type = type;
if (state->prev)
state->prev->next = attr;
state->prev = attr;
if (vendor) {
u8 *vendor_hdr = val + 4;
WPA_PUT_BE32(val, vendor);
vendor_hdr[0] = type;
vendor_hdr[1] = len + 2;
len += VENDOR_ATTR_SIZE;
val += VENDOR_ATTR_SIZE;
attr->type = RADIUS_ATTR_VENDOR_SPECIFIC;
}
buf->size = buf->used = len;
state->attrdata += len;
return val;
}
static void
radius_parse_attrs(struct blob_attr **tb, struct radius_parse_attr_state *state)
{
struct blob_attr *data = tb[USER_ATTR_RADIUS];
struct hostapd_radius_attr *prev = NULL;
struct blob_attr *cur;
int len, rem;
void *val;
if ((cur = tb[USER_ATTR_VLAN]) != NULL && blobmsg_get_u32(cur) < 4096) {
char buf[5];
val = radius_add_attr(state, 0, RADIUS_ATTR_TUNNEL_TYPE, 4);
WPA_PUT_BE32(val, RADIUS_TUNNEL_TYPE_VLAN);
val = radius_add_attr(state, 0, RADIUS_ATTR_TUNNEL_MEDIUM_TYPE, 4);
WPA_PUT_BE32(val, RADIUS_TUNNEL_MEDIUM_TYPE_802);
len = snprintf(buf, sizeof(buf), "%d", blobmsg_get_u32(cur));
val = radius_add_attr(state, 0, RADIUS_ATTR_TUNNEL_PRIVATE_GROUP_ID, len);
memcpy(val, buf, len);
}
if ((cur = tb[USER_ATTR_MAX_RATE_UP]) != NULL) {
val = radius_add_attr(state, VENDOR_ID_WISPR, 7, 4);
WPA_PUT_BE32(val, blobmsg_get_u32(cur));
}
if ((cur = tb[USER_ATTR_MAX_RATE_DOWN]) != NULL) {
val = radius_add_attr(state, VENDOR_ID_WISPR, 8, 4);
WPA_PUT_BE32(val, blobmsg_get_u32(cur));
}
blobmsg_for_each_attr(cur, data, rem) {
struct radius_parse_attr_data *data;
void *val;
int size;
data = radius_parse_attr(cur);
if (!data)
continue;
val = radius_add_attr(state, data->vendor, data->type, data->size);
switch (data->format) {
case 's':
memcpy(val, data->data, data->size);
break;
case 'x':
hexstr2bin(data->data, val, data->size);
break;
case 'd':
WPA_PUT_BE32(val, atoi(data->data));
break;
}
}
}
static void
radius_user_parse_methods(struct eap_user *eap, struct blob_attr *data)
{
struct blob_attr *cur;
int rem, n = 0;
if (!data)
return;
blobmsg_for_each_attr(cur, data, rem) {
const char *method;
if (blobmsg_type(cur) != BLOBMSG_TYPE_STRING)
continue;
if (n == EAP_MAX_METHODS)
break;
method = blobmsg_get_string(cur);
eap->methods[n].method = eap_server_get_type(method, &eap->methods[n].vendor);
if (eap->methods[n].vendor == EAP_VENDOR_IETF &&
eap->methods[n].method == EAP_TYPE_NONE) {
if (!strcmp(method, "TTLS-PAP")) {
eap->ttls_auth |= EAP_TTLS_AUTH_PAP;
continue;
}
if (!strcmp(method, "TTLS-CHAP")) {
eap->ttls_auth |= EAP_TTLS_AUTH_CHAP;
continue;
}
if (!strcmp(method, "TTLS-MSCHAP")) {
eap->ttls_auth |= EAP_TTLS_AUTH_MSCHAP;
continue;
}
if (!strcmp(method, "TTLS-MSCHAPV2")) {
eap->ttls_auth |= EAP_TTLS_AUTH_MSCHAPV2;
continue;
}
}
n++;
}
}
static struct eap_user *
radius_user_get_state(struct radius_user_data *u, struct blob_attr *data,
const char *id)
{
static const struct blobmsg_policy policy[__USER_ATTR_MAX] = {
[USER_ATTR_PASSWORD] = { "password", BLOBMSG_TYPE_STRING },
[USER_ATTR_HASH] = { "hash", BLOBMSG_TYPE_STRING },
[USER_ATTR_SALT] = { "salt", BLOBMSG_TYPE_STRING },
[USER_ATTR_METHODS] = { "methods", BLOBMSG_TYPE_ARRAY },
[USER_ATTR_RADIUS] = { "radius", BLOBMSG_TYPE_ARRAY },
[USER_ATTR_VLAN] = { "vlan-id", BLOBMSG_TYPE_INT32 },
[USER_ATTR_MAX_RATE_UP] = { "max-rate-up", BLOBMSG_TYPE_INT32 },
[USER_ATTR_MAX_RATE_DOWN] = { "max-rate-down", BLOBMSG_TYPE_INT32 },
};
struct blob_attr *tb[__USER_ATTR_MAX], *cur;
char *password_buf, *salt_buf, *name_buf;
struct radius_parse_attr_state astate = {};
struct hostapd_radius_attr *attr;
struct radius_user_state *state;
int pw_len = 0, salt_len = 0;
struct eap_user *eap;
struct wpabuf *val;
size_t attrsize = 0;
void *attrdata;
int n_attr = 0;
state = avl_find_element(&u->user_state, id, state, node);
if (state)
return &state->data;
blobmsg_parse(policy, __USER_ATTR_MAX, tb, blobmsg_data(data), blobmsg_len(data));
if ((cur = tb[USER_ATTR_SALT]) != NULL)
salt_len = strlen(blobmsg_get_string(cur)) / 2;
if ((cur = tb[USER_ATTR_HASH]) != NULL)
pw_len = strlen(blobmsg_get_string(cur)) / 2;
else if ((cur = tb[USER_ATTR_PASSWORD]) != NULL)
pw_len = blobmsg_len(cur) - 1;
radius_count_attrs(tb, &n_attr, &attrsize);
state = calloc_a(sizeof(*state), &name_buf, strlen(id) + 1,
&password_buf, pw_len,
&salt_buf, salt_len,
&astate.attr, n_attr * sizeof(*astate.attr),
&astate.buf, n_attr * sizeof(*astate.buf),
&astate.attrdata, attrsize);
eap = &state->data;
eap->salt = salt_len ? salt_buf : NULL;
eap->salt_len = salt_len;
eap->password = pw_len ? password_buf : NULL;
eap->password_len = pw_len;
eap->force_version = -1;
if ((cur = tb[USER_ATTR_SALT]) != NULL)
hexstr2bin(blobmsg_get_string(cur), salt_buf, salt_len);
if ((cur = tb[USER_ATTR_PASSWORD]) != NULL)
memcpy(password_buf, blobmsg_get_string(cur), pw_len);
else if ((cur = tb[USER_ATTR_HASH]) != NULL) {
hexstr2bin(blobmsg_get_string(cur), password_buf, pw_len);
eap->password_hash = 1;
}
radius_user_parse_methods(eap, tb[USER_ATTR_METHODS]);
if (n_attr > 0) {
cur = tb[USER_ATTR_RADIUS];
eap->accept_attr = astate.attr;
radius_parse_attrs(tb, &astate);
}
state->node.key = strcpy(name_buf, id);
avl_insert(&u->user_state, &state->node);
return &state->data;
free:
free(state);
return NULL;
}
static int radius_get_eap_user(void *ctx, const u8 *identity,
size_t identity_len, int phase2,
struct eap_user *user)
{
struct radius_state *s = ctx;
struct radius_user_data *u = phase2 ? &s->phase2 : &s->phase1;
struct blob_attr *entry;
struct eap_user *data;
char *id;
if (identity_len > 512)
return -1;
load_userfile(s);
id = alloca(identity_len + 1);
memcpy(id, identity, identity_len);
id[identity_len] = 0;
entry = radius_user_get(u, id);
if (!entry)
return -1;
if (!user)
return 0;
data = radius_user_get_state(u, entry, id);
if (!data)
return -1;
*user = *data;
if (user->password_len > 0)
user->password = os_memdup(user->password, user->password_len);
if (user->salt_len > 0)
user->salt = os_memdup(user->salt, user->salt_len);
user->phase2 = phase2;
return 0;
}
static int radius_setup(struct radius_state *s, struct radius_config *c)
{
struct eap_config *eap = &s->eap;
struct tls_config conf = {
.event_cb = radius_tls_event,
.tls_flags = TLS_CONN_DISABLE_TLSv1_3,
.cb_ctx = s,
};
eap->eap_server = 1;
eap->max_auth_rounds = 100;
eap->max_auth_rounds_short = 50;
eap->ssl_ctx = tls_init(&conf);
if (!eap->ssl_ctx) {
wpa_printf(MSG_INFO, "TLS init failed\n");
return 1;
}
if (tls_global_set_params(eap->ssl_ctx, &c->tls)) {
wpa_printf(MSG_INFO, "failed to set TLS parameters\n");
return 1;
}
c->radius.eap_cfg = eap;
c->radius.conf_ctx = s;
c->radius.get_eap_user = radius_get_eap_user;
s->radius = radius_server_init(&c->radius);
if (!s->radius) {
wpa_printf(MSG_INFO, "failed to initialize radius server\n");
return 1;
}
return 0;
}
static int radius_init(struct radius_state *s)
{
memset(s, 0, sizeof(*s));
radius_userdata_init(&s->phase1);
radius_userdata_init(&s->phase2);
}
static void radius_deinit(struct radius_state *s)
{
if (s->radius)
radius_server_deinit(s->radius);
if (s->eap.ssl_ctx)
tls_deinit(s->eap.ssl_ctx);
radius_userdata_free(&s->phase1);
radius_userdata_free(&s->phase2);
}
static int usage(const char *progname)
{
fprintf(stderr, "Usage: %s <options>\n",
progname);
}
int radius_main(int argc, char **argv)
{
static struct radius_state state = {};
static struct radius_config config = {};
const char *progname = argv[0];
int ret = 0;
int ch;
wpa_debug_setup_stdout();
wpa_debug_level = 0;
if (eloop_init()) {
wpa_printf(MSG_ERROR, "Failed to initialize event loop");
return 1;
}
eap_server_register_methods();
radius_init(&state);
while ((ch = getopt(argc, argv, "6C:c:d:i:k:K:p:P:s:u:")) != -1) {
switch (ch) {
case '6':
config.radius.ipv6 = 1;
break;
case 'C':
config.tls.ca_cert = optarg;
break;
case 'c':
if (config.tls.client_cert2)
return usage(progname);
if (config.tls.client_cert)
config.tls.client_cert2 = optarg;
else
config.tls.client_cert = optarg;
break;
case 'd':
config.tls.dh_file = optarg;
break;
case 'i':
state.eap.server_id = optarg;
state.eap.server_id_len = strlen(optarg);
break;
case 'k':
if (config.tls.private_key2)
return usage(progname);
if (config.tls.private_key)
config.tls.private_key2 = optarg;
else
config.tls.private_key = optarg;
break;
case 'K':
if (config.tls.private_key_passwd2)
return usage(progname);
if (config.tls.private_key_passwd)
config.tls.private_key_passwd2 = optarg;
else
config.tls.private_key_passwd = optarg;
break;
case 'p':
config.radius.auth_port = atoi(optarg);
break;
case 'P':
config.radius.acct_port = atoi(optarg);
break;
case 's':
config.radius.client_file = optarg;
break;
case 'u':
state.user_file = optarg;
break;
default:
return usage(progname);
}
}
if (!config.tls.client_cert || !config.tls.private_key ||
!config.radius.client_file || !state.eap.server_id ||
!state.user_file) {
wpa_printf(MSG_INFO, "missing options\n");
goto out;
}
ret = radius_setup(&state, &config);
if (ret)
goto out;
load_userfile(&state);
eloop_run();
out:
radius_deinit(&state);
os_program_deinit();
return ret;
}

2
openwrt-files/dhcp-get-server.sh Normal file
View file

@ -0,0 +1,2 @@
#!/bin/sh
[ "$1" = bound ] && echo "$serverid"

404
openwrt-files/hostapd-basic.config Normal file
View file

@ -0,0 +1,404 @@
# Example hostapd build time configuration
#
# This file lists the configuration options that are used when building the
# hostapd binary. All lines starting with # are ignored. Configuration option
# lines must be commented out complete, if they are not to be included, i.e.,
# just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cass, these lines should use += in order not
# to override previous values of the variables.
# Driver interface for Host AP driver
#CONFIG_DRIVER_HOSTAP=y
# Driver interface for wired authenticator
CONFIG_DRIVER_WIRED=y
# Driver interface for drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for no driver (e.g., RADIUS server only)
#CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
#CONFIG_IAPP=y
# WPA2/IEEE 802.11i RSN pre-authentication
CONFIG_RSN_PREAUTH=y
# IEEE 802.11w (management frame protection)
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
CONFIG_OCV=y
# Integrated EAP server
#CONFIG_EAP=y
# EAP Re-authentication Protocol (ERP) in integrated EAP server
#CONFIG_ERP=y
# EAP-MD5 for the integrated EAP server
#CONFIG_EAP_MD5=y
# EAP-TLS for the integrated EAP server
#CONFIG_EAP_TLS=y
# EAP-MSCHAPv2 for the integrated EAP server
#CONFIG_EAP_MSCHAPV2=y
# EAP-PEAP for the integrated EAP server
#CONFIG_EAP_PEAP=y
# EAP-GTC for the integrated EAP server
#CONFIG_EAP_GTC=y
# EAP-TTLS for the integrated EAP server
#CONFIG_EAP_TTLS=y
# EAP-SIM for the integrated EAP server
#CONFIG_EAP_SIM=y
# EAP-AKA for the integrated EAP server
#CONFIG_EAP_AKA=y
# EAP-AKA' for the integrated EAP server
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# EAP-PAX for the integrated EAP server
#CONFIG_EAP_PAX=y
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd for the integrated EAP server (secure authentication with a password)
#CONFIG_EAP_PWD=y
# EAP-SAKE for the integrated EAP server
#CONFIG_EAP_SAKE=y
# EAP-GPSK for the integrated EAP server
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
#CONFIG_EAP_FAST=y
# EAP-TEAP for the integrated EAP server
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# Wi-Fi Protected Setup (WPS)
#CONFIG_WPS=y
# Enable UPnP support for external WPS Registrars
#CONFIG_WPS_UPNP=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# Trusted Network Connect (EAP-TNC)
#CONFIG_EAP_TNC=y
# EAP-EKE for the integrated EAP server
#CONFIG_EAP_EKE=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
#CONFIG_PKCS12=y
# RADIUS authentication server. This provides access to the integrated EAP
# server from external hosts using RADIUS.
#CONFIG_RADIUS_SERVER=y
# Build IPv6 support for RADIUS operations
#CONFIG_IPV6=y
# IEEE Std 802.11r-2008 (Fast BSS Transition)
CONFIG_IEEE80211R=y
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
CONFIG_IEEE80211N=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
# IEEE 802.11ac (Very High Throughput) support
CONFIG_IEEE80211AC=y
# IEEE 802.11ax HE support
# Note: This is experimental and work in progress. The definitions are still
# subject to change and this should not be expected to interoperate with the
# final IEEE 802.11ax version.
#CONFIG_IEEE80211AX=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
# code is not needed.
#CONFIG_NO_STDOUT_DEBUG=y
# Add support for writing debug log to a file: -f /tmp/hostapd.log
# Disabled by default.
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Remove support for RADIUS accounting
CONFIG_NO_ACCOUNTING=y
# Remove support for RADIUS
CONFIG_NO_RADIUS=y
# Remove support for VLANs
#CONFIG_NO_VLAN=y
# Enable support for fully dynamic VLANs. This enables hostapd to
# automatically create bridge and VLAN interfaces if necessary.
#CONFIG_FULL_DYNAMIC_VLAN=y
# Use netlink-based kernel API for VLAN operations instead of ioctl()
# Note: This requires libnl 3.1 or newer.
#CONFIG_VLAN_NETLINK=y
# Remove support for dumping internal state through control interface commands
# This can be used to reduce binary size at the cost of disabling a debugging
# option.
CONFIG_NO_DUMP_STATE=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, comment out these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, comment out these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# hostapd depends on strong random number generation being available from the
# operating system. os_get_random() function is used to fetch random data when
# needed, e.g., for key generation. On Linux and BSD systems, this works by
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
# properly initialized before hostapd is started. This is important especially
# on embedded devices that do not have a hardware random number generator and
# may by default start up with minimal entropy available for random number
# generation.
#
# As a safety net, hostapd is by default trying to internally collect
# additional entropy for generating random data to mix in with the data
# fetched from the OS. This by itself is not considered to be very strong, but
# it may help in cases where the system pool is not initialized properly.
# However, it is very strongly recommended that the system pool is initialized
# with enough entropy either by using hardware assisted random number
# generator or by storing state over device reboots.
#
# hostapd can be configured to maintain its own entropy store over restarts to
# enhance random number generation. This is not perfect, but it is much more
# secure than using the same sequence of random numbers after every reboot.
# This can be enabled with -e<entropy file> command line option. The specified
# file needs to be readable and writable by hostapd.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal hostapd random pool can be disabled.
# This will save some in binary size and CPU use. However, this should only be
# considered for builds that are known to be used on devices that meet the
# requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used.
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms.
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks.
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
#CONFIG_SQLITE=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# Testing options
# This can be used to enable some testing options (see also the example
# configuration file) that are really useful only for testing clients that
# connect to this hostapd. These options allow, for example, to drop a
# certain percentage of probe requests or auth/(re)assoc frames.
#
#CONFIG_TESTING_OPTIONS=y
# Automatic Channel Selection
# This will allow hostapd to pick the channel automatically when channel is set
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# You can customize the ACS survey algorithm with the hostapd.conf variable
# acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#
#CONFIG_ACS=y
# Multiband Operation support
# These extentions facilitate efficient use of multiple frequency bands
# available to the AP and the devices that may associate with it.
#CONFIG_MBO=y
# Client Taxonomy
# Has the AP retain the Probe Request and (Re)Association Request frames from
# a client, from which a signature can be produced which can identify the model
# of client device like "Nexus 6P" or "iPhone 5s".
#CONFIG_TAXONOMY=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Include internal line edit mode in hostapd_cli. This can be used to provide
# limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Airtime policy support
CONFIG_AIRTIME_POLICY=y
# Proxy ARP support
#CONFIG_PROXYARP=y
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y
# OpenWrt patch 380-disable-ctrl-iface-mib.patch
# leads to the MIB only being compiled in if
# CONFIG_CTRL_IFACE_MIB is enabled.
#CONFIG_CTRL_IFACE_MIB=y

404
openwrt-files/hostapd-full.config Normal file
View file

@ -0,0 +1,404 @@
# Example hostapd build time configuration
#
# This file lists the configuration options that are used when building the
# hostapd binary. All lines starting with # are ignored. Configuration option
# lines must be commented out complete, if they are not to be included, i.e.,
# just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cass, these lines should use += in order not
# to override previous values of the variables.
# Driver interface for Host AP driver
#CONFIG_DRIVER_HOSTAP=y
# Driver interface for wired authenticator
CONFIG_DRIVER_WIRED=y
# Driver interface for drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for no driver (e.g., RADIUS server only)
#CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
CONFIG_IAPP=y
# WPA2/IEEE 802.11i RSN pre-authentication
CONFIG_RSN_PREAUTH=y
# IEEE 802.11w (management frame protection)
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
CONFIG_OCV=y
# Integrated EAP server
CONFIG_EAP=y
# EAP Re-authentication Protocol (ERP) in integrated EAP server
CONFIG_ERP=y
# EAP-MD5 for the integrated EAP server
CONFIG_EAP_MD5=y
# EAP-TLS for the integrated EAP server
CONFIG_EAP_TLS=y
# EAP-MSCHAPv2 for the integrated EAP server
CONFIG_EAP_MSCHAPV2=y
# EAP-PEAP for the integrated EAP server
CONFIG_EAP_PEAP=y
# EAP-GTC for the integrated EAP server
CONFIG_EAP_GTC=y
# EAP-TTLS for the integrated EAP server
CONFIG_EAP_TTLS=y
# EAP-SIM for the integrated EAP server
#CONFIG_EAP_SIM=y
# EAP-AKA for the integrated EAP server
#CONFIG_EAP_AKA=y
# EAP-AKA' for the integrated EAP server
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# EAP-PAX for the integrated EAP server
#CONFIG_EAP_PAX=y
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd for the integrated EAP server (secure authentication with a password)
#CONFIG_EAP_PWD=y
# EAP-SAKE for the integrated EAP server
#CONFIG_EAP_SAKE=y
# EAP-GPSK for the integrated EAP server
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
CONFIG_EAP_FAST=y
# EAP-TEAP for the integrated EAP server
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
# Enable UPnP support for external WPS Registrars
#CONFIG_WPS_UPNP=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# Trusted Network Connect (EAP-TNC)
#CONFIG_EAP_TNC=y
# EAP-EKE for the integrated EAP server
#CONFIG_EAP_EKE=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# RADIUS authentication server. This provides access to the integrated EAP
# server from external hosts using RADIUS.
CONFIG_RADIUS_SERVER=y
# Build IPv6 support for RADIUS operations
CONFIG_IPV6=y
# IEEE Std 802.11r-2008 (Fast BSS Transition)
CONFIG_IEEE80211R=y
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
CONFIG_IEEE80211N=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
CONFIG_WNM=y
# IEEE 802.11ac (Very High Throughput) support
CONFIG_IEEE80211AC=y
# IEEE 802.11ax HE support
# Note: This is experimental and work in progress. The definitions are still
# subject to change and this should not be expected to interoperate with the
# final IEEE 802.11ax version.
#CONFIG_IEEE80211AX=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
# code is not needed.
#CONFIG_NO_STDOUT_DEBUG=y
# Add support for writing debug log to a file: -f /tmp/hostapd.log
# Disabled by default.
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Remove support for RADIUS accounting
#CONFIG_NO_ACCOUNTING=y
# Remove support for RADIUS
#CONFIG_NO_RADIUS=y
# Remove support for VLANs
#CONFIG_NO_VLAN=y
# Enable support for fully dynamic VLANs. This enables hostapd to
# automatically create bridge and VLAN interfaces if necessary.
CONFIG_FULL_DYNAMIC_VLAN=y
# Use netlink-based kernel API for VLAN operations instead of ioctl()
# Note: This requires libnl 3.1 or newer.
#CONFIG_VLAN_NETLINK=y
# Remove support for dumping internal state through control interface commands
# This can be used to reduce binary size at the cost of disabling a debugging
# option.
CONFIG_NO_DUMP_STATE=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, comment out these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, comment out these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# hostapd depends on strong random number generation being available from the
# operating system. os_get_random() function is used to fetch random data when
# needed, e.g., for key generation. On Linux and BSD systems, this works by
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
# properly initialized before hostapd is started. This is important especially
# on embedded devices that do not have a hardware random number generator and
# may by default start up with minimal entropy available for random number
# generation.
#
# As a safety net, hostapd is by default trying to internally collect
# additional entropy for generating random data to mix in with the data
# fetched from the OS. This by itself is not considered to be very strong, but
# it may help in cases where the system pool is not initialized properly.
# However, it is very strongly recommended that the system pool is initialized
# with enough entropy either by using hardware assisted random number
# generator or by storing state over device reboots.
#
# hostapd can be configured to maintain its own entropy store over restarts to
# enhance random number generation. This is not perfect, but it is much more
# secure than using the same sequence of random numbers after every reboot.
# This can be enabled with -e<entropy file> command line option. The specified
# file needs to be readable and writable by hostapd.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal hostapd random pool can be disabled.
# This will save some in binary size and CPU use. However, this should only be
# considered for builds that are known to be used on devices that meet the
# requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used.
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms.
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks.
CONFIG_INTERWORKING=y
# Hotspot 2.0
CONFIG_HS20=y
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
#CONFIG_SQLITE=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# Testing options
# This can be used to enable some testing options (see also the example
# configuration file) that are really useful only for testing clients that
# connect to this hostapd. These options allow, for example, to drop a
# certain percentage of probe requests or auth/(re)assoc frames.
#
#CONFIG_TESTING_OPTIONS=y
# Automatic Channel Selection
# This will allow hostapd to pick the channel automatically when channel is set
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# You can customize the ACS survey algorithm with the hostapd.conf variable
# acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#
#CONFIG_ACS=y
# Multiband Operation support
# These extentions facilitate efficient use of multiple frequency bands
# available to the AP and the devices that may associate with it.
#CONFIG_MBO=y
# Client Taxonomy
# Has the AP retain the Probe Request and (Re)Association Request frames from
# a client, from which a signature can be produced which can identify the model
# of client device like "Nexus 6P" or "iPhone 5s".
CONFIG_TAXONOMY=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Include internal line edit mode in hostapd_cli. This can be used to provide
# limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Airtime policy support
CONFIG_AIRTIME_POLICY=y
# Proxy ARP support
CONFIG_PROXYARP=y
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y
# OpenWrt patch 380-disable-ctrl-iface-mib.patch
# leads to the MIB only being compiled in if
# CONFIG_CTRL_IFACE_MIB is enabled.
CONFIG_CTRL_IFACE_MIB=y

404
openwrt-files/hostapd-mini.config Normal file
View file

@ -0,0 +1,404 @@
# Example hostapd build time configuration
#
# This file lists the configuration options that are used when building the
# hostapd binary. All lines starting with # are ignored. Configuration option
# lines must be commented out complete, if they are not to be included, i.e.,
# just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cass, these lines should use += in order not
# to override previous values of the variables.
# Driver interface for Host AP driver
#CONFIG_DRIVER_HOSTAP=y
# Driver interface for wired authenticator
CONFIG_DRIVER_WIRED=y
# Driver interface for drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for no driver (e.g., RADIUS server only)
#CONFIG_DRIVER_NONE=y
# IEEE 802.11F/IAPP
#CONFIG_IAPP=y
# WPA2/IEEE 802.11i RSN pre-authentication
CONFIG_RSN_PREAUTH=y
# IEEE 802.11w (management frame protection)
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Integrated EAP server
#CONFIG_EAP=y
# EAP Re-authentication Protocol (ERP) in integrated EAP server
#CONFIG_ERP=y
# EAP-MD5 for the integrated EAP server
#CONFIG_EAP_MD5=y
# EAP-TLS for the integrated EAP server
#CONFIG_EAP_TLS=y
# EAP-MSCHAPv2 for the integrated EAP server
#CONFIG_EAP_MSCHAPV2=y
# EAP-PEAP for the integrated EAP server
#CONFIG_EAP_PEAP=y
# EAP-GTC for the integrated EAP server
#CONFIG_EAP_GTC=y
# EAP-TTLS for the integrated EAP server
#CONFIG_EAP_TTLS=y
# EAP-SIM for the integrated EAP server
#CONFIG_EAP_SIM=y
# EAP-AKA for the integrated EAP server
#CONFIG_EAP_AKA=y
# EAP-AKA' for the integrated EAP server
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# EAP-PAX for the integrated EAP server
#CONFIG_EAP_PAX=y
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd for the integrated EAP server (secure authentication with a password)
#CONFIG_EAP_PWD=y
# EAP-SAKE for the integrated EAP server
#CONFIG_EAP_SAKE=y
# EAP-GPSK for the integrated EAP server
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-FAST for the integrated EAP server
#CONFIG_EAP_FAST=y
# EAP-TEAP for the integrated EAP server
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# Wi-Fi Protected Setup (WPS)
#CONFIG_WPS=y
# Enable UPnP support for external WPS Registrars
#CONFIG_WPS_UPNP=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# Trusted Network Connect (EAP-TNC)
#CONFIG_EAP_TNC=y
# EAP-EKE for the integrated EAP server
#CONFIG_EAP_EKE=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
#CONFIG_PKCS12=y
# RADIUS authentication server. This provides access to the integrated EAP
# server from external hosts using RADIUS.
#CONFIG_RADIUS_SERVER=y
# Build IPv6 support for RADIUS operations
#CONFIG_IPV6=y
# IEEE Std 802.11r-2008 (Fast BSS Transition)
#CONFIG_IEEE80211R=y
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
#CONFIG_DRIVER_RADIUS_ACL=y
# IEEE 802.11n (High Throughput) support
CONFIG_IEEE80211N=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
# IEEE 802.11ac (Very High Throughput) support
CONFIG_IEEE80211AC=y
# IEEE 802.11ax HE support
# Note: This is experimental and work in progress. The definitions are still
# subject to change and this should not be expected to interoperate with the
# final IEEE 802.11ax version.
#CONFIG_IEEE80211AX=y
# Remove debugging code that is printing out debug messages to stdout.
# This can be used to reduce the size of the hostapd considerably if debugging
# code is not needed.
#CONFIG_NO_STDOUT_DEBUG=y
# Add support for writing debug log to a file: -f /tmp/hostapd.log
# Disabled by default.
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Remove support for RADIUS accounting
CONFIG_NO_ACCOUNTING=y
# Remove support for RADIUS
CONFIG_NO_RADIUS=y
# Remove support for VLANs
#CONFIG_NO_VLAN=y
# Enable support for fully dynamic VLANs. This enables hostapd to
# automatically create bridge and VLAN interfaces if necessary.
#CONFIG_FULL_DYNAMIC_VLAN=y
# Use netlink-based kernel API for VLAN operations instead of ioctl()
# Note: This requires libnl 3.1 or newer.
#CONFIG_VLAN_NETLINK=y
# Remove support for dumping internal state through control interface commands
# This can be used to reduce binary size at the cost of disabling a debugging
# option.
CONFIG_NO_DUMP_STATE=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, comment out these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, comment out these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# hostapd depends on strong random number generation being available from the
# operating system. os_get_random() function is used to fetch random data when
# needed, e.g., for key generation. On Linux and BSD systems, this works by
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
# properly initialized before hostapd is started. This is important especially
# on embedded devices that do not have a hardware random number generator and
# may by default start up with minimal entropy available for random number
# generation.
#
# As a safety net, hostapd is by default trying to internally collect
# additional entropy for generating random data to mix in with the data
# fetched from the OS. This by itself is not considered to be very strong, but
# it may help in cases where the system pool is not initialized properly.
# However, it is very strongly recommended that the system pool is initialized
# with enough entropy either by using hardware assisted random number
# generator or by storing state over device reboots.
#
# hostapd can be configured to maintain its own entropy store over restarts to
# enhance random number generation. This is not perfect, but it is much more
# secure than using the same sequence of random numbers after every reboot.
# This can be enabled with -e<entropy file> command line option. The specified
# file needs to be readable and writable by hostapd.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal hostapd random pool can be disabled.
# This will save some in binary size and CPU use. However, this should only be
# considered for builds that are known to be used on devices that meet the
# requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used.
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms.
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks.
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
#CONFIG_SQLITE=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# Testing options
# This can be used to enable some testing options (see also the example
# configuration file) that are really useful only for testing clients that
# connect to this hostapd. These options allow, for example, to drop a
# certain percentage of probe requests or auth/(re)assoc frames.
#
#CONFIG_TESTING_OPTIONS=y
# Automatic Channel Selection
# This will allow hostapd to pick the channel automatically when channel is set
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# You can customize the ACS survey algorithm with the hostapd.conf variable
# acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#
#CONFIG_ACS=y
# Multiband Operation support
# These extentions facilitate efficient use of multiple frequency bands
# available to the AP and the devices that may associate with it.
#CONFIG_MBO=y
# Client Taxonomy
# Has the AP retain the Probe Request and (Re)Association Request frames from
# a client, from which a signature can be produced which can identify the model
# of client device like "Nexus 6P" or "iPhone 5s".
#CONFIG_TAXONOMY=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Include internal line edit mode in hostapd_cli. This can be used to provide
# limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Airtime policy support
#CONFIG_AIRTIME_POLICY=y
# Proxy ARP support
#CONFIG_PROXYARP=y
# Override default value for the wpa_disable_eapol_key_retries configuration
# parameter. See that parameter in hostapd.conf for more details.
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y
# OpenWrt patch 380-disable-ctrl-iface-mib.patch
# leads to the MIB only being compiled in if
# CONFIG_CTRL_IFACE_MIB is enabled.
#CONFIG_CTRL_IFACE_MIB=y

1068
openwrt-files/hostapd.uc Normal file
View file

File diff suppressed because it is too large Load diff

28
openwrt-files/multicall.c Normal file
View file

@ -0,0 +1,28 @@
#include <stdio.h>
#include <string.h>
#include <stdbool.h>
extern int hostapd_main(int argc, char **argv);
extern int wpa_supplicant_main(int argc, char **argv);
int main(int argc, char **argv)
{
bool restart = false;
const char *prog = argv[0];
restart:
if (strstr(argv[0], "hostapd"))
return hostapd_main(argc, argv);
else if (strstr(argv[0], "wpa_supplicant"))
return wpa_supplicant_main(argc, argv);
if (!restart && argc > 1) {
argv++;
argc--;
restart = true;
goto restart;
}
fprintf(stderr, "Invalid command.\nUsage: %s wpa_supplicant|hostapd [<arguments>]\n", prog);
return 255;
}

1
openwrt-files/radius.clients Normal file
View file

@ -0,0 +1 @@
0.0.0.0/0 radius

9
openwrt-files/radius.config Normal file
View file

@ -0,0 +1,9 @@
config radius
option disabled '1'
option ca_cert '/etc/radius/ca.pem'
option cert '/etc/radius/cert.pem'
option key '/etc/radius/key.pem'
option users '/etc/radius/users'
option clients '/etc/radius/clients'
option auth_port '1812'
option acct_port '1813'

42
openwrt-files/radius.init Normal file
View file

@ -0,0 +1,42 @@
#!/bin/sh /etc/rc.common
START=30
USE_PROCD=1
NAME=radius
radius_start() {
local cfg="$1"
config_get_bool disabled "$cfg" disabled 0
[ "$disabled" -gt 0 ] && return
config_get ca "$cfg" ca_cert
config_get key "$cfg" key
config_get cert "$cfg" cert
config_get users "$cfg" users
config_get clients "$cfg" clients
config_get auth_port "$cfg" auth_port 1812
config_get acct_port "$cfg" acct_port 1813
config_get identity "$cfg" identity "$(cat /proc/sys/kernel/hostname)"
procd_open_instance $cfg
procd_set_param command /usr/sbin/hostapd-radius \
-C "$ca" \
-c "$cert" -k "$key" \
-s "$clients" -u "$users" \
-p "$auth_port" -P "$acct_port" \
-i "$identity"
procd_close_instance
}
start_service() {
config_load radius
config_foreach radius_start radius
}
service_triggers()
{
procd_add_reload_trigger "radius"
}

14
openwrt-files/radius.users Normal file
View file

@ -0,0 +1,14 @@
{
"phase1": {
"wildcard": [
{
"name": "*",
"methods": [ "PEAP" ]
}
]
},
"phase2": {
"users": {
}
}
}

625
openwrt-files/wpa_supplicant-basic.config Normal file
View file

@ -0,0 +1,625 @@
# Example wpa_supplicant build time configuration
#
# This file lists the configuration options that are used when building the
# wpa_supplicant binary. All lines starting with # are ignored. Configuration
# option lines must be commented out complete, if they are not to be included,
# i.e., just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cases, these lines should use += in order not
# to override previous values of the variables.
# Uncomment following two lines and fix the paths if you have installed OpenSSL
# or GnuTLS in non-default location
#CFLAGS += -I/usr/local/openssl/include
#LIBS += -L/usr/local/openssl/lib
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
# the kerberos files are not in the default include path. Following line can be
# used to fix build issues on such systems (krb5.h not found).
#CFLAGS += -I/usr/include/kerberos
# Driver interface for generic Linux wireless extensions
# Note: WEXT is deprecated in the current Linux kernel version and no new
# functionality is added to it. nl80211-based interface is the new
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
#CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for Windows NDIS
#CONFIG_DRIVER_NDIS=y
#CFLAGS += -I/usr/include/w32api/ddk
#LIBS += -L/usr/local/lib
# For native build using mingw
#CONFIG_NATIVE_WINDOWS=y
# Additional directories for cross-compilation on Linux host for mingw target
#CFLAGS += -I/opt/mingw/mingw32/include/ddk
#LIBS += -L/opt/mingw/mingw32/lib
#CC=mingw32-gcc
# By default, driver_ndis uses WinPcap for low-level operations. This can be
# replaced with the following option which replaces WinPcap calls with NDISUIO.
# However, this requires that WZC is disabled (net stop wzcsvc) before starting
# wpa_supplicant.
# CONFIG_USE_NDISUIO=y
# Driver interface for wired Ethernet drivers
CONFIG_DRIVER_WIRED=y
# Driver interface for MACsec capable Qualcomm Atheros drivers
#CONFIG_DRIVER_MACSEC_QCA=y
# Driver interface for Linux MACsec drivers
#CONFIG_DRIVER_MACSEC_LINUX=y
# Driver interface for the Broadcom RoboSwitch family
#CONFIG_DRIVER_ROBOSWITCH=y
# Driver interface for no driver (e.g., WPS ER only)
#CONFIG_DRIVER_NONE=y
# Solaris libraries
#LIBS += -lsocket -ldlpi -lnsl
#LIBS_c += -lsocket
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
# MACsec is included)
#CONFIG_IEEE8021X_EAPOL=y
# EAP-MD5
#CONFIG_EAP_MD5=y
# EAP-MSCHAPv2
#CONFIG_EAP_MSCHAPV2=y
# EAP-TLS
#CONFIG_EAP_TLS=y
# EAL-PEAP
#CONFIG_EAP_PEAP=y
# EAP-TTLS
#CONFIG_EAP_TTLS=y
# EAP-FAST
#CONFIG_EAP_FAST=y
# EAP-TEAP
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# EAP-GTC
#CONFIG_EAP_GTC=y
# EAP-OTP
#CONFIG_EAP_OTP=y
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
#CONFIG_EAP_SIM=y
# Enable SIM simulator (Milenage) for EAP-SIM
#CONFIG_SIM_SIMULATOR=y
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd (secure authentication using only a password)
#CONFIG_EAP_PWD=y
# EAP-PAX
#CONFIG_EAP_PAX=y
# LEAP
#CONFIG_EAP_LEAP=y
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
#CONFIG_EAP_AKA=y
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# Enable USIM simulator (Milenage) for EAP-AKA
#CONFIG_USIM_SIMULATOR=y
# EAP-SAKE
#CONFIG_EAP_SAKE=y
# EAP-GPSK
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-TNC and related Trusted Network Connect support (experimental)
#CONFIG_EAP_TNC=y
# Wi-Fi Protected Setup (WPS)
#CONFIG_WPS=y
# Enable WPS external registrar functionality
#CONFIG_WPS_ER=y
# Disable credentials for an open network by default when acting as a WPS
# registrar.
#CONFIG_WPS_REG_DISABLE_OPEN=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# EAP-EKE
#CONFIG_EAP_EKE=y
# MACsec
#CONFIG_MACSEC=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
#CONFIG_PKCS12=y
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
# engine.
#CONFIG_SMARTCARD=y
# PC/SC interface for smartcards (USIM, GSM SIM)
# Enable this if EAP-SIM or EAP-AKA is included
#CONFIG_PCSC=y
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
CONFIG_HT_OVERRIDES=y
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
CONFIG_VHT_OVERRIDES=y
# Development testing
#CONFIG_EAPOL_TEST=y
# Select control interface backend for external programs, e.g, wpa_cli:
# unix = UNIX domain sockets (default for Linux/*BSD)
# udp = UDP sockets using localhost (127.0.0.1)
# udp6 = UDP IPv6 sockets using localhost (::1)
# named_pipe = Windows Named Pipe (default for Windows)
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
# y = use default (backwards compatibility)
# If this option is commented out, control interface is not included in the
# build.
CONFIG_CTRL_IFACE=y
# Include support for GNU Readline and History Libraries in wpa_cli.
# When building a wpa_cli binary for distribution, please note that these
# libraries are licensed under GPL and as such, BSD license may not apply for
# the resulting binary.
#CONFIG_READLINE=y
# Include internal line edit mode in wpa_cli. This can be used as a replacement
# for GNU Readline to provide limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Remove debugging code that is printing out debug message to stdout.
# This can be used to reduce the size of the wpa_supplicant considerably
# if debugging code is not needed. The size reduction can be around 35%
# (e.g., 90 kB).
#CONFIG_NO_STDOUT_DEBUG=y
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
# 35-50 kB in code size.
#CONFIG_NO_WPA=y
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
# This option can be used to reduce code size by removing support for
# converting ASCII passphrases into PSK. If this functionality is removed, the
# PSK can only be configured as the 64-octet hexstring (e.g., from
# wpa_passphrase). This saves about 0.5 kB in code size.
#CONFIG_NO_WPA_PASSPHRASE=y
# Simultaneous Authentication of Equals (SAE), WPA3-Personal
#CONFIG_SAE=y
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
# This can be used if ap_scan=1 mode is never enabled.
#CONFIG_NO_SCAN_PROCESSING=y
# Select configuration backend:
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
# path is given on command line, not here; this option is just used to
# select the backend that allows configuration files to be used)
# winreg = Windows registry (see win_example.reg for an example)
CONFIG_BACKEND=file
# Remove configuration write functionality (i.e., to allow the configuration
# file to be updated based on runtime configuration changes). The runtime
# configuration can still be changed, the changes are just not going to be
# persistent over restarts. This option can be used to reduce code size by
# about 3.5 kB.
CONFIG_NO_CONFIG_WRITE=y
# Remove support for configuration blobs to reduce code size by about 1.5 kB.
#CONFIG_NO_CONFIG_BLOBS=y
# Select program entry point implementation:
# main = UNIX/POSIX like main() function (default)
# main_winsvc = Windows service (read parameters from registry)
# main_none = Very basic example (development use only)
#CONFIG_MAIN=main
# Select wrapper for operating system and C library specific functions
# unix = UNIX/POSIX like systems (default)
# win32 = Windows systems
# none = Empty template
#CONFIG_OS=unix
# Select event loop implementation
# eloop = select() loop (default)
# eloop_win = Windows events and WaitForMultipleObject() loop
#CONFIG_ELOOP=eloop
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select layer 2 packet implementation
# linux = Linux packet socket (default)
# pcap = libpcap/libdnet/WinPcap
# freebsd = FreeBSD libpcap
# winpcap = WinPcap with receive thread
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
# none = Empty template
#CONFIG_L2_PACKET=linux
# Disable Linux packet socket workaround applicable for station interface
# in a bridge for EAPOL frames. This should be uncommented only if the kernel
# is known to not have the regression issue in packet socket behavior with
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
CONFIG_OCV=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used. It should be noted that some existing TLS v1.0 -based
# implementation may not be compatible with TLS v1.1 message (ClientHello is
# sent prior to negotiating which version will be used)
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms. It should be
# noted that some existing TLS v1.0 -based implementation may not be compatible
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
# will be used)
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
# This is only for Windows builds and requires WMI-related header files and
# WbemUuid.Lib from Platform SDK even when building with MinGW.
#CONFIG_NDIS_EVENTS_INTEGRATED=y
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
# Add support for new DBus control interface
# (fi.w1.hostap.wpa_supplicant1)
#CONFIG_CTRL_IFACE_DBUS_NEW=y
# Add introspection support for new DBus control interface
#CONFIG_CTRL_IFACE_DBUS_INTRO=y
# Add support for loading EAP methods dynamically as shared libraries.
# When this option is enabled, each EAP method can be either included
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
# be loaded in the beginning of the wpa_supplicant configuration file
# (see load_dynamic_eap parameter in the example file) before being used in
# the network blocks.
#
# Note that some shared parts of EAP methods are included in the main program
# and in order to be able to use dynamic EAP methods using these parts, the
# main program must have been build with the EAP method enabled (=y or =dyn).
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
# unless at least one of them was included in the main build to force inclusion
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
# in the main build to be able to load these methods dynamically.
#
# Please also note that using dynamic libraries will increase the total binary
# size. Thus, it may not be the best option for targets that have limited
# amount of memory/flash.
#CONFIG_DYNAMIC_EAP_METHODS=y
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
CONFIG_IEEE80211R=y
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Set syslog facility for debug messages
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Add support for writing debug log to Android logcat instead of standard
# output
#CONFIG_ANDROID_LOG=y
# Enable privilege separation (see README 'Privilege separation' for details)
#CONFIG_PRIVSEP=y
# Enable mitigation against certain attacks against TKIP by delaying Michael
# MIC error reports by a random amount of time between 0 and 60 seconds
#CONFIG_DELAYED_MIC_ERROR_REPORT=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, uncomment these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, uncomment these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# wpa_supplicant depends on strong random number generation being available
# from the operating system. os_get_random() function is used to fetch random
# data when needed, e.g., for key generation. On Linux and BSD systems, this
# works by reading /dev/urandom. It should be noted that the OS entropy pool
# needs to be properly initialized before wpa_supplicant is started. This is
# important especially on embedded devices that do not have a hardware random
# number generator and may by default start up with minimal entropy available
# for random number generation.
#
# As a safety net, wpa_supplicant is by default trying to internally collect
# additional entropy for generating random data to mix in with the data fetched
# from the OS. This by itself is not considered to be very strong, but it may
# help in cases where the system pool is not initialized properly. However, it
# is very strongly recommended that the system pool is initialized with enough
# entropy either by using hardware assisted random number generator or by
# storing state over device reboots.
#
# wpa_supplicant can be configured to maintain its own entropy store over
# restarts to enhance random number generation. This is not perfect, but it is
# much more secure than using the same sequence of random numbers after every
# reboot. This can be enabled with -e<entropy file> command line option. The
# specified file needs to be readable and writable by wpa_supplicant.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal wpa_supplicant random pool can be
# disabled. This will save some in binary size and CPU use. However, this
# should only be considered for builds that are known to be used on devices
# that meet the requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
#CONFIG_IEEE80211N=y
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
# (depends on CONFIG_IEEE80211N)
#CONFIG_IEEE80211AC=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks (GAS/ANQP to learn more about the networks and network
# selection based on available credentials).
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable interface matching in wpa_supplicant
#CONFIG_MATCH_IFACE=y
# Disable roaming in wpa_supplicant
#CONFIG_NO_ROAMING=y
# AP mode operations with wpa_supplicant
# This can be used for controlling AP mode operations with wpa_supplicant. It
# should be noted that this is mainly aimed at simple cases like
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
# external RADIUS server can be supported with hostapd.
#CONFIG_AP=y
# P2P (Wi-Fi Direct)
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
# more information on P2P operations.
#CONFIG_P2P=y
# Enable TDLS support
#CONFIG_TDLS=y
# Wi-Fi Display
# This can be used to enable Wi-Fi Display extensions for P2P using an external
# program to control the additional information exchanges in the messages.
#CONFIG_WIFI_DISPLAY=y
# Autoscan
# This can be used to enable automatic scan support in wpa_supplicant.
# See wpa_supplicant.conf for more information on autoscan usage.
#
# Enabling directly a module will enable autoscan support.
# For exponential module:
#CONFIG_AUTOSCAN_EXPONENTIAL=y
# For periodic module:
#CONFIG_AUTOSCAN_PERIODIC=y
# Password (and passphrase, etc.) backend for external storage
# These optional mechanisms can be used to add support for storing passwords
# and other secrets in external (to wpa_supplicant) location. This allows, for
# example, operating system specific key storage to be used
#
# External password backend for testing purposes (developer use)
#CONFIG_EXT_PASSWORD_TEST=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# OS X builds. This is only for building eapol_test.
#CONFIG_OSX=y
# Automatic Channel Selection
# This will allow wpa_supplicant to pick the channel automatically when channel
# is set to "0".
#
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
# to "channel=0". This would enable us to eventually add other ACS algorithms in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
# a newly to create wpa_supplicant.conf variable acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#CONFIG_ACS=y
# Support Multi Band Operation
#CONFIG_MBO=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Support RSN on IBSS networks
# This is needed to be able to use mode=1 network profile with proto=RSN and
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
#CONFIG_IBSS_RSN=y
# External PMKSA cache control
# This can be used to enable control interface commands that allow the current
# PMKSA cache entries to be fetched and new entries to be added.
#CONFIG_PMKSA_CACHE_EXTERNAL=y
# Mesh Networking (IEEE 802.11s)
#CONFIG_MESH=y
# Background scanning modules
# These can be used to request wpa_supplicant to perform background scanning
# operations for roaming within an ESS (same SSID). See the bgscan parameter in
# the wpa_supplicant.conf file for more details.
# Periodic background scans based on signal strength
#CONFIG_BGSCAN_SIMPLE=y
# Learn channels used by the network and try to avoid bgscans on other
# channels (experimental)
#CONFIG_BGSCAN_LEARN=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Device Provisioning Protocol (DPP)
# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
# wpa_supplicant/README-DPP for details)
#CONFIG_DPP=y
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y
# OpenWrt patch 380-disable-ctrl-iface-mib.patch
# leads to the MIB only being compiled in if
# CONFIG_CTRL_IFACE_MIB is enabled.
#CONFIG_CTRL_IFACE_MIB=y

625
openwrt-files/wpa_supplicant-full.config Normal file
View file

@ -0,0 +1,625 @@
# Example wpa_supplicant build time configuration
#
# This file lists the configuration options that are used when building the
# wpa_supplicant binary. All lines starting with # are ignored. Configuration
# option lines must be commented out complete, if they are not to be included,
# i.e., just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cases, these lines should use += in order not
# to override previous values of the variables.
# Uncomment following two lines and fix the paths if you have installed OpenSSL
# or GnuTLS in non-default location
#CFLAGS += -I/usr/local/openssl/include
#LIBS += -L/usr/local/openssl/lib
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
# the kerberos files are not in the default include path. Following line can be
# used to fix build issues on such systems (krb5.h not found).
#CFLAGS += -I/usr/include/kerberos
# Driver interface for generic Linux wireless extensions
# Note: WEXT is deprecated in the current Linux kernel version and no new
# functionality is added to it. nl80211-based interface is the new
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
#CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for Windows NDIS
#CONFIG_DRIVER_NDIS=y
#CFLAGS += -I/usr/include/w32api/ddk
#LIBS += -L/usr/local/lib
# For native build using mingw
#CONFIG_NATIVE_WINDOWS=y
# Additional directories for cross-compilation on Linux host for mingw target
#CFLAGS += -I/opt/mingw/mingw32/include/ddk
#LIBS += -L/opt/mingw/mingw32/lib
#CC=mingw32-gcc
# By default, driver_ndis uses WinPcap for low-level operations. This can be
# replaced with the following option which replaces WinPcap calls with NDISUIO.
# However, this requires that WZC is disabled (net stop wzcsvc) before starting
# wpa_supplicant.
# CONFIG_USE_NDISUIO=y
# Driver interface for wired Ethernet drivers
CONFIG_DRIVER_WIRED=y
# Driver interface for MACsec capable Qualcomm Atheros drivers
#CONFIG_DRIVER_MACSEC_QCA=y
# Driver interface for Linux MACsec drivers
#CONFIG_DRIVER_MACSEC_LINUX=y
# Driver interface for the Broadcom RoboSwitch family
#CONFIG_DRIVER_ROBOSWITCH=y
# Driver interface for no driver (e.g., WPS ER only)
#CONFIG_DRIVER_NONE=y
# Solaris libraries
#LIBS += -lsocket -ldlpi -lnsl
#LIBS_c += -lsocket
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
# MACsec is included)
CONFIG_IEEE8021X_EAPOL=y
# EAP-MD5
CONFIG_EAP_MD5=y
# EAP-MSCHAPv2
CONFIG_EAP_MSCHAPV2=y
# EAP-TLS
CONFIG_EAP_TLS=y
# EAL-PEAP
CONFIG_EAP_PEAP=y
# EAP-TTLS
CONFIG_EAP_TTLS=y
# EAP-FAST
CONFIG_EAP_FAST=y
# EAP-TEAP
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# EAP-GTC
CONFIG_EAP_GTC=y
# EAP-OTP
CONFIG_EAP_OTP=y
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
#CONFIG_EAP_SIM=y
# Enable SIM simulator (Milenage) for EAP-SIM
#CONFIG_SIM_SIMULATOR=y
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd (secure authentication using only a password)
#CONFIG_EAP_PWD=y
# EAP-PAX
#CONFIG_EAP_PAX=y
# LEAP
CONFIG_EAP_LEAP=y
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
#CONFIG_EAP_AKA=y
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# Enable USIM simulator (Milenage) for EAP-AKA
#CONFIG_USIM_SIMULATOR=y
# EAP-SAKE
#CONFIG_EAP_SAKE=y
# EAP-GPSK
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-TNC and related Trusted Network Connect support (experimental)
#CONFIG_EAP_TNC=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
# Enable WPS external registrar functionality
#CONFIG_WPS_ER=y
# Disable credentials for an open network by default when acting as a WPS
# registrar.
#CONFIG_WPS_REG_DISABLE_OPEN=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# EAP-EKE
#CONFIG_EAP_EKE=y
# MACsec
#CONFIG_MACSEC=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
# engine.
CONFIG_SMARTCARD=y
# PC/SC interface for smartcards (USIM, GSM SIM)
# Enable this if EAP-SIM or EAP-AKA is included
#CONFIG_PCSC=y
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
CONFIG_HT_OVERRIDES=y
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
CONFIG_VHT_OVERRIDES=y
# Development testing
#CONFIG_EAPOL_TEST=y
# Select control interface backend for external programs, e.g, wpa_cli:
# unix = UNIX domain sockets (default for Linux/*BSD)
# udp = UDP sockets using localhost (127.0.0.1)
# udp6 = UDP IPv6 sockets using localhost (::1)
# named_pipe = Windows Named Pipe (default for Windows)
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
# y = use default (backwards compatibility)
# If this option is commented out, control interface is not included in the
# build.
CONFIG_CTRL_IFACE=y
# Include support for GNU Readline and History Libraries in wpa_cli.
# When building a wpa_cli binary for distribution, please note that these
# libraries are licensed under GPL and as such, BSD license may not apply for
# the resulting binary.
#CONFIG_READLINE=y
# Include internal line edit mode in wpa_cli. This can be used as a replacement
# for GNU Readline to provide limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Remove debugging code that is printing out debug message to stdout.
# This can be used to reduce the size of the wpa_supplicant considerably
# if debugging code is not needed. The size reduction can be around 35%
# (e.g., 90 kB).
#CONFIG_NO_STDOUT_DEBUG=y
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
# 35-50 kB in code size.
#CONFIG_NO_WPA=y
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
# This option can be used to reduce code size by removing support for
# converting ASCII passphrases into PSK. If this functionality is removed, the
# PSK can only be configured as the 64-octet hexstring (e.g., from
# wpa_passphrase). This saves about 0.5 kB in code size.
#CONFIG_NO_WPA_PASSPHRASE=y
# Simultaneous Authentication of Equals (SAE), WPA3-Personal
#CONFIG_SAE=y
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
# This can be used if ap_scan=1 mode is never enabled.
#CONFIG_NO_SCAN_PROCESSING=y
# Select configuration backend:
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
# path is given on command line, not here; this option is just used to
# select the backend that allows configuration files to be used)
# winreg = Windows registry (see win_example.reg for an example)
CONFIG_BACKEND=file
# Remove configuration write functionality (i.e., to allow the configuration
# file to be updated based on runtime configuration changes). The runtime
# configuration can still be changed, the changes are just not going to be
# persistent over restarts. This option can be used to reduce code size by
# about 3.5 kB.
#CONFIG_NO_CONFIG_WRITE=y
# Remove support for configuration blobs to reduce code size by about 1.5 kB.
#CONFIG_NO_CONFIG_BLOBS=y
# Select program entry point implementation:
# main = UNIX/POSIX like main() function (default)
# main_winsvc = Windows service (read parameters from registry)
# main_none = Very basic example (development use only)
#CONFIG_MAIN=main
# Select wrapper for operating system and C library specific functions
# unix = UNIX/POSIX like systems (default)
# win32 = Windows systems
# none = Empty template
#CONFIG_OS=unix
# Select event loop implementation
# eloop = select() loop (default)
# eloop_win = Windows events and WaitForMultipleObject() loop
#CONFIG_ELOOP=eloop
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select layer 2 packet implementation
# linux = Linux packet socket (default)
# pcap = libpcap/libdnet/WinPcap
# freebsd = FreeBSD libpcap
# winpcap = WinPcap with receive thread
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
# none = Empty template
#CONFIG_L2_PACKET=linux
# Disable Linux packet socket workaround applicable for station interface
# in a bridge for EAPOL frames. This should be uncommented only if the kernel
# is known to not have the regression issue in packet socket behavior with
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
CONFIG_OCV=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used. It should be noted that some existing TLS v1.0 -based
# implementation may not be compatible with TLS v1.1 message (ClientHello is
# sent prior to negotiating which version will be used)
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms. It should be
# noted that some existing TLS v1.0 -based implementation may not be compatible
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
# will be used)
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
# This is only for Windows builds and requires WMI-related header files and
# WbemUuid.Lib from Platform SDK even when building with MinGW.
#CONFIG_NDIS_EVENTS_INTEGRATED=y
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
# Add support for new DBus control interface
# (fi.w1.hostap.wpa_supplicant1)
#CONFIG_CTRL_IFACE_DBUS_NEW=y
# Add introspection support for new DBus control interface
#CONFIG_CTRL_IFACE_DBUS_INTRO=y
# Add support for loading EAP methods dynamically as shared libraries.
# When this option is enabled, each EAP method can be either included
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
# be loaded in the beginning of the wpa_supplicant configuration file
# (see load_dynamic_eap parameter in the example file) before being used in
# the network blocks.
#
# Note that some shared parts of EAP methods are included in the main program
# and in order to be able to use dynamic EAP methods using these parts, the
# main program must have been build with the EAP method enabled (=y or =dyn).
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
# unless at least one of them was included in the main build to force inclusion
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
# in the main build to be able to load these methods dynamically.
#
# Please also note that using dynamic libraries will increase the total binary
# size. Thus, it may not be the best option for targets that have limited
# amount of memory/flash.
#CONFIG_DYNAMIC_EAP_METHODS=y
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
CONFIG_IEEE80211R=y
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Set syslog facility for debug messages
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Add support for writing debug log to Android logcat instead of standard
# output
#CONFIG_ANDROID_LOG=y
# Enable privilege separation (see README 'Privilege separation' for details)
#CONFIG_PRIVSEP=y
# Enable mitigation against certain attacks against TKIP by delaying Michael
# MIC error reports by a random amount of time between 0 and 60 seconds
#CONFIG_DELAYED_MIC_ERROR_REPORT=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, uncomment these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, uncomment these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# wpa_supplicant depends on strong random number generation being available
# from the operating system. os_get_random() function is used to fetch random
# data when needed, e.g., for key generation. On Linux and BSD systems, this
# works by reading /dev/urandom. It should be noted that the OS entropy pool
# needs to be properly initialized before wpa_supplicant is started. This is
# important especially on embedded devices that do not have a hardware random
# number generator and may by default start up with minimal entropy available
# for random number generation.
#
# As a safety net, wpa_supplicant is by default trying to internally collect
# additional entropy for generating random data to mix in with the data fetched
# from the OS. This by itself is not considered to be very strong, but it may
# help in cases where the system pool is not initialized properly. However, it
# is very strongly recommended that the system pool is initialized with enough
# entropy either by using hardware assisted random number generator or by
# storing state over device reboots.
#
# wpa_supplicant can be configured to maintain its own entropy store over
# restarts to enhance random number generation. This is not perfect, but it is
# much more secure than using the same sequence of random numbers after every
# reboot. This can be enabled with -e<entropy file> command line option. The
# specified file needs to be readable and writable by wpa_supplicant.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal wpa_supplicant random pool can be
# disabled. This will save some in binary size and CPU use. However, this
# should only be considered for builds that are known to be used on devices
# that meet the requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
#CONFIG_IEEE80211N=y
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
# (depends on CONFIG_IEEE80211N)
#CONFIG_IEEE80211AC=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
CONFIG_WNM=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks (GAS/ANQP to learn more about the networks and network
# selection based on available credentials).
CONFIG_INTERWORKING=y
# Hotspot 2.0
CONFIG_HS20=y
# Enable interface matching in wpa_supplicant
#CONFIG_MATCH_IFACE=y
# Disable roaming in wpa_supplicant
#CONFIG_NO_ROAMING=y
# AP mode operations with wpa_supplicant
# This can be used for controlling AP mode operations with wpa_supplicant. It
# should be noted that this is mainly aimed at simple cases like
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
# external RADIUS server can be supported with hostapd.
#CONFIG_AP=y
# P2P (Wi-Fi Direct)
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
# more information on P2P operations.
#CONFIG_P2P=y
# Enable TDLS support
#CONFIG_TDLS=y
# Wi-Fi Display
# This can be used to enable Wi-Fi Display extensions for P2P using an external
# program to control the additional information exchanges in the messages.
#CONFIG_WIFI_DISPLAY=y
# Autoscan
# This can be used to enable automatic scan support in wpa_supplicant.
# See wpa_supplicant.conf for more information on autoscan usage.
#
# Enabling directly a module will enable autoscan support.
# For exponential module:
#CONFIG_AUTOSCAN_EXPONENTIAL=y
# For periodic module:
#CONFIG_AUTOSCAN_PERIODIC=y
# Password (and passphrase, etc.) backend for external storage
# These optional mechanisms can be used to add support for storing passwords
# and other secrets in external (to wpa_supplicant) location. This allows, for
# example, operating system specific key storage to be used
#
# External password backend for testing purposes (developer use)
#CONFIG_EXT_PASSWORD_TEST=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# OS X builds. This is only for building eapol_test.
#CONFIG_OSX=y
# Automatic Channel Selection
# This will allow wpa_supplicant to pick the channel automatically when channel
# is set to "0".
#
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
# to "channel=0". This would enable us to eventually add other ACS algorithms in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
# a newly to create wpa_supplicant.conf variable acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#CONFIG_ACS=y
# Support Multi Band Operation
#CONFIG_MBO=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Support RSN on IBSS networks
# This is needed to be able to use mode=1 network profile with proto=RSN and
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
CONFIG_IBSS_RSN=y
# External PMKSA cache control
# This can be used to enable control interface commands that allow the current
# PMKSA cache entries to be fetched and new entries to be added.
#CONFIG_PMKSA_CACHE_EXTERNAL=y
# Mesh Networking (IEEE 802.11s)
#CONFIG_MESH=y
# Background scanning modules
# These can be used to request wpa_supplicant to perform background scanning
# operations for roaming within an ESS (same SSID). See the bgscan parameter in
# the wpa_supplicant.conf file for more details.
# Periodic background scans based on signal strength
#CONFIG_BGSCAN_SIMPLE=y
# Learn channels used by the network and try to avoid bgscans on other
# channels (experimental)
#CONFIG_BGSCAN_LEARN=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Device Provisioning Protocol (DPP)
# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
# wpa_supplicant/README-DPP for details)
#CONFIG_DPP=y
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y
# OpenWrt patch 380-disable-ctrl-iface-mib.patch
# leads to the MIB only being compiled in if
# CONFIG_CTRL_IFACE_MIB is enabled.
CONFIG_CTRL_IFACE_MIB=y

625
openwrt-files/wpa_supplicant-mini.config Normal file
View file

@ -0,0 +1,625 @@
# Example wpa_supplicant build time configuration
#
# This file lists the configuration options that are used when building the
# wpa_supplicant binary. All lines starting with # are ignored. Configuration
# option lines must be commented out complete, if they are not to be included,
# i.e., just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cases, these lines should use += in order not
# to override previous values of the variables.
# Uncomment following two lines and fix the paths if you have installed OpenSSL
# or GnuTLS in non-default location
#CFLAGS += -I/usr/local/openssl/include
#LIBS += -L/usr/local/openssl/lib
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
# the kerberos files are not in the default include path. Following line can be
# used to fix build issues on such systems (krb5.h not found).
#CFLAGS += -I/usr/include/kerberos
# Driver interface for generic Linux wireless extensions
# Note: WEXT is deprecated in the current Linux kernel version and no new
# functionality is added to it. nl80211-based interface is the new
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
#CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for Windows NDIS
#CONFIG_DRIVER_NDIS=y
#CFLAGS += -I/usr/include/w32api/ddk
#LIBS += -L/usr/local/lib
# For native build using mingw
#CONFIG_NATIVE_WINDOWS=y
# Additional directories for cross-compilation on Linux host for mingw target
#CFLAGS += -I/opt/mingw/mingw32/include/ddk
#LIBS += -L/opt/mingw/mingw32/lib
#CC=mingw32-gcc
# By default, driver_ndis uses WinPcap for low-level operations. This can be
# replaced with the following option which replaces WinPcap calls with NDISUIO.
# However, this requires that WZC is disabled (net stop wzcsvc) before starting
# wpa_supplicant.
# CONFIG_USE_NDISUIO=y
# Driver interface for wired Ethernet drivers
CONFIG_DRIVER_WIRED=y
# Driver interface for MACsec capable Qualcomm Atheros drivers
#CONFIG_DRIVER_MACSEC_QCA=y
# Driver interface for Linux MACsec drivers
#CONFIG_DRIVER_MACSEC_LINUX=y
# Driver interface for the Broadcom RoboSwitch family
#CONFIG_DRIVER_ROBOSWITCH=y
# Driver interface for no driver (e.g., WPS ER only)
#CONFIG_DRIVER_NONE=y
# Solaris libraries
#LIBS += -lsocket -ldlpi -lnsl
#LIBS_c += -lsocket
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
# MACsec is included)
#CONFIG_IEEE8021X_EAPOL=y
# EAP-MD5
#CONFIG_EAP_MD5=y
# EAP-MSCHAPv2
#CONFIG_EAP_MSCHAPV2=y
# EAP-TLS
#CONFIG_EAP_TLS=y
# EAL-PEAP
#CONFIG_EAP_PEAP=y
# EAP-TTLS
#CONFIG_EAP_TTLS=y
# EAP-FAST
#CONFIG_EAP_FAST=y
# EAP-TEAP
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# EAP-GTC
#CONFIG_EAP_GTC=y
# EAP-OTP
#CONFIG_EAP_OTP=y
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
#CONFIG_EAP_SIM=y
# Enable SIM simulator (Milenage) for EAP-SIM
#CONFIG_SIM_SIMULATOR=y
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd (secure authentication using only a password)
#CONFIG_EAP_PWD=y
# EAP-PAX
#CONFIG_EAP_PAX=y
# LEAP
#CONFIG_EAP_LEAP=y
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
#CONFIG_EAP_AKA=y
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# Enable USIM simulator (Milenage) for EAP-AKA
#CONFIG_USIM_SIMULATOR=y
# EAP-SAKE
#CONFIG_EAP_SAKE=y
# EAP-GPSK
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-TNC and related Trusted Network Connect support (experimental)
#CONFIG_EAP_TNC=y
# Wi-Fi Protected Setup (WPS)
#CONFIG_WPS=y
# Enable WPS external registrar functionality
#CONFIG_WPS_ER=y
# Disable credentials for an open network by default when acting as a WPS
# registrar.
#CONFIG_WPS_REG_DISABLE_OPEN=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# EAP-EKE
#CONFIG_EAP_EKE=y
# MACsec
#CONFIG_MACSEC=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
#CONFIG_PKCS12=y
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
# engine.
#CONFIG_SMARTCARD=y
# PC/SC interface for smartcards (USIM, GSM SIM)
# Enable this if EAP-SIM or EAP-AKA is included
#CONFIG_PCSC=y
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
CONFIG_HT_OVERRIDES=y
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
CONFIG_VHT_OVERRIDES=y
# Development testing
#CONFIG_EAPOL_TEST=y
# Select control interface backend for external programs, e.g, wpa_cli:
# unix = UNIX domain sockets (default for Linux/*BSD)
# udp = UDP sockets using localhost (127.0.0.1)
# udp6 = UDP IPv6 sockets using localhost (::1)
# named_pipe = Windows Named Pipe (default for Windows)
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
# y = use default (backwards compatibility)
# If this option is commented out, control interface is not included in the
# build.
CONFIG_CTRL_IFACE=y
# Include support for GNU Readline and History Libraries in wpa_cli.
# When building a wpa_cli binary for distribution, please note that these
# libraries are licensed under GPL and as such, BSD license may not apply for
# the resulting binary.
#CONFIG_READLINE=y
# Include internal line edit mode in wpa_cli. This can be used as a replacement
# for GNU Readline to provide limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Remove debugging code that is printing out debug message to stdout.
# This can be used to reduce the size of the wpa_supplicant considerably
# if debugging code is not needed. The size reduction can be around 35%
# (e.g., 90 kB).
#CONFIG_NO_STDOUT_DEBUG=y
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
# 35-50 kB in code size.
#CONFIG_NO_WPA=y
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
# This option can be used to reduce code size by removing support for
# converting ASCII passphrases into PSK. If this functionality is removed, the
# PSK can only be configured as the 64-octet hexstring (e.g., from
# wpa_passphrase). This saves about 0.5 kB in code size.
#CONFIG_NO_WPA_PASSPHRASE=y
# Simultaneous Authentication of Equals (SAE), WPA3-Personal
#CONFIG_SAE=y
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
# This can be used if ap_scan=1 mode is never enabled.
#CONFIG_NO_SCAN_PROCESSING=y
# Select configuration backend:
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
# path is given on command line, not here; this option is just used to
# select the backend that allows configuration files to be used)
# winreg = Windows registry (see win_example.reg for an example)
CONFIG_BACKEND=file
# Remove configuration write functionality (i.e., to allow the configuration
# file to be updated based on runtime configuration changes). The runtime
# configuration can still be changed, the changes are just not going to be
# persistent over restarts. This option can be used to reduce code size by
# about 3.5 kB.
CONFIG_NO_CONFIG_WRITE=y
# Remove support for configuration blobs to reduce code size by about 1.5 kB.
#CONFIG_NO_CONFIG_BLOBS=y
# Select program entry point implementation:
# main = UNIX/POSIX like main() function (default)
# main_winsvc = Windows service (read parameters from registry)
# main_none = Very basic example (development use only)
#CONFIG_MAIN=main
# Select wrapper for operating system and C library specific functions
# unix = UNIX/POSIX like systems (default)
# win32 = Windows systems
# none = Empty template
#CONFIG_OS=unix
# Select event loop implementation
# eloop = select() loop (default)
# eloop_win = Windows events and WaitForMultipleObject() loop
#CONFIG_ELOOP=eloop
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select layer 2 packet implementation
# linux = Linux packet socket (default)
# pcap = libpcap/libdnet/WinPcap
# freebsd = FreeBSD libpcap
# winpcap = WinPcap with receive thread
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
# none = Empty template
#CONFIG_L2_PACKET=linux
# Disable Linux packet socket workaround applicable for station interface
# in a bridge for EAPOL frames. This should be uncommented only if the kernel
# is known to not have the regression issue in packet socket behavior with
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used. It should be noted that some existing TLS v1.0 -based
# implementation may not be compatible with TLS v1.1 message (ClientHello is
# sent prior to negotiating which version will be used)
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms. It should be
# noted that some existing TLS v1.0 -based implementation may not be compatible
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
# will be used)
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
#CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
# This is only for Windows builds and requires WMI-related header files and
# WbemUuid.Lib from Platform SDK even when building with MinGW.
#CONFIG_NDIS_EVENTS_INTEGRATED=y
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
# Add support for new DBus control interface
# (fi.w1.hostap.wpa_supplicant1)
#CONFIG_CTRL_IFACE_DBUS_NEW=y
# Add introspection support for new DBus control interface
#CONFIG_CTRL_IFACE_DBUS_INTRO=y
# Add support for loading EAP methods dynamically as shared libraries.
# When this option is enabled, each EAP method can be either included
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
# be loaded in the beginning of the wpa_supplicant configuration file
# (see load_dynamic_eap parameter in the example file) before being used in
# the network blocks.
#
# Note that some shared parts of EAP methods are included in the main program
# and in order to be able to use dynamic EAP methods using these parts, the
# main program must have been build with the EAP method enabled (=y or =dyn).
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
# unless at least one of them was included in the main build to force inclusion
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
# in the main build to be able to load these methods dynamically.
#
# Please also note that using dynamic libraries will increase the total binary
# size. Thus, it may not be the best option for targets that have limited
# amount of memory/flash.
#CONFIG_DYNAMIC_EAP_METHODS=y
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
#CONFIG_IEEE80211R=y
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Set syslog facility for debug messages
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Add support for writing debug log to Android logcat instead of standard
# output
#CONFIG_ANDROID_LOG=y
# Enable privilege separation (see README 'Privilege separation' for details)
#CONFIG_PRIVSEP=y
# Enable mitigation against certain attacks against TKIP by delaying Michael
# MIC error reports by a random amount of time between 0 and 60 seconds
#CONFIG_DELAYED_MIC_ERROR_REPORT=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, uncomment these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, uncomment these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# wpa_supplicant depends on strong random number generation being available
# from the operating system. os_get_random() function is used to fetch random
# data when needed, e.g., for key generation. On Linux and BSD systems, this
# works by reading /dev/urandom. It should be noted that the OS entropy pool
# needs to be properly initialized before wpa_supplicant is started. This is
# important especially on embedded devices that do not have a hardware random
# number generator and may by default start up with minimal entropy available
# for random number generation.
#
# As a safety net, wpa_supplicant is by default trying to internally collect
# additional entropy for generating random data to mix in with the data fetched
# from the OS. This by itself is not considered to be very strong, but it may
# help in cases where the system pool is not initialized properly. However, it
# is very strongly recommended that the system pool is initialized with enough
# entropy either by using hardware assisted random number generator or by
# storing state over device reboots.
#
# wpa_supplicant can be configured to maintain its own entropy store over
# restarts to enhance random number generation. This is not perfect, but it is
# much more secure than using the same sequence of random numbers after every
# reboot. This can be enabled with -e<entropy file> command line option. The
# specified file needs to be readable and writable by wpa_supplicant.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal wpa_supplicant random pool can be
# disabled. This will save some in binary size and CPU use. However, this
# should only be considered for builds that are known to be used on devices
# that meet the requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
#CONFIG_IEEE80211N=y
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
# (depends on CONFIG_IEEE80211N)
#CONFIG_IEEE80211AC=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks (GAS/ANQP to learn more about the networks and network
# selection based on available credentials).
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable interface matching in wpa_supplicant
#CONFIG_MATCH_IFACE=y
# Disable roaming in wpa_supplicant
#CONFIG_NO_ROAMING=y
# AP mode operations with wpa_supplicant
# This can be used for controlling AP mode operations with wpa_supplicant. It
# should be noted that this is mainly aimed at simple cases like
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
# external RADIUS server can be supported with hostapd.
#CONFIG_AP=y
# P2P (Wi-Fi Direct)
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
# more information on P2P operations.
#CONFIG_P2P=y
# Enable TDLS support
#CONFIG_TDLS=y
# Wi-Fi Display
# This can be used to enable Wi-Fi Display extensions for P2P using an external
# program to control the additional information exchanges in the messages.
#CONFIG_WIFI_DISPLAY=y
# Autoscan
# This can be used to enable automatic scan support in wpa_supplicant.
# See wpa_supplicant.conf for more information on autoscan usage.
#
# Enabling directly a module will enable autoscan support.
# For exponential module:
#CONFIG_AUTOSCAN_EXPONENTIAL=y
# For periodic module:
#CONFIG_AUTOSCAN_PERIODIC=y
# Password (and passphrase, etc.) backend for external storage
# These optional mechanisms can be used to add support for storing passwords
# and other secrets in external (to wpa_supplicant) location. This allows, for
# example, operating system specific key storage to be used
#
# External password backend for testing purposes (developer use)
#CONFIG_EXT_PASSWORD_TEST=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# OS X builds. This is only for building eapol_test.
#CONFIG_OSX=y
# Automatic Channel Selection
# This will allow wpa_supplicant to pick the channel automatically when channel
# is set to "0".
#
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
# to "channel=0". This would enable us to eventually add other ACS algorithms in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
# a newly to create wpa_supplicant.conf variable acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#CONFIG_ACS=y
# Support Multi Band Operation
#CONFIG_MBO=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Support RSN on IBSS networks
# This is needed to be able to use mode=1 network profile with proto=RSN and
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
#CONFIG_IBSS_RSN=y
# External PMKSA cache control
# This can be used to enable control interface commands that allow the current
# PMKSA cache entries to be fetched and new entries to be added.
#CONFIG_PMKSA_CACHE_EXTERNAL=y
# Mesh Networking (IEEE 802.11s)
#CONFIG_MESH=y
# Background scanning modules
# These can be used to request wpa_supplicant to perform background scanning
# operations for roaming within an ESS (same SSID). See the bgscan parameter in
# the wpa_supplicant.conf file for more details.
# Periodic background scans based on signal strength
#CONFIG_BGSCAN_SIMPLE=y
# Learn channels used by the network and try to avoid bgscans on other
# channels (experimental)
#CONFIG_BGSCAN_LEARN=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Device Provisioning Protocol (DPP)
# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
# wpa_supplicant/README-DPP for details)
#CONFIG_DPP=y
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y
# OpenWrt patch 380-disable-ctrl-iface-mib.patch
# leads to the MIB only being compiled in if
# CONFIG_CTRL_IFACE_MIB is enabled.
#CONFIG_CTRL_IFACE_MIB=y

625
openwrt-files/wpa_supplicant-p2p.config Normal file
View file

@ -0,0 +1,625 @@
# Example wpa_supplicant build time configuration
#
# This file lists the configuration options that are used when building the
# wpa_supplicant binary. All lines starting with # are ignored. Configuration
# option lines must be commented out complete, if they are not to be included,
# i.e., just setting VARIABLE=n is not disabling that variable.
#
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
# be modified from here. In most cases, these lines should use += in order not
# to override previous values of the variables.
# Uncomment following two lines and fix the paths if you have installed OpenSSL
# or GnuTLS in non-default location
#CFLAGS += -I/usr/local/openssl/include
#LIBS += -L/usr/local/openssl/lib
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but
# the kerberos files are not in the default include path. Following line can be
# used to fix build issues on such systems (krb5.h not found).
#CFLAGS += -I/usr/include/kerberos
# Driver interface for generic Linux wireless extensions
# Note: WEXT is deprecated in the current Linux kernel version and no new
# functionality is added to it. nl80211-based interface is the new
# replacement for WEXT and its use allows wpa_supplicant to properly control
# the driver to improve existing functionality like roaming and to support new
# functionality.
#CONFIG_DRIVER_WEXT=y
# Driver interface for Linux drivers using the nl80211 kernel interface
CONFIG_DRIVER_NL80211=y
# QCA vendor extensions to nl80211
#CONFIG_DRIVER_NL80211_QCA=y
# driver_nl80211.c requires libnl. If you are compiling it yourself
# you may need to point hostapd to your version of libnl.
#
#CFLAGS += -I$<path to libnl include files>
#LIBS += -L$<path to libnl library files>
# Use libnl v2.0 (or 3.0) libraries.
#CONFIG_LIBNL20=y
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
#CONFIG_LIBNL32=y
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
#CONFIG_DRIVER_BSD=y
#CFLAGS += -I/usr/local/include
#LIBS += -L/usr/local/lib
#LIBS_p += -L/usr/local/lib
#LIBS_c += -L/usr/local/lib
# Driver interface for Windows NDIS
#CONFIG_DRIVER_NDIS=y
#CFLAGS += -I/usr/include/w32api/ddk
#LIBS += -L/usr/local/lib
# For native build using mingw
#CONFIG_NATIVE_WINDOWS=y
# Additional directories for cross-compilation on Linux host for mingw target
#CFLAGS += -I/opt/mingw/mingw32/include/ddk
#LIBS += -L/opt/mingw/mingw32/lib
#CC=mingw32-gcc
# By default, driver_ndis uses WinPcap for low-level operations. This can be
# replaced with the following option which replaces WinPcap calls with NDISUIO.
# However, this requires that WZC is disabled (net stop wzcsvc) before starting
# wpa_supplicant.
# CONFIG_USE_NDISUIO=y
# Driver interface for wired Ethernet drivers
CONFIG_DRIVER_WIRED=y
# Driver interface for MACsec capable Qualcomm Atheros drivers
#CONFIG_DRIVER_MACSEC_QCA=y
# Driver interface for Linux MACsec drivers
#CONFIG_DRIVER_MACSEC_LINUX=y
# Driver interface for the Broadcom RoboSwitch family
#CONFIG_DRIVER_ROBOSWITCH=y
# Driver interface for no driver (e.g., WPS ER only)
#CONFIG_DRIVER_NONE=y
# Solaris libraries
#LIBS += -lsocket -ldlpi -lnsl
#LIBS_c += -lsocket
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or
# MACsec is included)
CONFIG_IEEE8021X_EAPOL=y
# EAP-MD5
CONFIG_EAP_MD5=y
# EAP-MSCHAPv2
CONFIG_EAP_MSCHAPV2=y
# EAP-TLS
CONFIG_EAP_TLS=y
# EAL-PEAP
CONFIG_EAP_PEAP=y
# EAP-TTLS
CONFIG_EAP_TTLS=y
# EAP-FAST
CONFIG_EAP_FAST=y
# EAP-TEAP
# Note: The current EAP-TEAP implementation is experimental and should not be
# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
# of conflicting statements and missing details and the implementation has
# vendor specific workarounds for those and as such, may not interoperate with
# any other implementation. This should not be used for anything else than
# experimentation and interoperability testing until those issues has been
# resolved.
#CONFIG_EAP_TEAP=y
# EAP-GTC
CONFIG_EAP_GTC=y
# EAP-OTP
CONFIG_EAP_OTP=y
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
#CONFIG_EAP_SIM=y
# Enable SIM simulator (Milenage) for EAP-SIM
#CONFIG_SIM_SIMULATOR=y
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
#CONFIG_EAP_PSK=y
# EAP-pwd (secure authentication using only a password)
#CONFIG_EAP_PWD=y
# EAP-PAX
#CONFIG_EAP_PAX=y
# LEAP
CONFIG_EAP_LEAP=y
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
#CONFIG_EAP_AKA=y
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used).
# This requires CONFIG_EAP_AKA to be enabled, too.
#CONFIG_EAP_AKA_PRIME=y
# Enable USIM simulator (Milenage) for EAP-AKA
#CONFIG_USIM_SIMULATOR=y
# EAP-SAKE
#CONFIG_EAP_SAKE=y
# EAP-GPSK
#CONFIG_EAP_GPSK=y
# Include support for optional SHA256 cipher suite in EAP-GPSK
#CONFIG_EAP_GPSK_SHA256=y
# EAP-TNC and related Trusted Network Connect support (experimental)
#CONFIG_EAP_TNC=y
# Wi-Fi Protected Setup (WPS)
CONFIG_WPS=y
# Enable WPS external registrar functionality
#CONFIG_WPS_ER=y
# Disable credentials for an open network by default when acting as a WPS
# registrar.
#CONFIG_WPS_REG_DISABLE_OPEN=y
# Enable WPS support with NFC config method
#CONFIG_WPS_NFC=y
# EAP-IKEv2
#CONFIG_EAP_IKEV2=y
# EAP-EKE
#CONFIG_EAP_EKE=y
# MACsec
#CONFIG_MACSEC=y
# PKCS#12 (PFX) support (used to read private key and certificate file from
# a file that usually has extension .p12 or .pfx)
CONFIG_PKCS12=y
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
# engine.
CONFIG_SMARTCARD=y
# PC/SC interface for smartcards (USIM, GSM SIM)
# Enable this if EAP-SIM or EAP-AKA is included
#CONFIG_PCSC=y
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
CONFIG_HT_OVERRIDES=y
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
CONFIG_VHT_OVERRIDES=y
# Development testing
#CONFIG_EAPOL_TEST=y
# Select control interface backend for external programs, e.g, wpa_cli:
# unix = UNIX domain sockets (default for Linux/*BSD)
# udp = UDP sockets using localhost (127.0.0.1)
# udp6 = UDP IPv6 sockets using localhost (::1)
# named_pipe = Windows Named Pipe (default for Windows)
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
# y = use default (backwards compatibility)
# If this option is commented out, control interface is not included in the
# build.
CONFIG_CTRL_IFACE=y
# Include support for GNU Readline and History Libraries in wpa_cli.
# When building a wpa_cli binary for distribution, please note that these
# libraries are licensed under GPL and as such, BSD license may not apply for
# the resulting binary.
#CONFIG_READLINE=y
# Include internal line edit mode in wpa_cli. This can be used as a replacement
# for GNU Readline to provide limited command line editing and history support.
#CONFIG_WPA_CLI_EDIT=y
# Remove debugging code that is printing out debug message to stdout.
# This can be used to reduce the size of the wpa_supplicant considerably
# if debugging code is not needed. The size reduction can be around 35%
# (e.g., 90 kB).
#CONFIG_NO_STDOUT_DEBUG=y
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save
# 35-50 kB in code size.
#CONFIG_NO_WPA=y
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
# This option can be used to reduce code size by removing support for
# converting ASCII passphrases into PSK. If this functionality is removed, the
# PSK can only be configured as the 64-octet hexstring (e.g., from
# wpa_passphrase). This saves about 0.5 kB in code size.
#CONFIG_NO_WPA_PASSPHRASE=y
# Simultaneous Authentication of Equals (SAE), WPA3-Personal
#CONFIG_SAE=y
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB.
# This can be used if ap_scan=1 mode is never enabled.
#CONFIG_NO_SCAN_PROCESSING=y
# Select configuration backend:
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file
# path is given on command line, not here; this option is just used to
# select the backend that allows configuration files to be used)
# winreg = Windows registry (see win_example.reg for an example)
CONFIG_BACKEND=file
# Remove configuration write functionality (i.e., to allow the configuration
# file to be updated based on runtime configuration changes). The runtime
# configuration can still be changed, the changes are just not going to be
# persistent over restarts. This option can be used to reduce code size by
# about 3.5 kB.
#CONFIG_NO_CONFIG_WRITE=y
# Remove support for configuration blobs to reduce code size by about 1.5 kB.
#CONFIG_NO_CONFIG_BLOBS=y
# Select program entry point implementation:
# main = UNIX/POSIX like main() function (default)
# main_winsvc = Windows service (read parameters from registry)
# main_none = Very basic example (development use only)
#CONFIG_MAIN=main
# Select wrapper for operating system and C library specific functions
# unix = UNIX/POSIX like systems (default)
# win32 = Windows systems
# none = Empty template
#CONFIG_OS=unix
# Select event loop implementation
# eloop = select() loop (default)
# eloop_win = Windows events and WaitForMultipleObject() loop
#CONFIG_ELOOP=eloop
# Should we use poll instead of select? Select is used by default.
#CONFIG_ELOOP_POLL=y
# Should we use epoll instead of select? Select is used by default.
CONFIG_ELOOP_EPOLL=y
# Should we use kqueue instead of select? Select is used by default.
#CONFIG_ELOOP_KQUEUE=y
# Select layer 2 packet implementation
# linux = Linux packet socket (default)
# pcap = libpcap/libdnet/WinPcap
# freebsd = FreeBSD libpcap
# winpcap = WinPcap with receive thread
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y)
# none = Empty template
#CONFIG_L2_PACKET=linux
# Disable Linux packet socket workaround applicable for station interface
# in a bridge for EAPOL frames. This should be uncommented only if the kernel
# is known to not have the regression issue in packet socket behavior with
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
# IEEE 802.11w (management frame protection), also known as PMF
# Driver support is also needed for IEEE 802.11w.
CONFIG_IEEE80211W=y
# Support Operating Channel Validation
#CONFIG_OCV=y
# Select TLS implementation
# openssl = OpenSSL (default)
# gnutls = GnuTLS
# internal = Internal TLSv1 implementation (experimental)
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
# none = Empty template
CONFIG_TLS=internal
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
# can be enabled to get a stronger construction of messages when block ciphers
# are used. It should be noted that some existing TLS v1.0 -based
# implementation may not be compatible with TLS v1.1 message (ClientHello is
# sent prior to negotiating which version will be used)
#CONFIG_TLSV11=y
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
# can be enabled to enable use of stronger crypto algorithms. It should be
# noted that some existing TLS v1.0 -based implementation may not be compatible
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
# will be used)
#CONFIG_TLSV12=y
# Select which ciphers to use by default with OpenSSL if the user does not
# specify them.
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
# If CONFIG_TLS=internal is used, additional library and include paths are
# needed for LibTomMath. Alternatively, an integrated, minimal version of
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
# and drawbacks of this option.
CONFIG_INTERNAL_LIBTOMMATH=y
#ifndef CONFIG_INTERNAL_LIBTOMMATH
#LTM_PATH=/usr/src/libtommath-0.39
#CFLAGS += -I$(LTM_PATH)
#LIBS += -L$(LTM_PATH)
#LIBS_p += -L$(LTM_PATH)
#endif
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
# can be configured to include faster routines for exptmod, sqr, and div to
# speed up DH and RSA calculation considerably
CONFIG_INTERNAL_LIBTOMMATH_FAST=y
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc.
# This is only for Windows builds and requires WMI-related header files and
# WbemUuid.Lib from Platform SDK even when building with MinGW.
#CONFIG_NDIS_EVENTS_INTEGRATED=y
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib"
# Add support for new DBus control interface
# (fi.w1.hostap.wpa_supplicant1)
#CONFIG_CTRL_IFACE_DBUS_NEW=y
# Add introspection support for new DBus control interface
#CONFIG_CTRL_IFACE_DBUS_INTRO=y
# Add support for loading EAP methods dynamically as shared libraries.
# When this option is enabled, each EAP method can be either included
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn).
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to
# be loaded in the beginning of the wpa_supplicant configuration file
# (see load_dynamic_eap parameter in the example file) before being used in
# the network blocks.
#
# Note that some shared parts of EAP methods are included in the main program
# and in order to be able to use dynamic EAP methods using these parts, the
# main program must have been build with the EAP method enabled (=y or =dyn).
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries
# unless at least one of them was included in the main build to force inclusion
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included
# in the main build to be able to load these methods dynamically.
#
# Please also note that using dynamic libraries will increase the total binary
# size. Thus, it may not be the best option for targets that have limited
# amount of memory/flash.
#CONFIG_DYNAMIC_EAP_METHODS=y
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
#CONFIG_IEEE80211R=y
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
#CONFIG_DEBUG_FILE=y
# Send debug messages to syslog instead of stdout
CONFIG_DEBUG_SYSLOG=y
# Set syslog facility for debug messages
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
# Add support for sending all debug messages (regardless of debug verbosity)
# to the Linux kernel tracing facility. This helps debug the entire stack by
# making it easy to record everything happening from the driver up into the
# same file, e.g., using trace-cmd.
#CONFIG_DEBUG_LINUX_TRACING=y
# Add support for writing debug log to Android logcat instead of standard
# output
#CONFIG_ANDROID_LOG=y
# Enable privilege separation (see README 'Privilege separation' for details)
#CONFIG_PRIVSEP=y
# Enable mitigation against certain attacks against TKIP by delaying Michael
# MIC error reports by a random amount of time between 0 and 60 seconds
#CONFIG_DELAYED_MIC_ERROR_REPORT=y
# Enable tracing code for developer debugging
# This tracks use of memory allocations and other registrations and reports
# incorrect use with a backtrace of call (or allocation) location.
#CONFIG_WPA_TRACE=y
# For BSD, uncomment these.
#LIBS += -lexecinfo
#LIBS_p += -lexecinfo
#LIBS_c += -lexecinfo
# Use libbfd to get more details for developer debugging
# This enables use of libbfd to get more detailed symbols for the backtraces
# generated by CONFIG_WPA_TRACE=y.
#CONFIG_WPA_TRACE_BFD=y
# For BSD, uncomment these.
#LIBS += -lbfd -liberty -lz
#LIBS_p += -lbfd -liberty -lz
#LIBS_c += -lbfd -liberty -lz
# wpa_supplicant depends on strong random number generation being available
# from the operating system. os_get_random() function is used to fetch random
# data when needed, e.g., for key generation. On Linux and BSD systems, this
# works by reading /dev/urandom. It should be noted that the OS entropy pool
# needs to be properly initialized before wpa_supplicant is started. This is
# important especially on embedded devices that do not have a hardware random
# number generator and may by default start up with minimal entropy available
# for random number generation.
#
# As a safety net, wpa_supplicant is by default trying to internally collect
# additional entropy for generating random data to mix in with the data fetched
# from the OS. This by itself is not considered to be very strong, but it may
# help in cases where the system pool is not initialized properly. However, it
# is very strongly recommended that the system pool is initialized with enough
# entropy either by using hardware assisted random number generator or by
# storing state over device reboots.
#
# wpa_supplicant can be configured to maintain its own entropy store over
# restarts to enhance random number generation. This is not perfect, but it is
# much more secure than using the same sequence of random numbers after every
# reboot. This can be enabled with -e<entropy file> command line option. The
# specified file needs to be readable and writable by wpa_supplicant.
#
# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal wpa_supplicant random pool can be
# disabled. This will save some in binary size and CPU use. However, this
# should only be considered for builds that are known to be used on devices
# that meet the requirements described above.
CONFIG_NO_RANDOM_POOL=y
# Should we attempt to use the getrandom(2) call that provides more reliable
# yet secure randomness source than /dev/random on Linux 3.17 and newer.
# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
CONFIG_GETRANDOM=y
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
#CONFIG_IEEE80211N=y
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
# (depends on CONFIG_IEEE80211N)
#CONFIG_IEEE80211AC=y
# Wireless Network Management (IEEE Std 802.11v-2011)
# Note: This is experimental and not complete implementation.
#CONFIG_WNM=y
# Interworking (IEEE 802.11u)
# This can be used to enable functionality to improve interworking with
# external networks (GAS/ANQP to learn more about the networks and network
# selection based on available credentials).
#CONFIG_INTERWORKING=y
# Hotspot 2.0
#CONFIG_HS20=y
# Enable interface matching in wpa_supplicant
#CONFIG_MATCH_IFACE=y
# Disable roaming in wpa_supplicant
#CONFIG_NO_ROAMING=y
# AP mode operations with wpa_supplicant
# This can be used for controlling AP mode operations with wpa_supplicant. It
# should be noted that this is mainly aimed at simple cases like
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
# external RADIUS server can be supported with hostapd.
CONFIG_AP=y
# P2P (Wi-Fi Direct)
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
# more information on P2P operations.
CONFIG_P2P=y
# Enable TDLS support
#CONFIG_TDLS=y
# Wi-Fi Display
# This can be used to enable Wi-Fi Display extensions for P2P using an external
# program to control the additional information exchanges in the messages.
#CONFIG_WIFI_DISPLAY=y
# Autoscan
# This can be used to enable automatic scan support in wpa_supplicant.
# See wpa_supplicant.conf for more information on autoscan usage.
#
# Enabling directly a module will enable autoscan support.
# For exponential module:
#CONFIG_AUTOSCAN_EXPONENTIAL=y
# For periodic module:
#CONFIG_AUTOSCAN_PERIODIC=y
# Password (and passphrase, etc.) backend for external storage
# These optional mechanisms can be used to add support for storing passwords
# and other secrets in external (to wpa_supplicant) location. This allows, for
# example, operating system specific key storage to be used
#
# External password backend for testing purposes (developer use)
#CONFIG_EXT_PASSWORD_TEST=y
# Enable Fast Session Transfer (FST)
#CONFIG_FST=y
# Enable CLI commands for FST testing
#CONFIG_FST_TEST=y
# OS X builds. This is only for building eapol_test.
#CONFIG_OSX=y
# Automatic Channel Selection
# This will allow wpa_supplicant to pick the channel automatically when channel
# is set to "0".
#
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
# to "channel=0". This would enable us to eventually add other ACS algorithms in
# similar way.
#
# Automatic selection is currently only done through initialization, later on
# we hope to do background checks to keep us moving to more ideal channels as
# time goes by. ACS is currently only supported through the nl80211 driver and
# your driver must have survey dump capability that is filled by the driver
# during scanning.
#
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
# a newly to create wpa_supplicant.conf variable acs_num_scans.
#
# Supported ACS drivers:
# * ath9k
# * ath5k
# * ath10k
#
# For more details refer to:
# http://wireless.kernel.org/en/users/Documentation/acs
#CONFIG_ACS=y
# Support Multi Band Operation
#CONFIG_MBO=y
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y
# Support RSN on IBSS networks
# This is needed to be able to use mode=1 network profile with proto=RSN and
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
CONFIG_IBSS_RSN=y
# External PMKSA cache control
# This can be used to enable control interface commands that allow the current
# PMKSA cache entries to be fetched and new entries to be added.
#CONFIG_PMKSA_CACHE_EXTERNAL=y
# Mesh Networking (IEEE 802.11s)
#CONFIG_MESH=y
# Background scanning modules
# These can be used to request wpa_supplicant to perform background scanning
# operations for roaming within an ESS (same SSID). See the bgscan parameter in
# the wpa_supplicant.conf file for more details.
# Periodic background scans based on signal strength
#CONFIG_BGSCAN_SIMPLE=y
# Learn channels used by the network and try to avoid bgscans on other
# channels (experimental)
#CONFIG_BGSCAN_LEARN=y
# Opportunistic Wireless Encryption (OWE)
# Experimental implementation of draft-harkins-owe-07.txt
#CONFIG_OWE=y
# Device Provisioning Protocol (DPP)
# This requires CONFIG_IEEE80211W=y to be enabled, too. (see
# wpa_supplicant/README-DPP for details)
#CONFIG_DPP=y
# uBus IPC/RPC System
# Services can connect to the bus and provide methods
# that can be called by other services or clients.
CONFIG_UBUS=y
# OpenWrt patch 380-disable-ctrl-iface-mib.patch
# leads to the MIB only being compiled in if
# CONFIG_CTRL_IFACE_MIB is enabled.
CONFIG_CTRL_IFACE_MIB=y

407
openwrt-files/wpa_supplicant.uc Normal file
View file

@ -0,0 +1,407 @@
let libubus = require("ubus");
import { open, readfile } from "fs";
import { wdev_create, wdev_set_mesh_params, wdev_remove, is_equal, wdev_set_up, vlist_new, phy_open } from "common";
let ubus = libubus.connect();
wpas.data.config = {};
wpas.data.iface_phy = {};
wpas.data.macaddr_list = {};
function iface_stop(iface)
{
let ifname = iface.config.iface;
if (!iface.running)
return;
delete wpas.data.iface_phy[ifname];
wpas.remove_iface(ifname);
wdev_remove(ifname);
iface.running = false;
}
function iface_start(phydev, iface, macaddr_list)
{
let phy = phydev.name;
if (iface.running)
return;
let ifname = iface.config.iface;
let wdev_config = {};
for (let field in iface.config)
wdev_config[field] = iface.config[field];
if (!wdev_config.macaddr)
wdev_config.macaddr = phydev.macaddr_next();
wpas.data.iface_phy[ifname] = phy;
wdev_remove(ifname);
let ret = phydev.wdev_add(ifname, wdev_config);
if (ret)
wpas.printf(`Failed to create device ${ifname}: ${ret}`);
wdev_set_up(ifname, true);
wpas.add_iface(iface.config);
iface.running = true;
}
function iface_cb(new_if, old_if)
{
if (old_if && new_if && is_equal(old_if.config, new_if.config)) {
new_if.running = old_if.running;
return;
}
if (new_if && old_if)
wpas.printf(`Update configuration for interface ${old_if.config.iface}`);
else if (old_if)
wpas.printf(`Remove interface ${old_if.config.iface}`);
if (old_if)
iface_stop(old_if);
}
function prepare_config(config, radio)
{
config.config_data = readfile(config.config);
return { config };
}
function set_config(config_name, phy_name, radio, num_global_macaddr, macaddr_base, config_list)
{
let phy = wpas.data.config[config_name];
if (radio < 0)
radio = null;
if (!phy) {
phy = vlist_new(iface_cb, false);
phy.name = phy_name;
wpas.data.config[config_name] = phy;
}
phy.radio = radio;
phy.num_global_macaddr = num_global_macaddr;
phy.macaddr_base = macaddr_base;
let values = [];
for (let config in config_list)
push(values, [ config.iface, prepare_config(config) ]);
phy.update(values);
}
function start_pending(phy_name)
{
let phy = wpas.data.config[phy_name];
let ubus = wpas.data.ubus;
if (!phy || !phy.data)
return;
let phydev = phy_open(phy.name, phy.radio);
if (!phydev) {
wpas.printf(`Could not open phy ${phy_name}`);
return;
}
let macaddr_list = wpas.data.macaddr_list[phy_name];
phydev.macaddr_init(macaddr_list, {
num_global: phy.num_global_macaddr,
macaddr_base: phy.macaddr_base,
});
for (let ifname in phy.data)
iface_start(phydev, phy.data[ifname]);
}
function phy_name(phy, radio)
{
if (!phy)
return null;
if (radio != null && radio >= 0)
phy += "." + radio;
return phy;
}
let main_obj = {
phy_set_state: {
args: {
phy: "",
radio: 0,
stop: true,
},
call: function(req) {
let name = phy_name(req.args.phy, req.args.radio);
if (!name || req.args.stop == null)
return libubus.STATUS_INVALID_ARGUMENT;
let phy = wpas.data.config[name];
if (!phy)
return libubus.STATUS_NOT_FOUND;
try {
if (req.args.stop) {
for (let ifname in phy.data)
iface_stop(phy.data[ifname]);
} else {
start_pending(name);
}
} catch (e) {
wpas.printf(`Error chaging state: ${e}\n${e.stacktrace[0].context}`);
return libubus.STATUS_INVALID_ARGUMENT;
}
return 0;
}
},
phy_set_macaddr_list: {
args: {
phy: "",
radio: 0,
macaddr: [],
},
call: function(req) {
let phy = phy_name(req.args.phy, req.args.radio);
if (!phy)
return libubus.STATUS_INVALID_ARGUMENT;
wpas.data.macaddr_list[phy] = req.args.macaddr;
return 0;
}
},
phy_status: {
args: {
phy: "",
radio: 0,
},
call: function(req) {
let phy = phy_name(req.args.phy, req.args.radio);
if (!phy)
return libubus.STATUS_INVALID_ARGUMENT;
phy = wpas.data.config[phy];
if (!phy)
return libubus.STATUS_NOT_FOUND;
for (let ifname in phy.data) {
try {
let iface = wpas.interfaces[ifname];
if (!iface)
continue;
let status = iface.status();
if (!status)
continue;
if (status.state == "INTERFACE_DISABLED")
continue;
status.ifname = ifname;
return status;
} catch (e) {
continue;
}
}
return libubus.STATUS_NOT_FOUND;
}
},
config_set: {
args: {
phy: "",
radio: 0,
num_global_macaddr: 0,
macaddr_base: "",
config: [],
defer: true,
},
call: function(req) {
let phy = phy_name(req.args.phy, req.args.radio);
if (!phy)
return libubus.STATUS_INVALID_ARGUMENT;
wpas.printf(`Set new config for phy ${phy}`);
try {
if (req.args.config)
set_config(phy, req.args.phy, req.args.radio, req.args.num_global_macaddr, req.args.macaddr_base, req.args.config);
if (!req.args.defer)
start_pending(phy);
} catch (e) {
wpas.printf(`Error loading config: ${e}\n${e.stacktrace[0].context}`);
return libubus.STATUS_INVALID_ARGUMENT;
}
return {
pid: wpas.getpid()
};
}
},
config_add: {
args: {
driver: "",
iface: "",
bridge: "",
hostapd_ctrl: "",
ctrl: "",
config: "",
},
call: function(req) {
if (!req.args.iface || !req.args.config)
return libubus.STATUS_INVALID_ARGUMENT;
if (wpas.add_iface(req.args) < 0)
return libubus.STATUS_INVALID_ARGUMENT;
return {
pid: wpas.getpid()
};
}
},
config_remove: {
args: {
iface: ""
},
call: function(req) {
if (!req.args.iface)
return libubus.STATUS_INVALID_ARGUMENT;
wpas.remove_iface(req.args.iface);
return 0;
}
},
bss_info: {
args: {
iface: "",
},
call: function(req) {
let ifname = req.args.iface;
if (!ifname)
return libubus.STATUS_INVALID_ARGUMENT;
let iface = wpas.interfaces[ifname];
if (!iface)
return libubus.STATUS_NOT_FOUND;
let status = iface.ctrl("STATUS");
if (!status)
return libubus.STATUS_NOT_FOUND;
let ret = {};
status = split(status, "\n");
for (let line in status) {
line = split(line, "=", 2);
ret[line[0]] = line[1];
}
return ret;
}
},
};
wpas.data.ubus = ubus;
wpas.data.obj = ubus.publish("wpa_supplicant", main_obj);
wpas.udebug_set("wpa_supplicant", wpas.data.ubus);
function iface_event(type, name, data) {
let ubus = wpas.data.ubus;
data ??= {};
data.name = name;
wpas.data.obj.notify(`iface.${type}`, data, null, null, null, -1);
ubus.call("service", "event", { type: `wpa_supplicant.${name}.${type}`, data: {} });
}
function iface_hostapd_notify(phy, ifname, iface, state)
{
let ubus = wpas.data.ubus;
let status = iface.status();
let msg = { phy: phy };
switch (state) {
case "DISCONNECTED":
case "AUTHENTICATING":
case "SCANNING":
msg.up = false;
break;
case "INTERFACE_DISABLED":
case "INACTIVE":
msg.up = true;
break;
case "COMPLETED":
msg.up = true;
msg.frequency = status.frequency;
msg.sec_chan_offset = status.sec_chan_offset;
break;
default:
return;
}
ubus.call("hostapd", "apsta_state", msg);
}
function iface_channel_switch(phy, ifname, iface, info)
{
let msg = {
phy: phy,
up: true,
csa: true,
csa_count: info.csa_count ? info.csa_count - 1 : 0,
frequency: info.frequency,
sec_chan_offset: info.sec_chan_offset,
};
ubus.call("hostapd", "apsta_state", msg);
}
return {
shutdown: function() {
for (let phy in wpas.data.config)
set_config(phy, []);
wpas.ubus.disconnect();
},
iface_add: function(name, obj) {
iface_event("add", name);
},
iface_remove: function(name, obj) {
iface_event("remove", name);
},
state: function(ifname, iface, state) {
let phy = wpas.data.iface_phy[ifname];
if (!phy) {
wpas.printf(`no PHY for ifname ${ifname}`);
return;
}
iface_hostapd_notify(phy, ifname, iface, state);
if (state != "COMPLETED")
return;
let phy_data = wpas.data.config[phy];
if (!phy_data)
return;
let iface_data = phy_data.data[ifname];
if (!iface_data)
return;
let wdev_config = iface_data.config;
if (!wdev_config || wdev_config.mode != "mesh")
return;
wdev_set_mesh_params(ifname, wdev_config);
},
event: function(ifname, iface, ev, info) {
let phy = wpas.data.iface_phy[ifname];
if (!phy) {
wpas.printf(`no PHY for ifname ${ifname}`);
return;
}
if (ev == "CH_SWITCH_STARTED")
iface_channel_switch(phy, ifname, iface, info);
}
};

43
openwrt-files/wpad.init Normal file
View file

@ -0,0 +1,43 @@
#!/bin/sh /etc/rc.common
START=19
STOP=21
USE_PROCD=1
NAME=wpad
start_service() {
if [ -x "/usr/sbin/hostapd" ]; then
mkdir -p /var/run/hostapd
chown network:network /var/run/hostapd
procd_open_instance hostapd
procd_set_param command /usr/sbin/hostapd -s -g /var/run/hostapd/global
procd_set_param respawn 3600 1 0
procd_set_param limits core="unlimited"
[ -x /sbin/ujail -a -e /etc/capabilities/wpad.json ] && {
procd_add_jail hostapd
procd_set_param capabilities /etc/capabilities/wpad.json
procd_set_param user network
procd_set_param group network
procd_set_param no_new_privs 1
}
procd_close_instance
fi
if [ -x "/usr/sbin/wpa_supplicant" ]; then
mkdir -p /var/run/wpa_supplicant
chown network:network /var/run/wpa_supplicant
procd_open_instance supplicant
procd_set_param command /usr/sbin/wpa_supplicant -n -s -g /var/run/wpa_supplicant/global
procd_set_param respawn 3600 1 0
procd_set_param limits core="unlimited"
[ -x /sbin/ujail -a -e /etc/capabilities/wpad.json ] && {
procd_add_jail wpa_supplicant
procd_set_param capabilities /etc/capabilities/wpad.json
procd_set_param user network
procd_set_param group network
procd_set_param no_new_privs 1
}
procd_close_instance
fi
}

22
openwrt-files/wpad.json Normal file
View file

@ -0,0 +1,22 @@
{
"bounding": [
"CAP_NET_ADMIN",
"CAP_NET_RAW"
],
"effective": [
"CAP_NET_ADMIN",
"CAP_NET_RAW"
],
"ambient": [
"CAP_NET_ADMIN",
"CAP_NET_RAW"
],
"permitted": [
"CAP_NET_ADMIN",
"CAP_NET_RAW"
],
"inheritable": [
"CAP_NET_ADMIN",
"CAP_NET_RAW"
]
}

20
openwrt-files/wpad_acl.json Normal file
View file

@ -0,0 +1,20 @@
{
"user": "network",
"access": {
"service": {
"methods": [ "event" ]
},
"wpa_supplicant": {
"methods": [ "phy_set_state", "phy_set_macaddr_list", "phy_status" ]
},
"hostapd": {
"methods": [ "apsta_state" ]
},
"udebug": {
"methods": [ "get_config" ]
}
},
"subscribe": [ "udebug" ],
"publish": [ "hostapd", "hostapd.*", "wpa_supplicant", "wpa_supplicant.*", "hostapd-auth" ],
"send": [ "bss.*", "wps_credentials" ]
}

69
openwrt-files/wps-hotplug.sh Normal file
View file

@ -0,0 +1,69 @@
#!/bin/sh
wps_catch_credentials() {
local iface ifaces ifc ifname ssid encryption key radio radios
local found=0
. /usr/share/libubox/jshn.sh
ubus -S -t 30 listen wps_credentials | while read creds; do
json_init
json_load "$creds"
json_select wps_credentials || continue
json_get_vars ifname ssid key encryption
local ifcname="$ifname"
json_init
json_load "$(ubus -S call network.wireless status)"
json_get_keys radios
for radio in $radios; do
json_select $radio
json_select interfaces
json_get_keys ifaces
for ifc in $ifaces; do
json_select $ifc
json_get_vars ifname
[ "$ifname" = "$ifcname" ] && {
ubus -S call uci set "{\"config\":\"wireless\", \"type\":\"wifi-iface\", \
\"match\": { \"device\": \"$radio\", \"encryption\": \"wps\" }, \
\"values\": { \"encryption\": \"$encryption\", \
\"ssid\": \"$ssid\", \
\"key\": \"$key\" } }"
ubus -S call uci commit '{"config": "wireless"}'
ubus -S call uci apply
}
json_select ..
done
json_select ..
json_select ..
done
done
}
if [ "$ACTION" = "released" ] && [ "$BUTTON" = "wps" ]; then
# If the button was pressed for 3 seconds or more, trigger WPS on
# wpa_supplicant only, no matter if hostapd is running or not. If
# was pressed for less than 3 seconds, try triggering on
# hostapd. If there is no hostapd instance to trigger it on or WPS
# is not enabled on them, trigger it on wpa_supplicant.
if [ "$SEEN" -lt 3 ] ; then
wps_done=0
ubusobjs="$( ubus -S list hostapd.* )"
for ubusobj in $ubusobjs; do
ubus -S call $ubusobj wps_start && wps_done=1
done
[ $wps_done = 0 ] || return 0
fi
wps_done=0
ubusobjs="$( ubus -S list wpa_supplicant.* )"
for ubusobj in $ubusobjs; do
ifname="$(echo $ubusobj | cut -d'.' -f2 )"
multi_ap=""
if [ -e "/var/run/wpa_supplicant-${ifname}.conf.is_multiap" ]; then
ubus -S call $ubusobj wps_start '{ "multi_ap": true }' && wps_done=1
else
ubus -S call $ubusobj wps_start && wps_done=1
fi
done
[ $wps_done = 0 ] || wps_catch_credentials &
fi
return 0

5
src/ap/acs.c
View file

@ -471,17 +471,17 @@ static int acs_get_bw_center_chan(int freq, enum bw_type bw)
static int acs_survey_is_sufficient(struct freq_survey *survey)
{
if (!(survey->filled & SURVEY_HAS_NF)) {
survey->nf = -95;
wpa_printf(MSG_INFO,
"ACS: Survey for freq %d is missing noise floor",
survey->freq);
return 0;
}
if (!(survey->filled & SURVEY_HAS_CHAN_TIME)) {
survey->channel_time = 0;
wpa_printf(MSG_INFO,
"ACS: Survey for freq %d is missing channel time",
survey->freq);
return 0;
}
if (!(survey->filled & SURVEY_HAS_CHAN_TIME_BUSY) &&
@ -489,7 +489,6 @@ static int acs_survey_is_sufficient(struct freq_survey *survey)
wpa_printf(MSG_INFO,
"ACS: Survey for freq %d is missing RX and busy time (at least one is required)",
survey->freq);
return 0;
}
return 1;

15
src/ap/airtime_policy.c
View file

@ -112,8 +112,14 @@ static void set_sta_weights(struct hostapd_data *hapd, unsigned int weight)
{
struct sta_info *sta;
for (sta = hapd->sta_list; sta; sta = sta->next)
sta_set_airtime_weight(hapd, sta, weight);
for (sta = hapd->sta_list; sta; sta = sta->next) {
unsigned int sta_weight = weight;
if (sta->dyn_airtime_weight)
sta_weight = (weight * sta->dyn_airtime_weight) / 256;
sta_set_airtime_weight(hapd, sta, sta_weight);
}
}
@ -244,7 +250,10 @@ int airtime_policy_new_sta(struct hostapd_data *hapd, struct sta_info *sta)
unsigned int weight;
if (hapd->iconf->airtime_mode == AIRTIME_MODE_STATIC) {
weight = get_weight_for_sta(hapd, sta->addr);
if (sta->dyn_airtime_weight)
weight = sta->dyn_airtime_weight;
else
weight = get_weight_for_sta(hapd, sta->addr);
if (weight)
return sta_set_airtime_weight(hapd, sta, weight);
}

2
src/ap/ap_config.h
View file

@ -1122,6 +1122,8 @@ struct hostapd_config {
int ht_op_mode_fixed;
u16 ht_capab;
int noscan;
int no_ht_coex;
int ieee80211n;
int secondary_channel;
int no_pri_sec_switch;

26
src/ap/ap_drv_ops.c
View file

@ -918,7 +918,8 @@ int hostapd_drv_wnm_oper(struct hostapd_data *hapd, enum wnm_oper oper,
static int hapd_drv_send_action(struct hostapd_data *hapd, unsigned int freq,
unsigned int wait, const u8 *dst,
const u8 *data, size_t len, bool addr3_ap)
const u8 *data, size_t len, bool addr3_ap,
const u8 *forced_a3)
{
const u8 *own_addr = hapd->own_addr;
const u8 *bssid;
@ -930,8 +931,10 @@ static int hapd_drv_send_action(struct hostapd_data *hapd, unsigned int freq,
if (!hapd->driver || !hapd->driver->send_action || !hapd->drv_priv)
return 0;
bssid = hapd->own_addr;
if (!addr3_ap && !is_multicast_ether_addr(dst) &&
len > 0 && data[0] == WLAN_ACTION_PUBLIC) {
if (forced_a3) {
bssid = forced_a3;
} else if (!addr3_ap && !is_multicast_ether_addr(dst) &&
len > 0 && data[0] == WLAN_ACTION_PUBLIC) {
/*
* Public Action frames to a STA that is not a member of the BSS
* shall use wildcard BSSID value.
@ -968,7 +971,8 @@ int hostapd_drv_send_action(struct hostapd_data *hapd, unsigned int freq,
unsigned int wait, const u8 *dst, const u8 *data,
size_t len)
{
return hapd_drv_send_action(hapd, freq, wait, dst, data, len, false);
return hapd_drv_send_action(hapd, freq, wait, dst, data, len, false,
NULL);
}
@ -977,7 +981,19 @@ int hostapd_drv_send_action_addr3_ap(struct hostapd_data *hapd,
unsigned int wait, const u8 *dst,
const u8 *data, size_t len)
{
return hapd_drv_send_action(hapd, freq, wait, dst, data, len, true);
return hapd_drv_send_action(hapd, freq, wait, dst, data, len, true,
NULL);
}
int hostapd_drv_send_action_forced_addr3(struct hostapd_data *hapd,
unsigned int freq,
unsigned int wait, const u8 *dst,
const u8 *a3,
const u8 *data, size_t len)
{
return hapd_drv_send_action(hapd, freq, wait, dst, data, len, false,
a3);
}

5
src/ap/ap_drv_ops.h
View file

@ -116,6 +116,11 @@ int hostapd_drv_send_action_addr3_ap(struct hostapd_data *hapd,
unsigned int freq,
unsigned int wait, const u8 *dst,
const u8 *data, size_t len);
int hostapd_drv_send_action_forced_addr3(struct hostapd_data *hapd,
unsigned int freq,
unsigned int wait, const u8 *dst,
const u8 *a3,
const u8 *data, size_t len);
static inline void
hostapd_drv_send_action_cancel_wait(struct hostapd_data *hapd)
{

14
src/ap/beacon.c
View file

@ -1418,6 +1418,12 @@ void handle_probe_req(struct hostapd_data *hapd,
int mld_id;
u16 links;
#endif /* CONFIG_IEEE80211BE */
struct hostapd_ubus_request req = {
.type = HOSTAPD_UBUS_PROBE_REQ,
.mgmt_frame = mgmt,
.ssi_signal = ssi_signal,
.elems = &elems,
};
if (hapd->iconf->rssi_ignore_probe_request && ssi_signal &&
ssi_signal < hapd->iconf->rssi_ignore_probe_request)
@ -1604,6 +1610,12 @@ void handle_probe_req(struct hostapd_data *hapd,
}
#endif /* CONFIG_P2P */
if (hostapd_ubus_handle_event(hapd, &req)) {
wpa_printf(MSG_DEBUG, "Probe request for " MACSTR " rejected by ubus handler.\n",
MAC2STR(mgmt->sa));
return;
}
/* TODO: verify that supp_rates contains at least one matching rate
* with AP configuration */
@ -3125,7 +3137,7 @@ static void hostapd_gen_per_sta_profiles(struct hostapd_data *hapd)
continue;
link_id = link_bss->mld_link_id;
if (link_id > MAX_NUM_MLD_LINKS)
if (link_id >= MAX_NUM_MLD_LINKS)
continue;
sta_profile = NULL;

45
src/ap/ctrl_iface_ap.c
View file

@ -26,6 +26,26 @@
#include "taxonomy.h"
#include "wnm_ap.h"
static const char * hw_mode_str(enum hostapd_hw_mode mode)
{
switch (mode) {
case HOSTAPD_MODE_IEEE80211B:
return "b";
case HOSTAPD_MODE_IEEE80211G:
return "g";
case HOSTAPD_MODE_IEEE80211A:
return "a";
case HOSTAPD_MODE_IEEE80211AD:
return "ad";
case HOSTAPD_MODE_IEEE80211ANY:
return "any";
case NUM_HOSTAPD_MODES:
return "invalid";
}
return "unknown";
}
#ifdef CONFIG_CTRL_IFACE_MIB
static size_t hostapd_write_ht_mcs_bitmask(char *buf, size_t buflen,
size_t curr_len, const u8 *mcs_set)
@ -212,26 +232,6 @@ static const char * timeout_next_str(int val)
}
static const char * hw_mode_str(enum hostapd_hw_mode mode)
{
switch (mode) {
case HOSTAPD_MODE_IEEE80211B:
return "b";
case HOSTAPD_MODE_IEEE80211G:
return "g";
case HOSTAPD_MODE_IEEE80211A:
return "a";
case HOSTAPD_MODE_IEEE80211AD:
return "ad";
case HOSTAPD_MODE_IEEE80211ANY:
return "any";
case NUM_HOSTAPD_MODES:
return "invalid";
}
return "unknown";
}
static int hostapd_ctrl_iface_sta_mib(struct hostapd_data *hapd,
struct sta_info *sta,
char *buf, size_t buflen)
@ -562,6 +562,7 @@ int hostapd_ctrl_iface_sta_next(struct hostapd_data *hapd, const char *txtaddr,
return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen);
}
#endif
#ifdef CONFIG_P2P_MANAGER
static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
@ -1016,12 +1017,12 @@ int hostapd_ctrl_iface_status(struct hostapd_data *hapd, char *buf,
return len;
len += ret;
}
#ifdef CONFIG_CTRL_IFACE_MIB
if (iface->conf->ieee80211n && !hapd->conf->disable_11n && mode) {
len = hostapd_write_ht_mcs_bitmask(buf, buflen, len,
mode->mcs_set);
}
#endif /* CONFIG_CTRL_IFACE_MIB */
if (iface->current_rates && iface->num_rates) {
ret = os_snprintf(buf + len, buflen - len, "supported_rates=");
if (os_snprintf_error(buflen - len, ret))

22
src/ap/dfs.c
View file

@ -18,6 +18,7 @@
#include "ap_drv_ops.h"
#include "drivers/driver.h"
#include "dfs.h"
#include "crypto/crypto.h"
enum dfs_channel_type {
@ -534,9 +535,14 @@ dfs_get_valid_channel(struct hostapd_iface *iface,
int num_available_chandefs;
int chan_idx, chan_idx2;
int sec_chan_idx_80p80 = -1;
bool is_mesh = false;
int i;
u32 _rand;
#ifdef CONFIG_MESH
is_mesh = iface->mconf;
#endif
wpa_printf(MSG_DEBUG, "DFS: Selecting random channel");
*secondary_channel = 0;
*oper_centr_freq_seg0_idx = 0;
@ -556,8 +562,20 @@ dfs_get_valid_channel(struct hostapd_iface *iface,
if (num_available_chandefs == 0)
return NULL;
if (os_get_random((u8 *) &_rand, sizeof(_rand)) < 0)
/* try to use deterministic channel in mesh, so that both sides
* have a chance to switch to the same channel */
if (is_mesh) {
#ifdef CONFIG_MESH
u64 hash[4];
const u8 *meshid[1] = { &iface->mconf->meshid[0] };
const size_t meshid_len = iface->mconf->meshid_len;
sha256_vector(1, meshid, &meshid_len, (u8 *)&hash[0]);
_rand = hash[0] + hash[1] + hash[2] + hash[3];
#endif
} else if (os_get_random((u8 *) &_rand, sizeof(_rand)) < 0)
return NULL;
chan_idx = _rand % num_available_chandefs;
wpa_printf(MSG_DEBUG, "DFS: Picked random entry from the list: %d/%d",
chan_idx, num_available_chandefs);
@ -1225,6 +1243,8 @@ int hostapd_dfs_pre_cac_expired(struct hostapd_iface *iface, int freq,
"freq=%d ht_enabled=%d chan_offset=%d chan_width=%d cf1=%d cf2=%d",
freq, ht_enabled, chan_offset, chan_width, cf1, cf2);
hostapd_ubus_notify_radar_detected(iface, freq, chan_width, cf1, cf2);
/* Proceed only if DFS is not offloaded to the driver */
if (iface->drv_flags & WPA_DRIVER_FLAGS_DFS_OFFLOAD)
return 0;

27
src/ap/drv_callbacks.c
View file

@ -18,6 +18,7 @@
#include "common/dpp.h"
#include "common/sae.h"
#include "common/hw_features_common.h"
#include "common/nan_de.h"
#include "crypto/random.h"
#include "p2p/p2p.h"
#include "wps/wps.h"
@ -316,6 +317,10 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
struct hostapd_iface *iface = hapd->iface;
#endif /* CONFIG_OWE */
bool updated = false;
struct hostapd_ubus_request req = {
.type = HOSTAPD_UBUS_ASSOC_REQ,
.addr = addr,
};
if (addr == NULL) {
/*
@ -460,6 +465,12 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr,
goto fail;
}
if (hostapd_ubus_handle_event(hapd, &req)) {
wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
MAC2STR(req.addr));
goto fail;
}
#ifdef CONFIG_P2P
if (elems.p2p) {
wpabuf_free(sta->p2p_ie);
@ -1368,6 +1379,7 @@ void hostapd_event_ch_switch(struct hostapd_data *hapd, int freq, int ht,
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_CSA_FINISHED
"freq=%d dfs=%d", freq, is_dfs);
hostapd_ubus_notify_csa(hapd, freq);
} else if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_DFS_OFFLOAD) {
/* Complete AP configuration for the first bring up. */
if (is_dfs0 > 0 &&
@ -1787,8 +1799,8 @@ static void hostapd_action_rx(struct hostapd_data *hapd,
pos = mgmt->u.action.u.vs_public_action.variable;
end = drv_mgmt->frame + drv_mgmt->frame_len;
pos++;
hostapd_nan_usd_rx_sdf(hapd, mgmt->sa, drv_mgmt->freq,
pos, end - pos);
hostapd_nan_usd_rx_sdf(hapd, mgmt->sa, mgmt->bssid,
drv_mgmt->freq, pos, end - pos);
return;
}
#endif /* CONFIG_NAN_USD */
@ -1855,6 +1867,11 @@ static struct hostapd_data * get_hapd_bssid(struct hostapd_iface *iface,
if (bssid[0] == 0xff && bssid[1] == 0xff && bssid[2] == 0xff &&
bssid[3] == 0xff && bssid[4] == 0xff && bssid[5] == 0xff)
return HAPD_BROADCAST;
#ifdef CONFIG_NAN_USD
if (nan_de_is_nan_network_id(bssid))
return HAPD_BROADCAST; /* Process NAN Network ID like broadcast
*/
#endif /* CONFIG_NAN_USD */
for (i = 0; i < iface->num_bss; i++) {
struct hostapd_data *hapd;
@ -2514,8 +2531,8 @@ static void hostapd_mld_iface_disable(struct hostapd_data *hapd)
#endif /* CONFIG_IEEE80211BE */
void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
union wpa_event_data *data)
void hostapd_wpa_event(void *ctx, enum wpa_event_type event,
union wpa_event_data *data)
{
struct hostapd_data *hapd = ctx;
struct sta_info *sta;
@ -2873,7 +2890,7 @@ void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
}
void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
void hostapd_wpa_event_global(void *ctx, enum wpa_event_type event,
union wpa_event_data *data)
{
struct hapd_interfaces *interfaces = ctx;

46
src/ap/hostapd.c
View file

@ -475,6 +475,7 @@ void hostapd_free_hapd_data(struct hostapd_data *hapd)
hapd->beacon_set_done = 0;
wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface);
hostapd_ubus_free_bss(hapd);
accounting_deinit(hapd);
hostapd_deinit_wpa(hapd);
vlan_deinit(hapd);
@ -485,7 +486,7 @@ void hostapd_free_hapd_data(struct hostapd_data *hapd)
struct hapd_interfaces *ifaces = hapd->iface->interfaces;
size_t i;
for (i = 0; i < ifaces->count; i++) {
for (i = 0; ifaces && i < ifaces->count; i++) {
struct hostapd_iface *iface = ifaces->iface[i];
size_t j;
@ -1316,6 +1317,8 @@ static int hostapd_start_beacon(struct hostapd_data *hapd,
if (hapd->driver && hapd->driver->set_operstate)
hapd->driver->set_operstate(hapd->drv_priv, 1);
hostapd_ubus_add_bss(hapd);
return 0;
}
@ -2420,7 +2423,11 @@ static int hostapd_owe_iface_iter(struct hostapd_iface *iface, void *ctx)
if (!bss->conf->ssid.ssid_set || !bss->conf->ssid.ssid_len ||
is_zero_ether_addr(bss->own_addr))
continue;
if (!os_memcmp(hapd->conf->owe_transition_bssid, bss->own_addr, ETH_ALEN) &&
hapd->conf->owe_transition_ssid_len == bss->conf->ssid.ssid_len &&
!os_memcmp(hapd->conf->owe_transition_ssid, bss->conf->ssid.ssid,
bss->conf->ssid.ssid_len))
return 0;
os_memcpy(hapd->conf->owe_transition_bssid, bss->own_addr,
ETH_ALEN);
os_memcpy(hapd->conf->owe_transition_ssid,
@ -2437,10 +2444,6 @@ static int hostapd_owe_iface_iter(struct hostapd_iface *iface, void *ctx)
int hostapd_owe_trans_get_info(struct hostapd_data *hapd)
{
if (hapd->conf->owe_transition_ssid_len > 0 &&
!is_zero_ether_addr(hapd->conf->owe_transition_bssid))
return 0;
/* Find transition mode SSID/BSSID information from a BSS operated by
* this hostapd instance. */
if (!hapd->iface->interfaces ||
@ -2525,6 +2528,7 @@ static int hostapd_setup_interface_complete_sync(struct hostapd_iface *iface,
if (err)
goto fail;
hostapd_ubus_add_iface(iface);
wpa_printf(MSG_DEBUG, "Completing interface initialization");
if (iface->freq) {
#ifdef NEED_AP_MLME
@ -2750,6 +2754,7 @@ dfs_offload:
fail:
wpa_printf(MSG_ERROR, "Interface initialization failed");
hostapd_ubus_free_iface(iface);
if (iface->is_no_ir) {
hostapd_set_state(iface, HAPD_IFACE_NO_IR);
@ -3478,6 +3483,7 @@ void hostapd_interface_deinit_free(struct hostapd_iface *iface)
(unsigned int) iface->conf->num_bss);
driver = iface->bss[0]->driver;
drv_priv = iface->bss[0]->drv_priv;
hostapd_ubus_free_iface(iface);
hostapd_interface_deinit(iface);
wpa_printf(MSG_DEBUG, "%s: driver=%p drv_priv=%p -> hapd_deinit",
__func__, driver, drv_priv);
@ -4055,6 +4061,8 @@ int hostapd_remove_iface(struct hapd_interfaces *interfaces, char *buf)
void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
int reassoc)
{
int mld_assoc_link_id = -1;
if (hapd->tkip_countermeasures) {
hostapd_drv_sta_deauth(hapd, sta->addr,
WLAN_REASON_MICHAEL_MIC_FAILURE);
@ -4062,10 +4070,16 @@ void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta,
}
#ifdef CONFIG_IEEE80211BE
if (ap_sta_is_mld(hapd, sta) &&
sta->mld_assoc_link_id != hapd->mld_link_id)
return;
if (ap_sta_is_mld(hapd, sta)) {
if (sta->mld_assoc_link_id == hapd->mld_link_id) {
mld_assoc_link_id = sta->mld_assoc_link_id;
} else {
return;
}
}
#endif /* CONFIG_IEEE80211BE */
if (mld_assoc_link_id != -2)
hostapd_prune_associations(hapd, sta->addr, mld_assoc_link_id);
ap_sta_clear_disconnect_timeouts(hapd, sta);
sta->post_csa_sa_query = 0;
@ -4564,15 +4578,15 @@ int hostapd_switch_channel(struct hostapd_data *hapd,
int hostapd_force_channel_switch(struct hostapd_iface *iface,
struct csa_settings settings)
struct csa_settings *settings)
{
int ret = 0;
if (!settings.freq_params.channel) {
if (!settings->freq_params.channel) {
/* Check if the new channel is supported */
settings.freq_params.channel = hostapd_hw_get_channel(
iface->bss[0], settings.freq_params.freq);
if (!settings.freq_params.channel)
settings->freq_params.channel = hostapd_hw_get_channel(
iface->bss[0], settings->freq_params.freq);
if (!settings->freq_params.channel)
return -1;
}
@ -4582,9 +4596,9 @@ int hostapd_force_channel_switch(struct hostapd_iface *iface,
return ret;
}
hostapd_chan_switch_config(iface->bss[0], &settings.freq_params);
hostapd_chan_switch_config(iface->bss[0], &settings->freq_params);
ret = hostapd_change_config_freq(iface->bss[0], iface->conf,
&settings.freq_params, NULL);
&settings->freq_params, NULL);
if (ret) {
wpa_printf(MSG_DEBUG,
"Failed to set the new channel in config");

23
src/ap/hostapd.h
View file

@ -18,6 +18,7 @@
#include "utils/list.h"
#include "ap_config.h"
#include "drivers/driver.h"
#include "ubus.h"
#define OCE_STA_CFON_ENABLED(hapd) \
((hapd->conf->oce & OCE_STA_CFON) && \
@ -184,6 +185,21 @@ struct mld_link_info {
u8 *resp_sta_profile;
};
/**
* struct hostapd_openwrt_stats - OpenWrt custom STA/AP statistics
*/
struct hostapd_openwrt_stats {
struct {
u64 neighbor_report_tx;
} rrm;
struct {
u64 bss_transition_query_rx;
u64 bss_transition_request_tx;
u64 bss_transition_response_rx;
} wnm;
};
/**
* struct hostapd_data - hostapd per-BSS data structure
*/
@ -191,6 +207,7 @@ struct hostapd_data {
struct hostapd_iface *iface;
struct hostapd_config *iconf;
struct hostapd_bss_config *conf;
struct hostapd_ubus_bss ubus;
int interface_added; /* virtual interface added for this BSS */
unsigned int started:1;
unsigned int disabled:1;
@ -198,6 +215,9 @@ struct hostapd_data {
u8 own_addr[ETH_ALEN];
/* OpenWrt specific statistics */
struct hostapd_openwrt_stats openwrt_stats;
int num_sta; /* number of entries in sta_list */
struct sta_info *sta_list; /* STA info list head */
#define STA_HASH_SIZE 256
@ -758,6 +778,7 @@ hostapd_alloc_bss_data(struct hostapd_iface *hapd_iface,
struct hostapd_bss_config *bss);
int hostapd_setup_interface(struct hostapd_iface *iface);
int hostapd_setup_interface_complete(struct hostapd_iface *iface, int err);
void hostapd_set_own_neighbor_report(struct hostapd_data *hapd);
void hostapd_interface_deinit(struct hostapd_iface *iface);
void hostapd_interface_free(struct hostapd_iface *iface);
struct hostapd_iface * hostapd_alloc_iface(void);
@ -787,7 +808,7 @@ void hostapd_chan_switch_config(struct hostapd_data *hapd,
int hostapd_switch_channel(struct hostapd_data *hapd,
struct csa_settings *settings);
int hostapd_force_channel_switch(struct hostapd_iface *iface,
struct csa_settings settings);
struct csa_settings *settings);
void
hostapd_switch_channel_fallback(struct hostapd_iface *iface,
const struct hostapd_freq_params *freq_params);

3
src/ap/hw_features.c
View file

@ -573,7 +573,8 @@ static int ieee80211n_check_40mhz(struct hostapd_iface *iface)
int ret;
/* Check that HT40 is used and PRI / SEC switch is allowed */
if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch)
if (!iface->conf->secondary_channel || iface->conf->no_pri_sec_switch ||
iface->conf->noscan)
return 0;
hostapd_set_state(iface, HAPD_IFACE_HT_SCAN);

52
src/ap/ieee802_11.c
View file

@ -26,6 +26,7 @@
#include "common/wpa_common.h"
#include "common/wpa_ctrl.h"
#include "common/ptksa_cache.h"
#include "common/nan_de.h"
#include "radius/radius.h"
#include "radius/radius_client.h"
#include "p2p/p2p.h"
@ -2481,7 +2482,8 @@ static void pasn_fils_auth_resp(struct hostapd_data *hapd,
wpabuf_head(pasn->secret),
wpabuf_len(pasn->secret),
pasn_get_ptk(sta->pasn), pasn_get_akmp(sta->pasn),
pasn_get_cipher(sta->pasn), sta->pasn->kdk_len);
pasn_get_cipher(sta->pasn), sta->pasn->kdk_len,
sta->pasn->kek_len);
if (ret) {
wpa_printf(MSG_DEBUG, "PASN: FILS: Failed to derive PTK");
goto fail;
@ -2895,7 +2897,7 @@ static void handle_auth(struct hostapd_data *hapd,
u16 auth_alg, auth_transaction, status_code;
u16 resp = WLAN_STATUS_SUCCESS;
struct sta_info *sta = NULL;
int res, reply_res;
int res, reply_res, ubus_resp;
u16 fc;
const u8 *challenge = NULL;
u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
@ -2906,6 +2908,11 @@ static void handle_auth(struct hostapd_data *hapd,
#ifdef CONFIG_IEEE80211BE
bool mld_sta = false;
#endif /* CONFIG_IEEE80211BE */
struct hostapd_ubus_request req = {
.type = HOSTAPD_UBUS_AUTH_REQ,
.mgmt_frame = mgmt,
.ssi_signal = rssi,
};
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
@ -3102,6 +3109,13 @@ static void handle_auth(struct hostapd_data *hapd,
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
ubus_resp = hostapd_ubus_handle_event(hapd, &req);
if (ubus_resp) {
wpa_printf(MSG_DEBUG, "Station " MACSTR " rejected by ubus handler.\n",
MAC2STR(mgmt->sa));
resp = ubus_resp > 0 ? (u16) ubus_resp : WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
if (res == HOSTAPD_ACL_PENDING)
return;
@ -4782,6 +4796,13 @@ static int add_associated_sta(struct hostapd_data *hapd,
* drivers to accept the STA parameter configuration. Since this is
* after a new FT-over-DS exchange, a new TK has been derived, so key
* reinstallation is not a concern for this case.
*
* If the STA was associated and authorized earlier, but came for a new
* connection (!added_unassoc + !reassoc), remove the existing STA entry
* so that it can be re-added. This case is rarely seen when the AP could
* not receive the deauth/disassoc frame from the STA. And the STA comes
* back with new connection within a short period or before the inactive
* STA entry is removed from the list.
*/
wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
" (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
@ -4795,7 +4816,8 @@ static int add_associated_sta(struct hostapd_data *hapd,
(!(sta->flags & WLAN_STA_AUTHORIZED) ||
(reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
(!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
!wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)))) {
!wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)) ||
(!reassoc && (sta->flags & WLAN_STA_AUTHORIZED)))) {
hostapd_drv_sta_remove(hapd, sta->addr);
wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
set = 0;
@ -5357,7 +5379,7 @@ static void handle_assoc(struct hostapd_data *hapd,
int resp = WLAN_STATUS_SUCCESS;
u16 reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE;
const u8 *pos;
int left, i;
int left, i, ubus_resp;
struct sta_info *sta;
u8 *tmp = NULL;
#ifdef CONFIG_FILS
@ -5599,6 +5621,11 @@ static void handle_assoc(struct hostapd_data *hapd,
left = res;
}
#endif /* CONFIG_FILS */
struct hostapd_ubus_request req = {
.type = HOSTAPD_UBUS_ASSOC_REQ,
.mgmt_frame = mgmt,
.ssi_signal = rssi,
};
/* followed by SSID and Supported rates; and HT capabilities if 802.11n
* is used */
@ -5701,6 +5728,13 @@ static void handle_assoc(struct hostapd_data *hapd,
if (set_beacon)
ieee802_11_update_beacons(hapd->iface);
ubus_resp = hostapd_ubus_handle_event(hapd, &req);
if (ubus_resp) {
wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n",
MAC2STR(mgmt->sa));
resp = ubus_resp > 0 ? (u16) ubus_resp : WLAN_STATUS_UNSPECIFIED_FAILURE;
goto fail;
}
fail:
/*
@ -5930,6 +5964,7 @@ static void handle_disassoc(struct hostapd_data *hapd,
(unsigned long) len);
return;
}
hostapd_ubus_notify(hapd, "disassoc", mgmt->sa);
sta = ap_get_sta(hapd, mgmt->sa);
if (!sta) {
@ -5961,6 +5996,8 @@ static void handle_deauth(struct hostapd_data *hapd,
/* Clear the PTKSA cache entries for PASN */
ptksa_cache_flush(hapd->ptksa, mgmt->sa, WPA_CIPHER_NONE);
hostapd_ubus_notify(hapd, "deauth", mgmt->sa);
sta = ap_get_sta(hapd, mgmt->sa);
if (!sta) {
wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR
@ -6147,8 +6184,8 @@ static int handle_action(struct hostapd_data *hapd,
pos = mgmt->u.action.u.vs_public_action.variable;
end = ((const u8 *) mgmt) + len;
pos++;
hostapd_nan_usd_rx_sdf(hapd, mgmt->sa, freq,
pos, end - pos);
hostapd_nan_usd_rx_sdf(hapd, mgmt->sa, mgmt->bssid,
freq, pos, end - pos);
return 1;
}
#endif /* CONFIG_NAN_USD */
@ -6294,6 +6331,9 @@ int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
}
if (!is_broadcast_ether_addr(mgmt->bssid) &&
#ifdef CONFIG_NAN_USD
!nan_de_is_nan_network_id(mgmt->bssid) &&
#endif /* CONFIG_NAN_USD */
#ifdef CONFIG_P2P
/* Invitation responses can be sent with the peer MAC as BSSID */
!((hapd->conf->p2p & P2P_GROUP_OWNER) &&

15
src/ap/ieee802_11_ht.c
View file

@ -127,7 +127,9 @@ no_update:
u8 * hostapd_eid_ht_operation(struct hostapd_data *hapd, u8 *eid)
{
struct ieee80211_ht_operation *oper;
le32 vht_capabilities_info;
u8 *pos = eid;
u8 chwidth;
if (!hapd->iconf->ieee80211n || hapd->conf->disable_11n ||
is_6ghz_op_class(hapd->iconf->op_class))
@ -143,6 +145,13 @@ u8 * hostapd_eid_ht_operation(struct hostapd_data *hapd, u8 *eid)
oper->operation_mode = host_to_le16(hapd->iface->ht_op_mode);
set_ht_param(hapd, oper);
vht_capabilities_info = host_to_le32(hapd->iface->current_mode->vht_capab);
chwidth = hostapd_get_oper_chwidth(hapd->iconf);
if (vht_capabilities_info & VHT_CAP_EXTENDED_NSS_BW_SUPPORT
&& ((chwidth == CHANWIDTH_160MHZ) || (chwidth == CHANWIDTH_80P80MHZ))) {
oper->operation_mode = host_to_le16(hapd->iconf->vht_oper_centr_freq_seg0_idx << 5);
}
pos += sizeof(*oper);
return pos;
@ -270,6 +279,9 @@ void hostapd_2040_coex_action(struct hostapd_data *hapd,
return;
}
if (iface->conf->noscan || iface->conf->no_ht_coex)
return;
if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie)) {
wpa_printf(MSG_DEBUG,
"Ignore too short 20/40 BSS Coexistence Management frame");
@ -430,6 +442,9 @@ void ht40_intolerant_add(struct hostapd_iface *iface, struct sta_info *sta)
if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G)
return;
if (iface->conf->noscan || iface->conf->no_ht_coex)
return;
wpa_printf(MSG_INFO, "HT: Forty MHz Intolerant is set by STA " MACSTR
" in Association Request", MAC2STR(sta->addr));

17
src/ap/ieee802_11_vht.c
View file

@ -26,6 +26,7 @@ u8 * hostapd_eid_vht_capabilities(struct hostapd_data *hapd, u8 *eid, u32 nsts)
struct ieee80211_vht_capabilities *cap;
struct hostapd_hw_modes *mode = hapd->iface->current_mode;
u8 *pos = eid;
u8 chwidth;
if (!mode || is_6ghz_op_class(hapd->iconf->op_class))
return eid;
@ -63,6 +64,17 @@ u8 * hostapd_eid_vht_capabilities(struct hostapd_data *hapd, u8 *eid, u32 nsts)
host_to_le32(nsts << VHT_CAP_BEAMFORMEE_STS_OFFSET);
}
chwidth = hostapd_get_oper_chwidth(hapd->iconf);
if (((host_to_le32(mode->vht_capab)) & VHT_CAP_EXTENDED_NSS_BW_SUPPORT)
&& ((chwidth == CHANWIDTH_160MHZ) || (chwidth == CHANWIDTH_80P80MHZ))) {
cap->vht_capabilities_info |= VHT_CAP_EXTENDED_NSS_BW_SUPPORT;
cap->vht_capabilities_info &= ~(host_to_le32(VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ));
cap->vht_capabilities_info &= ~(host_to_le32(VHT_CAP_SUPP_CHAN_WIDTH_160MHZ));
cap->vht_capabilities_info &= ~(host_to_le32(VHT_CAP_SUPP_CHAN_WIDTH_MASK));
} else {
cap->vht_capabilities_info &= ~VHT_CAP_EXTENDED_NSS_BW_SUPPORT_MASK;
}
/* Supported MCS set comes from hw */
os_memcpy(&cap->vht_supported_mcs_set, mode->vht_mcs_set, 8);
@ -75,6 +87,7 @@ u8 * hostapd_eid_vht_capabilities(struct hostapd_data *hapd, u8 *eid, u32 nsts)
u8 * hostapd_eid_vht_operation(struct hostapd_data *hapd, u8 *eid)
{
struct ieee80211_vht_operation *oper;
le32 vht_capabilities_info;
u8 *pos = eid;
enum oper_chan_width oper_chwidth =
hostapd_get_oper_chwidth(hapd->iconf);
@ -110,6 +123,7 @@ u8 * hostapd_eid_vht_operation(struct hostapd_data *hapd, u8 *eid)
oper->vht_op_info_chan_center_freq_seg1_idx = seg1;
oper->vht_op_info_chwidth = oper_chwidth;
vht_capabilities_info = host_to_le32(hapd->iface->current_mode->vht_capab);
if (oper_chwidth == CONF_OPER_CHWIDTH_160MHZ) {
/*
* Convert 160 MHz channel width to new style as interop
@ -123,6 +137,9 @@ u8 * hostapd_eid_vht_operation(struct hostapd_data *hapd, u8 *eid)
oper->vht_op_info_chan_center_freq_seg0_idx -= 8;
else
oper->vht_op_info_chan_center_freq_seg0_idx += 8;
if (vht_capabilities_info & VHT_CAP_EXTENDED_NSS_BW_SUPPORT)
oper->vht_op_info_chan_center_freq_seg1_idx = 0;
} else if (oper_chwidth == CONF_OPER_CHWIDTH_80P80MHZ) {
/*
* Convert 80+80 MHz channel width to new style as interop

23
src/ap/ieee802_1x.c
View file

@ -1252,6 +1252,27 @@ void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf,
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X,
HOSTAPD_LEVEL_DEBUG,
"received EAPOL-Start from STA");
#ifdef CONFIG_IEEE80211R_AP
if (hapd->conf->wpa && sta->wpa_sm &&
(wpa_key_mgmt_ft(wpa_auth_sta_key_mgmt(sta->wpa_sm)) ||
sta->auth_alg == WLAN_AUTH_FT)) {
/* When FT is used, reauthentication to generate a new
* PMK-R0 would be complicated since the current AP
* might not be the one with which the currently used
* PMK-R0 was generated. IEEE Std 802.11-2020, 13.4.2
* (FT initial mobility domain association in an RSN)
* mandates STA to perform a new FT initial mobility
* domain association whenever its Supplicant would
* trigger sending of an EAPOL-Start frame. As such,
* this EAPOL-Start frame should not have been sent.
* Discard it to avoid unexpected behavior. */
hostapd_logger(hapd, sta->addr,
HOSTAPD_MODULE_IEEE8021X,
HOSTAPD_LEVEL_DEBUG,
"discard unexpected EAPOL-Start from STA that uses FT");
break;
}
#endif /* CONFIG_IEEE80211R_AP */
sta->eapol_sm->flags &= ~EAPOL_SM_WAIT_START;
pmksa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
if (pmksa) {
@ -2848,6 +2869,7 @@ static const char * bool_txt(bool val)
return val ? "TRUE" : "FALSE";
}
#ifdef CONFIG_CTRL_IFACE_MIB
int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
{
@ -3034,6 +3056,7 @@ int ieee802_1x_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
return len;
}
#endif
#ifdef CONFIG_HS20
static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)

14
src/ap/nan_usd_ap.c
View file

@ -29,8 +29,10 @@ static int hostapd_nan_de_tx(void *ctx, unsigned int freq,
wpabuf_len(buf));
/* TODO: Force use of OFDM */
return hostapd_drv_send_action(hapd, hapd->iface->freq, 0, dst,
wpabuf_head(buf), wpabuf_len(buf));
return hostapd_drv_send_action_forced_addr3(hapd, hapd->iface->freq, 0,
dst, bssid,
wpabuf_head(buf),
wpabuf_len(buf));
}
@ -173,11 +175,12 @@ void hostapd_nan_usd_deinit(struct hostapd_data *hapd)
void hostapd_nan_usd_rx_sdf(struct hostapd_data *hapd, const u8 *src,
unsigned int freq, const u8 *buf, size_t len)
const u8 *a3, unsigned int freq,
const u8 *buf, size_t len)
{
if (!hapd->nan_de)
return;
nan_de_rx_sdf(hapd->nan_de, src, freq, buf, len);
nan_de_rx_sdf(hapd->nan_de, src, a3, freq, buf, len);
}
@ -258,7 +261,8 @@ void hostapd_nan_usd_cancel_subscribe(struct hostapd_data *hapd,
int hostapd_nan_usd_transmit(struct hostapd_data *hapd, int handle,
const struct wpabuf *ssi,
const struct wpabuf *elems,
const u8 *peer_addr, u8 req_instance_id)
const u8 *peer_addr,
u8 req_instance_id)
{
if (!hapd->nan_de)
return -1;

1
src/ap/nan_usd_ap.h
View file

@ -16,6 +16,7 @@ enum nan_service_protocol_type;
int hostapd_nan_usd_init(struct hostapd_data *hapd);
void hostapd_nan_usd_deinit(struct hostapd_data *hapd);
void hostapd_nan_usd_rx_sdf(struct hostapd_data *hapd, const u8 *src,
const u8 *a3,
unsigned int freq, const u8 *buf, size_t len);
void hostapd_nan_usd_flush(struct hostapd_data *hapd);
int hostapd_nan_usd_publish(struct hostapd_data *hapd, const char *service_name,

7
src/ap/rrm.c
View file

@ -89,6 +89,9 @@ static void hostapd_handle_beacon_report(struct hostapd_data *hapd,
return;
wpa_msg(hapd->msg_ctx, MSG_INFO, BEACON_RESP_RX MACSTR " %u %02x %s",
MAC2STR(addr), token, rep_mode, report);
if (len < sizeof(struct rrm_measurement_beacon_report))
return;
hostapd_ubus_notify_beacon_report(hapd, addr, token, rep_mode, (struct rrm_measurement_beacon_report*) pos, len);
}
@ -269,6 +272,8 @@ static void hostapd_send_nei_report_resp(struct hostapd_data *hapd,
}
}
hapd->openwrt_stats.rrm.neighbor_report_tx++;
hostapd_drv_send_action(hapd, hapd->iface->freq, 0, addr,
wpabuf_head(buf), wpabuf_len(buf));
wpabuf_free(buf);
@ -404,7 +409,7 @@ void hostapd_handle_radio_measurement(struct hostapd_data *hapd,
hostapd_handle_nei_report_req(hapd, buf, len);
break;
case WLAN_RRM_LINK_MEASUREMENT_REPORT:
hostapd_handle_link_mesr_report(hapd, buf, len);
hostapd_ubus_handle_link_measurement(hapd, buf, len);
break;
default:
wpa_printf(MSG_DEBUG, "RRM action %u is not supported",

35
src/ap/sta_info.c
View file

@ -542,6 +542,7 @@ void ap_handle_timer(void *eloop_ctx, void *timeout_ctx)
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
HOSTAPD_LEVEL_INFO, "deauthenticated due to "
"local deauth request");
hostapd_ubus_notify(hapd, "local-deauth", sta->addr);
ap_free_sta(hapd, sta);
return;
}
@ -699,6 +700,7 @@ skip_poll:
mlme_deauthenticate_indication(
hapd, sta,
WLAN_REASON_PREV_AUTH_NOT_VALID);
hostapd_ubus_notify(hapd, "inactive-deauth", sta->addr);
ap_free_sta(hapd, sta);
break;
}
@ -1485,9 +1487,6 @@ bool ap_sta_set_authorized_flag(struct hostapd_data *hapd, struct sta_info *sta,
mld_assoc_link_id = -2;
}
#endif /* CONFIG_IEEE80211BE */
if (mld_assoc_link_id != -2)
hostapd_prune_associations(hapd, sta->addr,
mld_assoc_link_id);
sta->flags |= WLAN_STA_AUTHORIZED;
} else {
sta->flags &= ~WLAN_STA_AUTHORIZED;
@ -1524,15 +1523,28 @@ void ap_sta_set_authorized_event(struct hostapd_data *hapd,
os_snprintf(buf, sizeof(buf), MACSTR, MAC2STR(sta->addr));
if (authorized) {
static const char * const auth_algs[] = {
[WLAN_AUTH_OPEN] = "open",
[WLAN_AUTH_SHARED_KEY] = "shared",
[WLAN_AUTH_FT] = "ft",
[WLAN_AUTH_SAE] = "sae",
[WLAN_AUTH_FILS_SK] = "fils-sk",
[WLAN_AUTH_FILS_SK_PFS] = "fils-sk-pfs",
[WLAN_AUTH_FILS_PK] = "fils-pk",
[WLAN_AUTH_PASN] = "pasn",
};
const char *auth_alg = NULL;
const u8 *dpp_pkhash;
const char *keyid;
char dpp_pkhash_buf[100];
char keyid_buf[100];
char ip_addr[100];
char alg_buf[100];
dpp_pkhash_buf[0] = '\0';
keyid_buf[0] = '\0';
ip_addr[0] = '\0';
alg_buf[0] = '\0';
#ifdef CONFIG_P2P
if (wpa_auth_get_ip_addr(sta->wpa_sm, ip_addr_buf) == 0) {
os_snprintf(ip_addr, sizeof(ip_addr),
@ -1543,6 +1555,13 @@ void ap_sta_set_authorized_event(struct hostapd_data *hapd,
}
#endif /* CONFIG_P2P */
if (sta->auth_alg < ARRAY_SIZE(auth_algs))
auth_alg = auth_algs[sta->auth_alg];
if (auth_alg)
os_snprintf(alg_buf, sizeof(alg_buf),
" auth_alg=%s", auth_alg);
keyid = ap_sta_wpa_get_keyid(hapd, sta);
if (keyid) {
os_snprintf(keyid_buf, sizeof(keyid_buf),
@ -1561,17 +1580,19 @@ void ap_sta_set_authorized_event(struct hostapd_data *hapd,
dpp_pkhash, SHA256_MAC_LEN);
}
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s",
buf, ip_addr, keyid_buf, dpp_pkhash_buf);
hostapd_ubus_notify_authorized(hapd, sta, auth_alg);
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_CONNECTED "%s%s%s%s%s",
buf, ip_addr, keyid_buf, dpp_pkhash_buf, alg_buf);
if (hapd->msg_ctx_parent &&
hapd->msg_ctx_parent != hapd->msg_ctx)
wpa_msg_no_global(hapd->msg_ctx_parent, MSG_INFO,
AP_STA_CONNECTED "%s%s%s%s",
AP_STA_CONNECTED "%s%s%s%s%s",
buf, ip_addr, keyid_buf,
dpp_pkhash_buf);
dpp_pkhash_buf, alg_buf);
} else {
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_DISCONNECTED "%s", buf);
hostapd_ubus_notify(hapd, "disassoc", sta->addr);
if (hapd->msg_ctx_parent &&
hapd->msg_ctx_parent != hapd->msg_ctx)

5
src/ap/sta_info.h
View file

@ -49,10 +49,6 @@
#define WLAN_STA_PENDING_DEAUTH_CB BIT(30)
#define WLAN_STA_NONERP BIT(31)
/* Maximum number of supported rates (from both Supported Rates and Extended
* Supported Rates IEs). */
#define WLAN_SUPP_RATES_MAX 32
struct hostapd_data;
struct mbo_non_pref_chan_info {
@ -308,6 +304,7 @@ struct sta_info {
#endif /* CONFIG_TESTING_OPTIONS */
#ifdef CONFIG_AIRTIME_POLICY
unsigned int airtime_weight;
unsigned int dyn_airtime_weight;
struct os_reltime backlogged_until;
#endif /* CONFIG_AIRTIME_POLICY */

2039
src/ap/ubus.c Normal file
View file

File diff suppressed because it is too large Load diff

166
src/ap/ubus.h Normal file
View file

@ -0,0 +1,166 @@
/*
* hostapd / ubus support
* Copyright (c) 2013, Felix Fietkau <nbd@nbd.name>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
*/
#ifndef __HOSTAPD_UBUS_H
#define __HOSTAPD_UBUS_H
enum hostapd_ubus_event_type {
HOSTAPD_UBUS_PROBE_REQ,
HOSTAPD_UBUS_AUTH_REQ,
HOSTAPD_UBUS_ASSOC_REQ,
HOSTAPD_UBUS_TYPE_MAX
};
struct hostapd_ubus_request {
enum hostapd_ubus_event_type type;
const struct ieee80211_mgmt *mgmt_frame;
const struct ieee802_11_elems *elems;
int ssi_signal; /* dBm */
const u8 *addr;
};
struct hostapd_iface;
struct hostapd_data;
struct hapd_interfaces;
struct rrm_measurement_beacon_report;
struct sta_info;
#ifdef UBUS_SUPPORT
#include <libubox/avl.h>
#include <libubus.h>
struct hostapd_ubus_bss {
struct ubus_object obj;
struct avl_tree banned;
int notify_response;
};
void hostapd_ubus_add_iface(struct hostapd_iface *iface);
void hostapd_ubus_free_iface(struct hostapd_iface *iface);
void hostapd_ubus_add_bss(struct hostapd_data *hapd);
void hostapd_ubus_free_bss(struct hostapd_data *hapd);
void hostapd_ubus_add_vlan(struct hostapd_data *hapd, struct hostapd_vlan *vlan);
void hostapd_ubus_remove_vlan(struct hostapd_data *hapd, struct hostapd_vlan *vlan);
int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req);
void hostapd_ubus_handle_link_measurement(struct hostapd_data *hapd, const u8 *data, size_t len);
void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *mac);
void hostapd_ubus_notify_beacon_report(struct hostapd_data *hapd,
const u8 *addr, u8 token, u8 rep_mode,
struct rrm_measurement_beacon_report *rep,
size_t len);
void hostapd_ubus_notify_radar_detected(struct hostapd_iface *iface, int frequency,
int chan_width, int cf1, int cf2);
void hostapd_ubus_notify_bss_transition_response(
struct hostapd_data *hapd, const u8 *addr, u8 dialog_token, u8 status_code,
u8 bss_termination_delay, const u8 *target_bssid,
const u8 *candidate_list, u16 candidate_list_len);
void hostapd_ubus_add(struct hapd_interfaces *interfaces);
void hostapd_ubus_free(struct hapd_interfaces *interfaces);
int hostapd_ubus_notify_bss_transition_query(
struct hostapd_data *hapd, const u8 *addr, u8 dialog_token, u8 reason,
const u8 *candidate_list, u16 candidate_list_len);
void hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta,
const char *auth_alg);
void hostapd_ubus_notify_csa(struct hostapd_data *hapd, int freq);
#ifdef CONFIG_APUP
void hostapd_ubus_notify_apup_newpeer(
struct hostapd_data *hapd, const u8 *addr, const char *ifname);
#endif // def CONFIG_APUP
#else
struct hostapd_ubus_bss {};
static inline void hostapd_ubus_add_iface(struct hostapd_iface *iface)
{
}
static inline void hostapd_ubus_free_iface(struct hostapd_iface *iface)
{
}
static inline void hostapd_ubus_add_bss(struct hostapd_data *hapd)
{
}
static inline void hostapd_ubus_free_bss(struct hostapd_data *hapd)
{
}
static inline void hostapd_ubus_add_vlan(struct hostapd_data *hapd, struct hostapd_vlan *vlan)
{
}
static inline void hostapd_ubus_remove_vlan(struct hostapd_data *hapd, struct hostapd_vlan *vlan)
{
}
static inline int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req)
{
return 0;
}
static inline void hostapd_ubus_handle_link_measurement(struct hostapd_data *hapd, const u8 *data, size_t len)
{
}
static inline void hostapd_ubus_notify(struct hostapd_data *hapd, const char *type, const u8 *mac)
{
}
static inline void hostapd_ubus_notify_beacon_report(struct hostapd_data *hapd,
const u8 *addr, u8 token,
u8 rep_mode,
struct rrm_measurement_beacon_report *rep,
size_t len)
{
}
static inline void hostapd_ubus_notify_radar_detected(struct hostapd_iface *iface, int frequency,
int chan_width, int cf1, int cf2)
{
}
static inline void hostapd_ubus_notify_bss_transition_response(
struct hostapd_data *hapd, const u8 *addr, u8 dialog_token, u8 status_code,
u8 bss_termination_delay, const u8 *target_bssid,
const u8 *candidate_list, u16 candidate_list_len)
{
}
static inline void hostapd_ubus_add(struct hapd_interfaces *interfaces)
{
}
static inline void hostapd_ubus_free(struct hapd_interfaces *interfaces)
{
}
static inline int hostapd_ubus_notify_bss_transition_query(
struct hostapd_data *hapd, const u8 *addr, u8 dialog_token, u8 reason,
const u8 *candidate_list, u16 candidate_list_len)
{
return 0;
}
static inline void
hostapd_ubus_notify_authorized(struct hostapd_data *hapd, struct sta_info *sta,
const char *auth_alg)
{
}
static inline void
hostapd_ubus_notify_csa(struct hostapd_data *hapd, int freq)
{
}
#endif
#endif

8
src/ap/vlan_init.c
View file

@ -22,6 +22,7 @@
static int vlan_if_add(struct hostapd_data *hapd, struct hostapd_vlan *vlan,
int existsok)
{
bool vlan_exists = iface_exists(vlan->ifname);
int ret;
#ifdef CONFIG_WEP
int i;
@ -36,7 +37,7 @@ static int vlan_if_add(struct hostapd_data *hapd, struct hostapd_vlan *vlan,
}
#endif /* CONFIG_WEP */
if (!iface_exists(vlan->ifname))
if (!vlan_exists)
ret = hostapd_vlan_if_add(hapd, vlan->ifname);
else if (!existsok)
return -1;
@ -51,6 +52,9 @@ static int vlan_if_add(struct hostapd_data *hapd, struct hostapd_vlan *vlan,
if (hapd->wpa_auth)
ret = wpa_auth_ensure_group(hapd->wpa_auth, vlan->vlan_id);
if (!ret && !vlan_exists)
hostapd_ubus_add_vlan(hapd, vlan);
if (ret == 0)
return ret;
@ -77,6 +81,8 @@ int vlan_if_remove(struct hostapd_data *hapd, struct hostapd_vlan *vlan)
"WPA deinitialization for VLAN %d failed (%d)",
vlan->vlan_id, ret);
hostapd_ubus_remove_vlan(hapd, vlan);
return hostapd_vlan_if_remove(hapd, vlan->ifname);
}

16
src/ap/wnm_ap.c
View file

@ -410,6 +410,7 @@ static int ieee802_11_send_bss_trans_mgmt_request(struct hostapd_data *hapd,
mgmt->u.action.u.bss_tm_req.validity_interval = 1;
pos = mgmt->u.action.u.bss_tm_req.variable;
hapd->openwrt_stats.wnm.bss_transition_request_tx++;
wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request to "
MACSTR " dialog_token=%u req_mode=0x%x disassoc_timer=%u "
"validity_interval=%u",
@ -478,7 +479,8 @@ static void ieee802_11_rx_bss_trans_mgmt_query(struct hostapd_data *hapd,
MAC2STR(addr), reason, hex ? " neighbor=" : "", hex);
os_free(hex);
ieee802_11_send_bss_trans_mgmt_request(hapd, addr, dialog_token);
if (!hostapd_ubus_notify_bss_transition_query(hapd, addr, dialog_token, reason, pos, end - pos))
ieee802_11_send_bss_trans_mgmt_request(hapd, addr, dialog_token);
}
@ -500,7 +502,7 @@ static void ieee802_11_rx_bss_trans_mgmt_resp(struct hostapd_data *hapd,
size_t len)
{
u8 dialog_token, status_code, bss_termination_delay;
const u8 *pos, *end;
const u8 *pos, *end, *target_bssid = NULL;
int enabled = hapd->conf->bss_transition;
struct sta_info *sta;
@ -547,6 +549,7 @@ static void ieee802_11_rx_bss_trans_mgmt_resp(struct hostapd_data *hapd,
wpa_printf(MSG_DEBUG, "WNM: not enough room for Target BSSID field");
return;
}
target_bssid = pos;
sta->agreed_to_steer = 1;
eloop_cancel_timeout(ap_sta_reset_steer_flag_timer, hapd, sta);
eloop_register_timeout(2, 0, ap_sta_reset_steer_flag_timer,
@ -566,6 +569,10 @@ static void ieee802_11_rx_bss_trans_mgmt_resp(struct hostapd_data *hapd,
MAC2STR(addr), status_code, bss_termination_delay);
}
hostapd_ubus_notify_bss_transition_response(hapd, sta->addr, dialog_token,
status_code, bss_termination_delay,
target_bssid, pos, end - pos);
wpa_hexdump(MSG_DEBUG, "WNM: BSS Transition Candidate List Entries",
pos, end - pos);
}
@ -814,10 +821,12 @@ int ieee802_11_rx_wnm_action_ap(struct hostapd_data *hapd,
plen);
return 0;
case WNM_BSS_TRANS_MGMT_QUERY:
hapd->openwrt_stats.wnm.bss_transition_query_rx++;
ieee802_11_rx_bss_trans_mgmt_query(hapd, mgmt->sa, payload,
plen);
return 0;
case WNM_BSS_TRANS_MGMT_RESP:
hapd->openwrt_stats.wnm.bss_transition_response_rx++;
ieee802_11_rx_bss_trans_mgmt_resp(hapd, mgmt->sa, payload,
plen);
return 0;
@ -865,6 +874,7 @@ int wnm_send_disassoc_imminent(struct hostapd_data *hapd,
pos = mgmt->u.action.u.bss_tm_req.variable;
hapd->openwrt_stats.wnm.bss_transition_request_tx++;
wpa_printf(MSG_DEBUG, "WNM: Send BSS Transition Management Request frame to indicate imminent disassociation (disassoc_timer=%d) to "
MACSTR, disassoc_timer, MAC2STR(sta->addr));
if (hostapd_drv_send_mlme(hapd, buf, pos - buf, 0, NULL, 0, 0) < 0) {
@ -947,6 +957,7 @@ int wnm_send_ess_disassoc_imminent(struct hostapd_data *hapd,
return -1;
}
hapd->openwrt_stats.wnm.bss_transition_request_tx++;
if (disassoc_timer) {
/* send disassociation frame after time-out */
set_disassoc_timer(hapd, sta, disassoc_timer);
@ -1028,6 +1039,7 @@ int wnm_send_bss_tm_req(struct hostapd_data *hapd, struct sta_info *sta,
}
os_free(buf);
hapd->openwrt_stats.wnm.bss_transition_request_tx++;
if (disassoc_timer) {
#ifdef CONFIG_IEEE80211BE
if (ap_sta_is_mld(hapd, sta)) {

3
src/ap/wpa_auth.c
View file

@ -6141,6 +6141,7 @@ static const char * wpa_bool_txt(int val)
return val ? "TRUE" : "FALSE";
}
#ifdef CONFIG_CTRL_IFACE_MIB
#define RSN_SUITE "%02x-%02x-%02x-%d"
#define RSN_SUITE_ARG(s) \
@ -6293,7 +6294,7 @@ int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen)
return len;
}
#endif
void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth)
{

1
src/ap/wpa_auth_glue.c
View file

@ -328,6 +328,7 @@ static void hostapd_wpa_auth_psk_failure_report(void *ctx, const u8 *addr)
struct hostapd_data *hapd = ctx;
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
MAC2STR(addr));
hostapd_ubus_notify(hapd, "key-mismatch", addr);
}

6
src/ap/wps_hostapd.c
View file

@ -394,9 +394,8 @@ static int hapd_wps_reconfig_in_memory(struct hostapd_data *hapd,
bss->wpa_pairwise |= WPA_CIPHER_GCMP;
else
bss->wpa_pairwise |= WPA_CIPHER_CCMP;
}
#ifndef CONFIG_NO_TKIP
if (cred->encr_type & WPS_ENCR_TKIP)
} else if (cred->encr_type & WPS_ENCR_TKIP)
bss->wpa_pairwise |= WPA_CIPHER_TKIP;
#endif /* CONFIG_NO_TKIP */
bss->rsn_pairwise = bss->wpa_pairwise;
@ -1181,8 +1180,7 @@ int hostapd_init_wps(struct hostapd_data *hapd,
WPA_CIPHER_GCMP_256)) {
wps->encr_types |= WPS_ENCR_AES;
wps->encr_types_rsn |= WPS_ENCR_AES;
}
if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
} else if (conf->rsn_pairwise & WPA_CIPHER_TKIP) {
#ifdef CONFIG_NO_TKIP
wpa_printf(MSG_INFO, "WPS: TKIP not supported");
goto fail;

2
src/common/common_module_tests.c
View file

@ -651,7 +651,7 @@ static int pasn_test_pasn_auth(void)
spa_addr, bssid,
dhss, sizeof(dhss),
&ptk, WPA_KEY_MGMT_PASN, WPA_CIPHER_CCMP,
WPA_KDK_MAX_LEN);
WPA_KDK_MAX_LEN, 0);
if (ret)
return ret;

4
src/common/defs.h
View file

@ -63,6 +63,10 @@
WPA_KEY_MGMT_FT_FILS_SHA256 | \
WPA_KEY_MGMT_FT_FILS_SHA384)
/* Maximum number of supported rates (from both Supported Rates and Extended
* Supported Rates IEs). */
#define WLAN_SUPP_RATES_MAX 32
static inline int wpa_key_mgmt_wpa_ieee8021x(int akm)
{
return !!(akm & (WPA_KEY_MGMT_IEEE8021X |

10
src/common/dpp_crypto.c
View file

@ -269,6 +269,12 @@ int dpp_get_pubkey_hash(struct crypto_ec_key *key, u8 *hash)
struct crypto_ec_key * dpp_gen_keypair(const struct dpp_curve_params *curve)
{
if (curve == NULL) {
wpa_printf(MSG_DEBUG,
"DPP: %s curve must be initialized", __func__);
return NULL;
}
struct crypto_ec_key *key;
wpa_printf(MSG_DEBUG, "DPP: Generating a keypair");
@ -1582,7 +1588,9 @@ dpp_pkex_derive_Qr(const struct dpp_curve_params *curve, const u8 *mac_resp,
Pr = crypto_ec_key_get_public_key(Pr_key);
Qr = crypto_ec_point_init(ec);
hash_bn = crypto_bignum_init_set(hash, curve->hash_len);
if (!Pr || !Qr || !hash_bn || crypto_ec_point_mul(ec, Pr, hash_bn, Qr))
if (!Pr || !Qr || !hash_bn ||
crypto_bignum_mod(hash_bn, crypto_ec_get_prime(ec), hash_bn) ||
crypto_ec_point_mul(ec, Pr, hash_bn, Qr))
goto fail;
if (crypto_ec_point_is_at_infinity(ec, Qr)) {

1
src/common/hw_features_common.c
View file

@ -898,6 +898,7 @@ int ieee80211ac_cap_check(u32 hw, u32 conf)
VHT_CAP_CHECK(VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB);
VHT_CAP_CHECK(VHT_CAP_RX_ANTENNA_PATTERN);
VHT_CAP_CHECK(VHT_CAP_TX_ANTENNA_PATTERN);
VHT_CAP_CHECK(VHT_CAP_EXTENDED_NSS_BW_SUPPORT);
#undef VHT_CAP_CHECK
#undef VHT_CAP_CHECK_MAX

4
src/common/ieee802_11_common.c
View file

@ -413,6 +413,10 @@ static int ieee802_11_parse_extension(const u8 *pos, size_t elen,
elems->mbssid_known_bss = pos;
elems->mbssid_known_bss_len = elen;
break;
case WLAN_EID_EXT_PASN_ENCRYPTED_DATA:
elems->pasn_encrypted_data = pos;
elems->pasn_encrypted_data_len = elen;
break;
default:
if (show_errors) {
wpa_printf(MSG_MSGDUMP,

2
src/common/ieee802_11_common.h
View file

@ -66,6 +66,7 @@ struct ieee802_11_elems {
const u8 *vendor_vht;
const u8 *p2p;
const u8 *p2p2_ie;
const u8 *pasn_encrypted_data;
const u8 *wfd;
const u8 *link_id;
const u8 *interworking;
@ -141,6 +142,7 @@ struct ieee802_11_elems {
u8 vendor_vht_len;
u8 p2p_len;
u8 p2p2_ie_len;
u8 pasn_encrypted_data_len;
u8 wfd_len;
u8 interworking_len;
u8 qos_map_set_len;

3
src/common/ieee802_11_defs.h
View file

@ -526,6 +526,7 @@
#define WLAN_EID_EXT_QOS_CHARACTERISTICS 113
#define WLAN_EID_EXT_AKM_SUITE_SELECTOR 114
#define WLAN_EID_EXT_BANDWIDTH_INDICATION 135
#define WLAN_EID_EXT_PASN_ENCRYPTED_DATA 140
/* Extended Capabilities field */
#define WLAN_EXT_CAPAB_20_40_COEX 0
@ -1400,6 +1401,8 @@ struct ieee80211_ampe_ie {
#define VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB ((u32) BIT(26) | BIT(27))
#define VHT_CAP_RX_ANTENNA_PATTERN ((u32) BIT(28))
#define VHT_CAP_TX_ANTENNA_PATTERN ((u32) BIT(29))
#define VHT_CAP_EXTENDED_NSS_BW_SUPPORT ((u32) BIT(30))
#define VHT_CAP_EXTENDED_NSS_BW_SUPPORT_MASK ((u32) BIT(30) | BIT(31))
#define VHT_OPMODE_CHANNEL_WIDTH_MASK ((u8) BIT(0) | BIT(1))
#define VHT_OPMODE_CHANNEL_RxNSS_MASK ((u8) BIT(4) | BIT(5) | \

60
src/common/nan_de.c
View file

@ -18,8 +18,6 @@
static const u8 nan_network_id[ETH_ALEN] =
{ 0x51, 0x6f, 0x9a, 0x01, 0x00, 0x00 };
static const u8 wildcard_bssid[ETH_ALEN] =
{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
enum nan_de_service_type {
NAN_DE_PUBLISH,
@ -45,6 +43,8 @@ struct nan_de_service {
unsigned int freq;
unsigned int default_freq;
int *freq_list;
u8 a3[ETH_ALEN];
bool a3_set;
/* pauseState information for Publish function */
struct os_reltime pause_state_end;
@ -79,6 +79,12 @@ struct nan_de {
};
bool nan_de_is_nan_network_id(const u8 *addr)
{
return ether_addr_equal(addr, nan_network_id);
}
struct nan_de * nan_de_init(const u8 *nmi, bool offload, bool ap,
const struct nan_callbacks *cb)
{
@ -206,7 +212,7 @@ static int nan_de_tx(struct nan_de *de, unsigned int freq,
static void nan_de_tx_sdf(struct nan_de *de, struct nan_de_service *srv,
unsigned int wait_time,
enum nan_service_control_type type,
const u8 *dst, u8 req_instance_id,
const u8 *dst, const u8 *a3, u8 req_instance_id,
const struct wpabuf *ssi)
{
struct wpabuf *buf;
@ -268,10 +274,7 @@ static void nan_de_tx_sdf(struct nan_de *de, struct nan_de_service *srv,
wpabuf_put_buf(buf, srv->elems);
}
/* Wi-Fi Aware specification v4.0 uses NAN Cluster ID as A3 for USD,
* but there is no synchronization in USD as as such, no NAN Cluster
* either. Use Wildcard BSSID instead. */
nan_de_tx(de, srv->freq, wait_time, dst, de->nmi, wildcard_bssid, buf);
nan_de_tx(de, srv->freq, wait_time, dst, de->nmi, a3, buf);
wpabuf_free(buf);
}
@ -352,7 +355,7 @@ static void nan_de_tx_multicast(struct nan_de *de, struct nan_de_service *srv,
return;
}
nan_de_tx_sdf(de, srv, wait_time, type, nan_network_id,
nan_de_tx_sdf(de, srv, wait_time, type, nan_network_id, nan_network_id,
req_instance_id, srv->ssi);
os_get_reltime(&srv->last_multicast);
}
@ -806,7 +809,7 @@ static void nan_de_process_elem_container(struct nan_de *de, const u8 *buf,
static void nan_de_rx_publish(struct nan_de *de, struct nan_de_service *srv,
const u8 *peer_addr, u8 instance_id,
const u8 *peer_addr, const u8 *a3, u8 instance_id,
u8 req_instance_id, u16 sdea_control,
enum nan_service_protocol_type srv_proto_type,
const u8 *ssi, size_t ssi_len)
@ -877,7 +880,8 @@ static bool nan_de_filter_match(struct nan_de_service *srv,
static void nan_de_rx_subscribe(struct nan_de *de, struct nan_de_service *srv,
const u8 *peer_addr, u8 instance_id,
const u8 *peer_addr, const u8 *a3,
u8 instance_id,
const u8 *matching_filter,
size_t matching_filter_len,
enum nan_service_protocol_type srv_proto_type,
@ -963,12 +967,12 @@ static void nan_de_rx_subscribe(struct nan_de *de, struct nan_de_service *srv,
wpabuf_put_buf(buf, srv->elems);
}
/* Wi-Fi Aware specification v4.0 uses NAN Cluster ID as A3 for USD,
* but there is no synchronization in USD as as such, no NAN Cluster
* either. Use Wildcard BSSID instead. */
if (srv->publish.solicited_multicast || !a3)
a3 = nan_network_id;
nan_de_tx(de, srv->freq, 100,
srv->publish.solicited_multicast ? nan_network_id : peer_addr,
de->nmi, wildcard_bssid, buf);
de->nmi, a3, buf);
wpabuf_free(buf);
nan_de_pause_state(srv, peer_addr, instance_id);
@ -981,8 +985,8 @@ offload:
static void nan_de_rx_follow_up(struct nan_de *de, struct nan_de_service *srv,
const u8 *peer_addr, u8 instance_id,
const u8 *ssi, size_t ssi_len)
const u8 *peer_addr, const u8 *a3,
u8 instance_id, const u8 *ssi, size_t ssi_len)
{
/* Follow-up function processing of a receive Follow-up message for a
* Subscribe or Publish instance */
@ -1002,13 +1006,16 @@ static void nan_de_rx_follow_up(struct nan_de *de, struct nan_de_service *srv,
if (srv->type == NAN_DE_PUBLISH && !ssi)
nan_de_pause_state(srv, peer_addr, instance_id);
os_memcpy(srv->a3, a3, ETH_ALEN);
srv->a3_set = true;
if (de->cb.receive)
de->cb.receive(de->cb.ctx, srv->id, instance_id, ssi, ssi_len,
peer_addr);
}
static void nan_de_rx_sda(struct nan_de *de, const u8 *peer_addr,
static void nan_de_rx_sda(struct nan_de *de, const u8 *peer_addr, const u8 *a3,
unsigned int freq, const u8 *buf, size_t len,
const u8 *sda, size_t sda_len)
{
@ -1135,20 +1142,20 @@ static void nan_de_rx_sda(struct nan_de *de, const u8 *peer_addr,
switch (type) {
case NAN_SRV_CTRL_PUBLISH:
nan_de_rx_publish(de, srv, peer_addr, instance_id,
nan_de_rx_publish(de, srv, peer_addr, a3, instance_id,
req_instance_id,
sdea_control, srv_proto_type,
ssi, ssi_len);
break;
case NAN_SRV_CTRL_SUBSCRIBE:
nan_de_rx_subscribe(de, srv, peer_addr, instance_id,
nan_de_rx_subscribe(de, srv, peer_addr, a3, instance_id,
matching_filter,
matching_filter_len,
srv_proto_type,
ssi, ssi_len);
break;
case NAN_SRV_CTRL_FOLLOW_UP:
nan_de_rx_follow_up(de, srv, peer_addr, instance_id,
nan_de_rx_follow_up(de, srv, peer_addr, a3, instance_id,
ssi, ssi_len);
break;
}
@ -1156,8 +1163,8 @@ static void nan_de_rx_sda(struct nan_de *de, const u8 *peer_addr,
}
void nan_de_rx_sdf(struct nan_de *de, const u8 *peer_addr, unsigned int freq,
const u8 *buf, size_t len)
void nan_de_rx_sdf(struct nan_de *de, const u8 *peer_addr, const u8 *a3,
unsigned int freq, const u8 *buf, size_t len)
{
const u8 *sda;
u16 sda_len;
@ -1179,7 +1186,7 @@ void nan_de_rx_sdf(struct nan_de *de, const u8 *peer_addr, unsigned int freq,
sda++;
sda_len = WPA_GET_LE16(sda);
sda += 2;
nan_de_rx_sda(de, peer_addr, freq, buf, len, sda, sda_len);
nan_de_rx_sda(de, peer_addr, a3, freq, buf, len, sda, sda_len);
}
}
@ -1442,6 +1449,7 @@ int nan_de_transmit(struct nan_de *de, int handle,
const u8 *peer_addr, u8 req_instance_id)
{
struct nan_de_service *srv;
const u8 *a3;
if (handle < 1 || handle > NAN_DE_MAX_SERVICE)
return -1;
@ -1450,8 +1458,12 @@ int nan_de_transmit(struct nan_de *de, int handle,
if (!srv)
return -1;
if (srv->a3_set)
a3 = srv->a3;
else
a3 = nan_network_id;
nan_de_tx_sdf(de, srv, 100, NAN_SRV_CTRL_FOLLOW_UP,
peer_addr, req_instance_id, ssi);
peer_addr, a3, req_instance_id, ssi);
os_get_reltime(&srv->last_followup);
return 0;

5
src/common/nan_de.h
View file

@ -59,6 +59,7 @@ struct nan_callbacks {
unsigned int freq);
};
bool nan_de_is_nan_network_id(const u8 *addr);
struct nan_de * nan_de_init(const u8 *nmi, bool offload, bool ap,
const struct nan_callbacks *cb);
void nan_de_flush(struct nan_de *de);
@ -70,8 +71,8 @@ void nan_de_listen_ended(struct nan_de *de, unsigned int freq);
void nan_de_tx_status(struct nan_de *de, unsigned int freq, const u8 *dst);
void nan_de_tx_wait_ended(struct nan_de *de);
void nan_de_rx_sdf(struct nan_de *de, const u8 *peer_addr, unsigned int freq,
const u8 *buf, size_t len);
void nan_de_rx_sdf(struct nan_de *de, const u8 *peer_addr, const u8 *a3,
unsigned int freq, const u8 *buf, size_t len);
const u8 * nan_de_get_service_id(struct nan_de *de, int id);
struct nan_publish_params {

108
src/common/qca-vendor.h
View file

@ -1282,14 +1282,22 @@ enum qca_radiotap_vendor_ids {
* vendor interfaces, driver internal logic, and BTM requests from the
* connected AP.
*
* The attributes used with this command are defined in
* enum qca_wlan_vendor_attr_connect_ext.
*
* @QCA_NL80211_VENDOR_SUBCMD_SET_P2P_MODE: Vendor subcommand to configure
* Wi-Fi Direct mode. This command sets the configuration through
* the attributes defined in the enum qca_wlan_vendor_attr_set_p2p_mode.
* It is applicable for P2P Group Owner only. This command is used before
* starting the GO.
*
* @QCA_NL80211_VENDOR_SUBCMD_CHAN_USAGE_REQ: Vendor subcommand to request
* transmission of a channel usage request. It carries channel usage
* information for BSSs that are not infrastructure BSSs or an off channel
* TDLS direct link.
*
* The attributes used with this command are defined in
* enum qca_wlan_vendor_attr_connect_ext.
* enum qca_wlan_vendor_attr_chan_usage_req.
*/
enum qca_nl80211_vendor_subcmds {
QCA_NL80211_VENDOR_SUBCMD_UNSPEC = 0,
@ -1525,6 +1533,7 @@ enum qca_nl80211_vendor_subcmds {
QCA_NL80211_VENDOR_SUBCMD_USD = 249,
QCA_NL80211_VENDOR_SUBCMD_CONNECT_EXT = 250,
QCA_NL80211_VENDOR_SUBCMD_SET_P2P_MODE = 251,
QCA_NL80211_VENDOR_SUBCMD_CHAN_USAGE_REQ = 252,
};
/* Compatibility defines for previously used subcmd names.
@ -2259,6 +2268,9 @@ enum qca_wlan_vendor_acs_hw_mode {
* elements or add that element if none was provided based on the BSS
* selected by the driver.
*
* @QCA_WLAN_VENDOR_FEATURE_NAN_USD_OFFLOAD: Flag indicates that the driver
* supports Unsynchronized Service Discovery to be offloaded to it.
*
* @NUM_QCA_WLAN_VENDOR_FEATURES: Number of assigned feature bits
*/
enum qca_wlan_vendor_features {
@ -2288,6 +2300,7 @@ enum qca_wlan_vendor_features {
QCA_WLAN_VENDOR_FEATURE_ENHANCED_AUDIO_EXPERIENCE_OVER_WLAN = 23,
QCA_WLAN_VENDOR_FEATURE_HT_VHT_TWT_RESPONDER = 24,
QCA_WLAN_VENDOR_FEATURE_RSN_OVERRIDE_STA = 25,
QCA_WLAN_VENDOR_FEATURE_NAN_USD_OFFLOAD = 26,
NUM_QCA_WLAN_VENDOR_FEATURES /* keep last */
};
@ -10465,6 +10478,18 @@ enum qca_wlan_vendor_attr_wifi_test_config {
*/
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_DISABLE_CHAN_SWITCH_INITIATION = 74,
/* 8-bit unsigned value. This indicates number of random PMKIDs to be
* added in the RSNE of the (Re)Association request frames. This is
* exclusively used for the scenarios where the device is used as a test
* bed device with special functionality and not recommended for
* production. Default value is zero. If the user space configures a
* non-zero value, that remains in use until the driver is unloaded or
* the user space resets the value to zero.
*
* This attribute is used for testing purposes.
*/
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_RSNE_ADD_RANDOM_PMKIDS = 75,
/* keep last */
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_MAX =
@ -10762,7 +10787,8 @@ enum qca_wlan_twt_setup_state {
* TWT (Target Wake Time) setup request. These attributes are sent as part of
* %QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_TWT_SETUP and
* %QCA_NL80211_VENDOR_SUBCMD_WIFI_TEST_CONFIGURATION. Also used by
* attributes through %QCA_NL80211_VENDOR_SUBCMD_CONFIG_TWT.
* attributes through %QCA_NL80211_VENDOR_SUBCMD_CONFIG_TWT and
* %QCA_NL80211_VENDOR_SUBCMD_CHAN_USAGE_REQ.
*
* @QCA_WLAN_VENDOR_ATTR_TWT_SETUP_BCAST: Flag attribute.
* Disable (flag attribute not present) - Individual TWT
@ -18276,4 +18302,82 @@ enum qca_wlan_vendor_attr_set_p2p_mode {
QCA_WLAN_VENDOR_ATTR_SET_P2P_MODE_AFTER_LAST - 1,
};
/**
* enum qca_wlan_vendor_attr_chan_usage_req_chan_list: Attributes used inside
* nested attributes %QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_CHAN_LIST.
*
* @QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_CHAN_LIST_CHAN: u8 attribute. Indicates
* the channel number of the channel list entry.
* @QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_CHAN_LIST_OP_CLASS: u8 attribute.
* Indicates the operating class of the channel list entry.
*/
enum qca_wlan_vendor_attr_chan_usage_req_chan_list {
QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_CHAN_LIST_INVALID = 0,
QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_CHAN_LIST_CHAN = 1,
QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_CHAN_LIST_OP_CLASS = 2,
QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_CHAN_LIST_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_CHAN_LIST_MAX =
QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_CHAN_LIST_AFTER_LAST - 1,
};
/**
* enum qca_wlan_vendor_attr_chan_usage_req_mode: Defines the values used
* with %QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_MODE.
*
* @QCA_CHAN_USAGE_MODE_UNAVAILABILITY_INDICATION: Mode set by STA to indicate
* the AP about its unavailability during a peer-to-peer TWT agreement.
*
* @QCA_CHAN_USAGE_MODE_CHANNEL_SWITCH_REQ: Mode set by the STA that is in a
* channel-usage-aidable BSS to request a channel switch. Other Channel Usage
* elements are not required. Optional HT/VHT/HE Capabilities are present.
*/
enum qca_wlan_vendor_attr_chan_usage_req_mode {
QCA_CHAN_USAGE_MODE_UNAVAILABILITY_INDICATION = 3,
QCA_CHAN_USAGE_MODE_CHANNEL_SWITCH_REQ = 4,
};
/**
* enum qca_wlan_vendor_attr_chan_usage_req: Attributes used by vendor command
* %QCA_NL80211_VENDOR_SUBCMD_CHAN_USAGE_REQ.
*
* @QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_MODE: Required u8 attribute. Identifies
* the usage of the channel list entry provided in the channel usage request.
* Channel switch request and unavailability channel usage modes are
* configured on a STA/P2P Client.
* See enum qca_wlan_vendor_attr_chan_usage_req_mode for attribute values.
* See IEEE P802.11-REVme/D7.0, 9.4.2.84, Table 9-268 for more information.
*
* @QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_CHAN_LIST: Required array of nested
* attributes containing channel usage parameters.
* Required when channel usage mode is Channel-usage-aidable BSS channel
* switch request.
* See enum qca_wlan_vendor_attr_req_chan_list for nested attributes.
*
* @QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_UNAVAILABILITY_CONFIG_PARAMS: Nested
* attribute representing the parameters configured for unavailability
* indication. Required when channel usage mode is unavailability indication.
*
* Below attributes from enum qca_wlan_vendor_attr_twt_setup are used inside
* this nested attribute:
* %QCA_WLAN_VENDOR_ATTR_TWT_SETUP_RESPONDER_PM_MODE,
* %QCA_WLAN_VENDOR_ATTR_TWT_SETUP_REQ_TYPE,
* %QCA_WLAN_VENDOR_ATTR_TWT_SETUP_TRIGGER,
* %QCA_WLAN_VENDOR_ATTR_TWT_SETUP_FLOW_TYPE,
* %QCA_WLAN_VENDOR_ATTR_TWT_SETUP_WAKE_INTVL_EXP,
* %QCA_WLAN_VENDOR_ATTR_TWT_SETUP_PROTECTION,
* %QCA_WLAN_VENDOR_ATTR_TWT_SETUP_WAKE_DURATION,
* %QCA_WLAN_VENDOR_ATTR_TWT_SETUP_WAKE_INTVL_MANTISSA.
*/
enum qca_wlan_vendor_attr_chan_usage_req {
QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_INVALID = 0,
QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_MODE = 1,
QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_CHAN_LIST = 2,
QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_UNAVAILABILITY_CONFIG_PARAMS = 3,
QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_MAX =
QCA_WLAN_VENDOR_ATTR_CHAN_USAGE_REQ_AFTER_LAST - 1,
};
#endif /* QCA_VENDOR_H */

12
src/common/sae.c
View file

@ -1093,12 +1093,13 @@ fail:
}
struct sae_pt * sae_derive_pt(int *groups, const u8 *ssid, size_t ssid_len,
struct sae_pt * sae_derive_pt(const int *groups,
const u8 *ssid, size_t ssid_len,
const u8 *password, size_t password_len,
const char *identifier)
{
struct sae_pt *pt = NULL, *last = NULL, *tmp;
int default_groups[] = { 19, 0 };
const int default_groups[] = { 19, 0 };
int i;
if (!groups)
@ -1278,6 +1279,13 @@ void sae_deinit_pt(struct sae_pt *pt)
static int sae_derive_commit_element_ecc(struct sae_data *sae,
struct crypto_bignum *mask)
{
if (sae->tmp->pwe_ecc == NULL) {
wpa_printf(MSG_DEBUG,
"SAE: %s sae->tmp->pwe_ecc must be initialized",
__func__);
return -1;
}
/* COMMIT-ELEMENT = inverse(scalar-op(mask, PWE)) */
if (!sae->tmp->own_commit_element_ecc) {
sae->tmp->own_commit_element_ecc =

3
src/common/sae.h
View file

@ -146,7 +146,8 @@ u16 sae_group_allowed(struct sae_data *sae, int *allowed_groups, u16 group);
const char * sae_state_txt(enum sae_state state);
size_t sae_ecc_prime_len_2_hash_len(size_t prime_len);
size_t sae_ffc_prime_len_2_hash_len(size_t prime_len);
struct sae_pt * sae_derive_pt(int *groups, const u8 *ssid, size_t ssid_len,
struct sae_pt * sae_derive_pt(const int *groups,
const u8 *ssid, size_t ssid_len,
const u8 *password, size_t password_len,
const char *identifier);
struct crypto_ec_point *

25
src/common/wpa_common.c
View file

@ -1456,15 +1456,18 @@ bool pasn_use_sha384(int akmp, int cipher)
* @akmp: Negotiated AKM
* @cipher: Negotiated pairwise cipher
* @kdk_len: the length in octets that should be derived for HTLK. Can be zero.
* @kek_len: The length in octets that should be derived for KEK. Can be zero.
* Returns: 0 on success, -1 on failure
*/
int pasn_pmk_to_ptk(const u8 *pmk, size_t pmk_len,
const u8 *spa, const u8 *bssid,
const u8 *dhss, size_t dhss_len,
struct wpa_ptk *ptk, int akmp, int cipher,
size_t kdk_len)
size_t kdk_len, size_t kek_len)
{
u8 tmp[WPA_KCK_MAX_LEN + WPA_TK_MAX_LEN + WPA_KDK_MAX_LEN];
u8 tmp[WPA_KCK_MAX_LEN + WPA_KEK_MAX_LEN + WPA_TK_MAX_LEN +
WPA_KDK_MAX_LEN];
const u8 *pos;
u8 *data;
size_t data_len, ptk_len;
int ret = -1;
@ -1499,7 +1502,7 @@ int pasn_pmk_to_ptk(const u8 *pmk, size_t pmk_len,
ptk->kck_len = WPA_PASN_KCK_LEN;
ptk->tk_len = wpa_cipher_key_len(cipher);
ptk->kdk_len = kdk_len;
ptk->kek_len = 0;
ptk->kek_len = kek_len;
ptk->kek2_len = 0;
ptk->kck2_len = 0;
@ -1510,7 +1513,7 @@ int pasn_pmk_to_ptk(const u8 *pmk, size_t pmk_len,
goto err;
}
ptk_len = ptk->kck_len + ptk->tk_len + ptk->kdk_len;
ptk_len = ptk->kck_len + ptk->tk_len + ptk->kdk_len + ptk->kek_len;
if (ptk_len > sizeof(tmp))
goto err;
@ -1538,13 +1541,21 @@ int pasn_pmk_to_ptk(const u8 *pmk, size_t pmk_len,
os_memcpy(ptk->kck, tmp, WPA_PASN_KCK_LEN);
wpa_hexdump_key(MSG_DEBUG, "PASN: KCK:", ptk->kck, WPA_PASN_KCK_LEN);
pos = &tmp[WPA_PASN_KCK_LEN];
os_memcpy(ptk->tk, tmp + WPA_PASN_KCK_LEN, ptk->tk_len);
if (kek_len) {
os_memcpy(ptk->kek, pos, kek_len);
wpa_hexdump_key(MSG_DEBUG, "PASN: KEK:",
ptk->kek, ptk->kek_len);
pos += kek_len;
}
os_memcpy(ptk->tk, pos, ptk->tk_len);
wpa_hexdump_key(MSG_DEBUG, "PASN: TK:", ptk->tk, ptk->tk_len);
pos += ptk->tk_len;
if (kdk_len) {
os_memcpy(ptk->kdk, tmp + WPA_PASN_KCK_LEN + ptk->tk_len,
ptk->kdk_len);
os_memcpy(ptk->kdk, pos, ptk->kdk_len);
wpa_hexdump_key(MSG_DEBUG, "PASN: KDK:",
ptk->kdk, ptk->kdk_len);
}

2
src/common/wpa_common.h
View file

@ -770,7 +770,7 @@ int pasn_pmk_to_ptk(const u8 *pmk, size_t pmk_len,
const u8 *spa, const u8 *bssid,
const u8 *dhss, size_t dhss_len,
struct wpa_ptk *ptk, int akmp, int cipher,
size_t kdk_len);
size_t kdk_len, size_t kek_len);
u8 pasn_mic_len(int akmp, int cipher);

10
src/common/wpa_ctrl.c
View file

@ -135,7 +135,7 @@ try_again:
return NULL;
}
tries++;
#ifdef ANDROID
/* Set client socket file permissions so that bind() creates the client
* socket with these permissions and there is no need to try to change
* them with chmod() after bind() which would have potential issues with
@ -147,7 +147,7 @@ try_again:
* operations to allow the response to go through. Those are using the
* no-deference-symlinks version to avoid races. */
fchmod(ctrl->s, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
#endif /* ANDROID */
if (bind(ctrl->s, (struct sockaddr *) &ctrl->local,
sizeof(ctrl->local)) < 0) {
if (errno == EADDRINUSE && tries < 2) {
@ -165,7 +165,11 @@ try_again:
return NULL;
}
#ifdef ANDROID
#ifndef ANDROID
/* Set group even if we do not have privileges to change owner */
lchown(ctrl->local.sun_path, -1, 101);
lchown(ctrl->local.sun_path, 101, 101);
#else
/* Set group even if we do not have privileges to change owner */
lchown(ctrl->local.sun_path, -1, AID_WIFI);
lchown(ctrl->local.sun_path, AID_SYSTEM, AID_WIFI);

4
src/common/wpa_ctrl.h
View file

@ -308,6 +308,10 @@ extern "C" {
#define P2P_EVENT_P2PS_PROVISION_START "P2PS-PROV-START "
#define P2P_EVENT_P2PS_PROVISION_DONE "P2PS-PROV-DONE "
#define P2P_EVENT_BOOTSTRAP_REQUEST "P2P-BOOTSTRAP-REQUEST "
#define P2P_EVENT_BOOTSTRAP_SUCCESS "P2P-BOOTSTRAP-SUCCESS "
#define P2P_EVENT_BOOTSTRAP_FAILURE "P2P-BOOTSTRAP-FAILURE "
#define INTERWORKING_AP "INTERWORKING-AP "
#define INTERWORKING_EXCLUDED "INTERWORKING-BLACKLISTED "
#define INTERWORKING_NO_MATCH "INTERWORKING-NO-MATCH "

129
src/crypto/Makefile
View file

@ -1,10 +1,121 @@
CFLAGS += -DCONFIG_CRYPTO_INTERNAL
CFLAGS += -DCONFIG_TLS_INTERNAL_CLIENT
CFLAGS += -DCONFIG_TLS_INTERNAL_SERVER
#CFLAGS += -DALL_DH_GROUPS
CFLAGS += -DCONFIG_SHA256
CFLAGS += -DCONFIG_SHA384
CFLAGS += -DCONFIG_HMAC_SHA256_KDF
CFLAGS += -DCONFIG_HMAC_SHA384_KDF
# crypto_module_tests.c
CFLAGS += -DCONFIG_MODULE_TESTS
CFLAGS += -DCONFIG_DPP
#CFLAGS += -DCONFIG_DPP2
#CFLAGS += -DCONFIG_DPP3
CFLAGS += -DCONFIG_ECC
CFLAGS += -DCONFIG_MESH
CFLAGS += -DEAP_PSK
CFLAGS += -DEAP_FAST
ifeq ($(CONFIG_TLS),mbedtls)
# (enable features for 'cd tests; make run-tests CONFIG_TLS=mbedtls')
CFLAGS += -DCRYPTO_RSA_OAEP_SHA256
CFLAGS += -DCONFIG_DES
CFLAGS += -DEAP_IKEV2
CFLAGS += -DEAP_MSCHAPv2
CFLAGS += -DEAP_SIM
LIB_OBJS = tls_mbedtls.o crypto_mbedtls.o
LIB_OBJS+= \
aes-eax.o \
aes-siv.o \
dh_groups.o \
milenage.o \
ms_funcs.o
else
ifeq ($(CONFIG_TLS),openssl)
# (enable features for 'cd tests; make run-tests CONFIG_TLS=openssl')
ifndef CONFIG_TLS_DEFAULT_CIPHERS
CONFIG_TLS_DEFAULT_CIPHERS = "DEFAULT:!EXP:!LOW"
endif
CFLAGS += -DTLS_DEFAULT_CIPHERS=\"$(CONFIG_TLS_DEFAULT_CIPHERS)\"
CFLAGS += -DCRYPTO_RSA_OAEP_SHA256
CFLAGS += -DEAP_TLS_OPENSSL
LIB_OBJS = tls_openssl.o fips_prf_openssl.o crypto_openssl.o
LIB_OBJS+= \
aes-ctr.o \
aes-eax.o \
aes-encblock.o \
aes-siv.o \
dh_groups.o \
milenage.o \
ms_funcs.o \
sha1-prf.o \
sha1-tlsprf.o \
sha1-tprf.o \
sha256-kdf.o \
sha256-prf.o \
sha256-tlsprf.o
else
ifeq ($(CONFIG_TLS),wolfssl)
# (wolfssl libraries must be built with ./configure --enable-wpas)
# (enable features for 'cd tests; make run-tests CONFIG_TLS=wolfssl')
CFLAGS += -DWOLFSSL_DER_LOAD
CFLAGS += -DCONFIG_DES
LIB_OBJS = tls_wolfssl.o fips_prf_wolfssl.o crypto_wolfssl.o
LIB_OBJS+= \
aes-ctr.o \
aes-eax.o \
aes-encblock.o \
aes-siv.o \
dh_groups.o \
milenage.o \
ms_funcs.o \
sha1-prf.o \
sha1-tlsprf.o \
sha1-tprf.o \
sha256-kdf.o \
sha256-prf.o \
sha256-tlsprf.o
else
ifeq ($(CONFIG_TLS),gnutls)
# (enable features for 'cd tests; make run-tests CONFIG_TLS=gnutls')
LIB_OBJS = tls_gnutls.o crypto_gnutls.o
LIB_OBJS+= \
aes-cbc.o \
aes-ctr.o \
aes-eax.o \
aes-encblock.o \
aes-omac1.o \
aes-siv.o \
aes-unwrap.o \
aes-wrap.o \
dh_group5.o \
dh_groups.o \
milenage.o \
ms_funcs.o \
rc4.o \
sha1-pbkdf2.o \
sha1-prf.o \
fips_prf_internal.o \
sha1-internal.o \
sha1-tlsprf.o \
sha1-tprf.o \
sha256-kdf.o \
sha256-prf.o \
sha256-tlsprf.o
else
CFLAGS += -DCONFIG_CRYPTO_INTERNAL
CFLAGS += -DCONFIG_TLS_INTERNAL_CLIENT
CFLAGS += -DCONFIG_TLS_INTERNAL_SERVER
CFLAGS += -DCONFIG_INTERNAL_SHA384
LIB_OBJS= \
@ -13,7 +124,6 @@ LIB_OBJS= \
aes-ctr.o \
aes-eax.o \
aes-encblock.o \
aes-gcm.o \
aes-internal.o \
aes-internal-dec.o \
aes-internal-enc.o \
@ -37,6 +147,7 @@ LIB_OBJS= \
sha1-tlsprf.o \
sha1-tprf.o \
sha256.o \
sha256-kdf.o \
sha256-prf.o \
sha256-tlsprf.o \
sha256-internal.o \
@ -53,6 +164,16 @@ LIB_OBJS += crypto_internal-modexp.o
LIB_OBJS += crypto_internal-rsa.o
LIB_OBJS += tls_internal.o
LIB_OBJS += fips_prf_internal.o
endif
endif
endif
endif
# (used by wlantest/{bip,gcmp,rx_mgmt}.c and tests/test-aes.c)
LIB_OBJS += aes-gcm.o
ifndef TEST_FUZZ
LIB_OBJS += random.o
endif

4228
src/crypto/crypto_mbedtls.c Normal file
View file

File diff suppressed because it is too large Load diff

134
src/crypto/crypto_module_tests.c
View file

@ -2470,6 +2470,139 @@ static int test_hpke(void)
}
static int test_ecc(void)
{
#ifdef CONFIG_ECC
#ifndef CONFIG_TLS_INTERNAL
#ifndef CONFIG_TLS_GNUTLS
#if defined(CONFIG_TLS_MBEDTLS) \
|| defined(CONFIG_TLS_OPENSSL) \
|| defined(CONFIG_TLS_WOLFSSL)
wpa_printf(MSG_INFO, "Testing ECC");
/* Note: some tests below are valid on supported Short Weierstrass
* curves, but not on Montgomery curves (e.g. IKE groups 31 and 32)
* (e.g. deriving and comparing y^2 test below not valid on Montgomery)
*/
#ifdef CONFIG_TLS_MBEDTLS
const int grps[] = {19, 20, 21, 25, 26, 28};
#endif
#ifdef CONFIG_TLS_OPENSSL
const int grps[] = {19, 20, 21, 26};
#endif
#ifdef CONFIG_TLS_WOLFSSL
const int grps[] = {19, 20, 21, 26};
#endif
uint32_t i;
struct crypto_ec *e = NULL;
struct crypto_ec_point *p = NULL, *q = NULL;
struct crypto_bignum *x = NULL, *y = NULL;
#ifdef CONFIG_DPP
u8 bin[4096];
#endif
for (i = 0; i < ARRAY_SIZE(grps); ++i) {
e = crypto_ec_init(grps[i]);
if (e == NULL
|| crypto_ec_prime_len(e) == 0
|| crypto_ec_prime_len_bits(e) == 0
|| crypto_ec_order_len(e) == 0
|| crypto_ec_get_prime(e) == NULL
|| crypto_ec_get_order(e) == NULL
|| crypto_ec_get_a(e) == NULL
|| crypto_ec_get_b(e) == NULL
|| crypto_ec_get_generator(e) == NULL) {
break;
}
#ifdef CONFIG_DPP
struct crypto_ec_key *key = crypto_ec_key_gen(grps[i]);
if (key == NULL)
break;
p = crypto_ec_key_get_public_key(key);
q = crypto_ec_key_get_public_key(key);
crypto_ec_key_deinit(key);
if (p == NULL || q == NULL)
break;
if (!crypto_ec_point_is_on_curve(e, p))
break;
/* inverted point should not match original;
* double-invert should match */
if (crypto_ec_point_invert(e, q) != 0
|| crypto_ec_point_cmp(e, p, q) == 0
|| crypto_ec_point_invert(e, q) != 0
|| crypto_ec_point_cmp(e, p, q) != 0) {
break;
}
/* crypto_ec_point_to_bin() and crypto_ec_point_from_bin()
* imbalanced interfaces? */
size_t prime_len = crypto_ec_prime_len(e);
if (prime_len * 2 > sizeof(bin))
break;
if (crypto_ec_point_to_bin(e, p, bin, bin+prime_len) != 0)
break;
struct crypto_ec_point *tmp = crypto_ec_point_from_bin(e, bin);
if (tmp == NULL)
break;
if (crypto_ec_point_cmp(e, p, tmp) != 0) {
crypto_ec_point_deinit(tmp, 0);
break;
}
crypto_ec_point_deinit(tmp, 0);
x = crypto_bignum_init();
y = crypto_bignum_init_set(bin+prime_len, prime_len);
if (x == NULL || y == NULL || crypto_ec_point_x(e, p, x) != 0)
break;
struct crypto_bignum *y2 = crypto_ec_point_compute_y_sqr(e, x);
if (y2 == NULL)
break;
if (crypto_bignum_sqrmod(y, crypto_ec_get_prime(e), y) != 0
|| crypto_bignum_cmp(y, y2) != 0) {
crypto_bignum_deinit(y2, 0);
break;
}
crypto_bignum_deinit(y2, 0);
crypto_bignum_deinit(x, 0);
crypto_bignum_deinit(y, 0);
x = NULL;
y = NULL;
x = crypto_bignum_init();
if (x == NULL)
break;
if (crypto_bignum_rand(x, crypto_ec_get_prime(e)) != 0)
break;
crypto_bignum_deinit(x, 0);
x = NULL;
crypto_ec_point_deinit(p, 0);
p = NULL;
crypto_ec_point_deinit(q, 0);
q = NULL;
#endif /* CONFIG_DPP */
crypto_ec_deinit(e);
e = NULL;
}
if (i != ARRAY_SIZE(grps)) {
crypto_bignum_deinit(x, 0);
crypto_bignum_deinit(y, 0);
crypto_ec_point_deinit(p, 0);
crypto_ec_point_deinit(q, 0);
crypto_ec_deinit(e);
wpa_printf(MSG_INFO,
"ECC test case failed tls_id:%d", grps[i]);
return -1;
}
wpa_printf(MSG_INFO, "ECC test cases passed");
#endif
#endif /* !CONFIG_TLS_GNUTLS */
#endif /* !CONFIG_TLS_INTERNAL */
#endif /* CONFIG_ECC */
return 0;
}
static int test_ms_funcs(void)
{
#ifndef CONFIG_FIPS
@ -2591,6 +2724,7 @@ int crypto_module_tests(void)
test_fips186_2_prf() ||
test_extract_expand_hkdf() ||
test_hpke() ||
test_ecc() ||
test_ms_funcs())
ret = -1;

3313
src/crypto/tls_mbedtls.c Normal file
View file

File diff suppressed because it is too large Load diff

15
src/drivers/driver.h
View file

@ -22,6 +22,7 @@
#include "common/defs.h"
#include "common/ieee802_11_defs.h"
#include "common/wpa_common.h"
#include "common/nan.h"
#ifdef CONFIG_MACSEC
#include "pae/ieee802_1x_kay.h"
#endif /* CONFIG_MACSEC */
@ -29,7 +30,6 @@
struct nan_subscribe_params;
struct nan_publish_params;
enum nan_service_protocol_type;
#define HOSTAPD_CHAN_DISABLED 0x00000001
#define HOSTAPD_CHAN_NO_IR 0x00000002
@ -1004,6 +1004,9 @@ struct wpa_driver_associate_params {
* responsible for selecting with which BSS to associate. */
const u8 *bssid;
unsigned char rates[WLAN_SUPP_RATES_MAX];
int mcast_rate;
/**
* bssid_hint - BSSID of a proposed AP
*
@ -1917,6 +1920,7 @@ struct wpa_driver_mesh_join_params {
#define WPA_DRIVER_MESH_FLAG_AMPE 0x00000008
unsigned int flags;
bool handle_dfs;
int mcast_rate;
};
struct wpa_driver_set_key_params {
@ -2390,6 +2394,9 @@ struct wpa_driver_capa {
/** Maximum number of iterations in a single scan plan */
u32 max_sched_scan_plan_iterations;
/** Maximum number of extra IE bytes for scans */
u16 max_scan_ie_len;
/** Whether sched_scan (offloaded scanning) is supported */
int sched_scan_supported;
@ -6971,8 +6978,8 @@ union wpa_event_data {
* Driver wrapper code should call this function whenever an event is received
* from the driver.
*/
void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
union wpa_event_data *data);
extern void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
union wpa_event_data *data);
/**
* wpa_supplicant_event_global - Report a driver event for wpa_supplicant
@ -6984,7 +6991,7 @@ void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
* Same as wpa_supplicant_event(), but we search for the interface in
* wpa_global.
*/
void wpa_supplicant_event_global(void *ctx, enum wpa_event_type event,
extern void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
union wpa_event_data *data);
/*

338
src/drivers/driver_nl80211.c
View file

@ -30,6 +30,8 @@
#include "common/ieee802_11_defs.h"
#include "common/ieee802_11_common.h"
#include "common/wpa_common.h"
#include "common/nan.h"
#include "common/nan_de.h"
#include "crypto/sha256.h"
#include "crypto/sha384.h"
#include "netlink.h"
@ -5510,7 +5512,7 @@ static int nl80211_set_channel(struct i802_bss *bss,
freq->he_enabled, freq->eht_enabled, freq->bandwidth,
freq->center_freq1, freq->center_freq2);
msg = nl80211_drv_msg(drv, 0, set_chan ? NL80211_CMD_SET_CHANNEL :
msg = nl80211_bss_msg(bss, 0, set_chan ? NL80211_CMD_SET_CHANNEL :
NL80211_CMD_SET_WIPHY);
if (!msg || nl80211_put_freq_params(msg, freq) < 0) {
nlmsg_free(msg);
@ -6251,8 +6253,7 @@ static void nl80211_teardown_ap(struct i802_bss *bss)
nl80211_mgmt_unsubscribe(bss, "AP teardown");
nl80211_put_wiphy_data_ap(bss);
if (bss->flink)
bss->flink->beacon_set = 0;
wpa_driver_nl80211_del_beacon_all(bss);
}
@ -11463,6 +11464,10 @@ static int nl80211_switch_channel(void *priv, struct csa_settings *settings)
if (ret)
goto error;
if (drv->nlmode == NL80211_IFTYPE_MESH_POINT) {
nla_put_flag(msg, NL80211_ATTR_HANDLE_DFS);
}
/* beacon_csa params */
beacon_csa = nla_nest_start(msg, NL80211_ATTR_CSA_IES);
if (!beacon_csa)
@ -12137,6 +12142,18 @@ static int nl80211_put_mesh_id(struct nl_msg *msg, const u8 *mesh_id,
}
static int nl80211_put_mcast_rate(struct nl_msg *msg, int mcast_rate)
{
if (mcast_rate > 0) {
wpa_printf(MSG_DEBUG, " * mcast_rate=%.1f",
(double)mcast_rate / 10);
return nla_put_u32(msg, NL80211_ATTR_MCAST_RATE, mcast_rate);
}
return 0;
}
static int nl80211_put_mesh_config(struct nl_msg *msg,
struct wpa_driver_mesh_bss_params *params)
{
@ -12198,6 +12215,7 @@ static int nl80211_join_mesh(struct i802_bss *bss,
nl80211_put_basic_rates(msg, params->basic_rates) ||
nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) ||
nl80211_put_beacon_int(msg, params->beacon_int) ||
nl80211_put_mcast_rate(msg, params->mcast_rate) ||
nl80211_put_dtim_period(msg, params->dtim_period))
goto fail;
@ -12652,7 +12670,7 @@ static int add_acs_ch_list(struct nl_msg *msg, const int *freq_list)
}
static int add_acs_freq_list(struct nl_msg *msg, const int *freq_list)
static int add_freq_list(struct nl_msg *msg, int attr, const int *freq_list)
{
int i, len, ret;
u32 *freqs;
@ -12665,8 +12683,7 @@ static int add_acs_freq_list(struct nl_msg *msg, const int *freq_list)
return -1;
for (i = 0; i < len; i++)
freqs[i] = freq_list[i];
ret = nla_put(msg, QCA_WLAN_VENDOR_ATTR_ACS_FREQ_LIST,
sizeof(u32) * len, freqs);
ret = nla_put(msg, attr, sizeof(u32) * len, freqs);
os_free(freqs);
return ret;
}
@ -12701,7 +12718,8 @@ static int nl80211_qca_do_acs(struct wpa_driver_nl80211_data *drv,
nla_put_u16(msg, QCA_WLAN_VENDOR_ATTR_ACS_CHWIDTH,
params->ch_width) ||
add_acs_ch_list(msg, params->freq_list) ||
add_acs_freq_list(msg, params->freq_list) ||
add_freq_list(msg, QCA_WLAN_VENDOR_ATTR_ACS_FREQ_LIST,
params->freq_list) ||
(params->edmg_enabled &&
nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_ACS_EDMG_ENABLED)) ||
(params->link_id != NL80211_DRV_LINK_ID_NA &&
@ -13588,6 +13606,304 @@ fail:
#endif /* CONFIG_PASN */
#ifdef CONFIG_NAN_USD
static int nl80211_nan_flush(void *priv)
{
struct i802_bss *bss = priv;
struct wpa_driver_nl80211_data *drv = bss->drv;
struct nl_msg *msg;
struct nlattr *container;
int ret;
wpa_printf(MSG_DEBUG, "nl80211: NAN USD flush");
msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR);
if (!msg ||
nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
QCA_NL80211_VENDOR_SUBCMD_USD))
goto fail;
container = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
if (!container ||
nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_USD_OP_TYPE,
QCA_WLAN_VENDOR_USD_OP_TYPE_FLUSH))
goto fail;
nla_nest_end(msg, container);
ret = send_and_recv_cmd(drv, msg);
if (ret)
wpa_printf(MSG_ERROR,
"nl80211: Failed to send NAN USD flush");
return ret;
fail:
nlmsg_free(msg);
return -1;
}
static int nl80211_nan_publish(void *priv, const u8 *src, int publish_id,
const char *service_name, const u8 *service_id,
enum nan_service_protocol_type srv_proto_type,
const struct wpabuf *ssi,
const struct wpabuf *elems,
struct nan_publish_params *params)
{
struct i802_bss *bss = priv;
struct wpa_driver_nl80211_data *drv = bss->drv;
struct nl_msg *msg;
struct nlattr *container, *attr;
int ret;
wpa_printf(MSG_DEBUG,
"nl80211: Start NAN USD publish: default freq=%u, ttl=%u",
params->freq, params->ttl);
wpa_hexdump_buf(MSG_MSGDUMP, "nl80211: USD elements", elems);
msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR);
if (!msg ||
nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
QCA_NL80211_VENDOR_SUBCMD_USD))
goto fail;
container = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
if (!container)
goto fail;
if (nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_USD_OP_TYPE,
QCA_WLAN_VENDOR_USD_OP_TYPE_PUBLISH) ||
nla_put(msg, QCA_WLAN_VENDOR_ATTR_USD_SRC_ADDR, ETH_ALEN, src) ||
nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_USD_INSTANCE_ID, publish_id) ||
nla_put(msg, QCA_WLAN_VENDOR_ATTR_USD_SERVICE_ID,
NAN_SERVICE_ID_LEN, service_id) ||
nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_USD_SERVICE_PROTOCOL_TYPE,
srv_proto_type) ||
nla_put_u16(msg, QCA_WLAN_VENDOR_ATTR_USD_TTL, params->ttl) ||
nla_put(msg, QCA_WLAN_VENDOR_ATTR_USD_ELEMENT_CONTAINER,
wpabuf_len(elems), wpabuf_head(elems)) ||
(ssi && nla_put(msg, QCA_WLAN_VENDOR_ATTR_USD_SSI,
wpabuf_len(ssi), wpabuf_head(ssi))))
goto fail;
attr = nla_nest_start(msg, QCA_WLAN_VENDOR_ATTR_USD_CHAN_CONFIG);
if (!attr)
goto fail;
if (nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_USD_CHAN_CONFIG_DEFAULT_FREQ,
params->freq) ||
add_freq_list(msg, QCA_WLAN_VENDOR_ATTR_USD_CHAN_CONFIG_FREQ_LIST,
params->freq_list))
goto fail;
nla_nest_end(msg, attr);
nla_nest_end(msg, container);
ret = send_and_recv_cmd(drv, msg);
if (ret)
wpa_printf(MSG_ERROR,
"nl80211: Failed to send NAN USD publish");
return ret;
fail:
nlmsg_free(msg);
return -1;
}
static int nl80211_nan_cancel_publish(void *priv, int publish_id)
{
struct i802_bss *bss = priv;
struct wpa_driver_nl80211_data *drv = bss->drv;
struct nl_msg *msg;
struct nlattr *container;
int ret;
wpa_printf(MSG_DEBUG, "nl80211: NAN USD cancel publish");
msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR);
if (!msg ||
nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
QCA_NL80211_VENDOR_SUBCMD_USD))
goto fail;
container = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
if (!container)
goto fail;
if (nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_USD_OP_TYPE,
QCA_WLAN_VENDOR_USD_OP_TYPE_CANCEL_PUBLISH) ||
nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_USD_INSTANCE_ID,
publish_id))
goto fail;
nla_nest_end(msg, container);
ret = send_and_recv_cmd(drv, msg);
if (ret)
wpa_printf(MSG_ERROR,
"nl80211: Failed to send NAN USD cancel publish");
return ret;
fail:
nlmsg_free(msg);
return -1;
}
static int nl80211_nan_update_publish(void *priv, int publish_id,
const struct wpabuf *ssi)
{
struct i802_bss *bss = priv;
struct wpa_driver_nl80211_data *drv = bss->drv;
struct nl_msg *msg;
struct nlattr *container;
int ret;
wpa_printf(MSG_DEBUG, "nl80211: NAN USD update publish: id=%d",
publish_id);
msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR);
if (!msg ||
nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
QCA_NL80211_VENDOR_SUBCMD_USD))
goto fail;
container = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
if (!container)
goto fail;
if (nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_USD_OP_TYPE,
QCA_WLAN_VENDOR_USD_OP_TYPE_UPDATE_PUBLISH) ||
nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_USD_INSTANCE_ID,
publish_id) ||
(ssi && nla_put(msg, QCA_WLAN_VENDOR_ATTR_USD_SSI,
wpabuf_len(ssi), wpabuf_head(ssi))))
goto fail;
nla_nest_end(msg, container);
ret = send_and_recv_cmd(drv, msg);
if (ret)
wpa_printf(MSG_ERROR,
"nl80211: Failed to send NAN USD update publish");
return ret;
fail:
nlmsg_free(msg);
return -1;
}
static int nl80211_nan_subscribe(void *priv, const u8 *src, int subscribe_id,
const char *service_name, const u8 *service_id,
enum nan_service_protocol_type srv_proto_type,
const struct wpabuf *ssi,
const struct wpabuf *elems,
struct nan_subscribe_params *params)
{
struct i802_bss *bss = priv;
struct wpa_driver_nl80211_data *drv = bss->drv;
struct nl_msg *msg;
struct nlattr *container, *attr;
int ret;
wpa_printf(MSG_DEBUG,
"nl80211: Start NAN USD subscribe: freq=%u, ttl=%u",
params->freq, params->ttl);
wpa_hexdump_buf(MSG_MSGDUMP, "nl80211: USD elements", elems);
msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR);
if (!msg ||
nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
QCA_NL80211_VENDOR_SUBCMD_USD))
goto fail;
container = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
if (!container)
goto fail;
if (nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_USD_OP_TYPE,
QCA_WLAN_VENDOR_USD_OP_TYPE_SUBSCRIBE) ||
nla_put(msg, QCA_WLAN_VENDOR_ATTR_USD_SRC_ADDR, ETH_ALEN, src) ||
nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_USD_INSTANCE_ID,
subscribe_id) ||
nla_put(msg, QCA_WLAN_VENDOR_ATTR_USD_SERVICE_ID,
NAN_SERVICE_ID_LEN, service_id) ||
nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_USD_SERVICE_PROTOCOL_TYPE,
srv_proto_type) ||
nla_put_u16(msg, QCA_WLAN_VENDOR_ATTR_USD_TTL, params->ttl) ||
nla_put(msg, QCA_WLAN_VENDOR_ATTR_USD_ELEMENT_CONTAINER,
wpabuf_len(elems), wpabuf_head(elems)) ||
(ssi && nla_put(msg, QCA_WLAN_VENDOR_ATTR_USD_SSI,
wpabuf_len(ssi), wpabuf_head(ssi))))
goto fail;
attr = nla_nest_start(msg, QCA_WLAN_VENDOR_ATTR_USD_CHAN_CONFIG);
if (!attr ||
nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_USD_CHAN_CONFIG_DEFAULT_FREQ,
params->freq) ||
add_freq_list(msg, QCA_WLAN_VENDOR_ATTR_USD_CHAN_CONFIG_FREQ_LIST,
params->freq_list))
goto fail;
nla_nest_end(msg, attr);
nla_nest_end(msg, container);
ret = send_and_recv_cmd(drv, msg);
if (ret)
wpa_printf(MSG_ERROR,
"nl80211: Failed to send NAN USD subscribe");
return ret;
fail:
nlmsg_free(msg);
return -1;
}
static int nl80211_nan_cancel_subscribe(void *priv, int subscribe_id)
{
struct i802_bss *bss = priv;
struct wpa_driver_nl80211_data *drv = bss->drv;
struct nl_msg *msg;
struct nlattr *container;
int ret;
wpa_printf(MSG_DEBUG, "nl80211: NAN USD cancel subscribe");
msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR);
if (!msg ||
nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
QCA_NL80211_VENDOR_SUBCMD_USD))
goto fail;
container = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
if (!container ||
nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_USD_OP_TYPE,
QCA_WLAN_VENDOR_USD_OP_TYPE_CANCEL_SUBSCRIBE) ||
nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_USD_INSTANCE_ID,
subscribe_id))
goto fail;
nla_nest_end(msg, container);
ret = send_and_recv_cmd(drv, msg);
if (ret)
wpa_printf(MSG_ERROR,
"nl80211: Failed to send NAN USD cancel subscribe");
return ret;
fail:
nlmsg_free(msg);
return -1;
}
#endif /* CONFIG_NAN_USD */
#endif /* CONFIG_DRIVER_NL80211_QCA */
@ -14303,6 +14619,14 @@ const struct wpa_driver_ops wpa_driver_nl80211_ops = {
.send_pasn_resp = nl80211_send_pasn_resp,
.set_secure_ranging_ctx = nl80211_set_secure_ranging_ctx,
#endif /* CONFIG_PASN */
#ifdef CONFIG_NAN_USD
.nan_flush = nl80211_nan_flush,
.nan_publish = nl80211_nan_publish,
.nan_cancel_publish = nl80211_nan_cancel_publish,
.nan_update_publish = nl80211_nan_update_publish,
.nan_subscribe = nl80211_nan_subscribe,
.nan_cancel_subscribe = nl80211_nan_cancel_subscribe,
#endif /* CONFIG_NAN_USD */
#endif /* CONFIG_DRIVER_NL80211_QCA */
.do_acs = nl80211_do_acs,
.configure_data_frame_filters = nl80211_configure_data_frame_filters,

13
src/drivers/driver_nl80211_capa.c
View file

@ -976,6 +976,10 @@ static int wiphy_info_handler(struct nl_msg *msg, void *arg)
nla_get_u32(tb[NL80211_ATTR_MAX_SCAN_PLAN_ITERATIONS]);
}
if (tb[NL80211_ATTR_MAX_SCAN_IE_LEN])
capa->max_scan_ie_len =
nla_get_u16(tb[NL80211_ATTR_MAX_SCAN_IE_LEN]);
if (tb[NL80211_ATTR_MAX_MATCH_SETS])
capa->max_match_sets =
nla_get_u8(tb[NL80211_ATTR_MAX_MATCH_SETS]);
@ -1451,6 +1455,8 @@ static void qca_nl80211_get_features(struct wpa_driver_nl80211_data *drv)
"The driver supports RSN overriding in STA mode");
drv->capa.flags2 |= WPA_DRIVER_FLAGS2_RSN_OVERRIDE_STA;
}
if (check_feature(QCA_WLAN_VENDOR_FEATURE_NAN_USD_OFFLOAD, &info))
drv->capa.flags2 |= WPA_DRIVER_FLAGS2_NAN_OFFLOAD;
os_free(info.flags);
}
@ -2752,10 +2758,9 @@ static int phy_multi_hw_info_parse(struct hostapd_multi_hw_info *hw_info,
hw_info->hw_idx = nla_get_u32(radio_attr);
return NL_OK;
case NL80211_WIPHY_RADIO_ATTR_FREQ_RANGE:
nla_parse_nested(tb_freq, NL80211_WIPHY_RADIO_FREQ_ATTR_MAX,
radio_attr, NULL);
if (!tb_freq[NL80211_WIPHY_RADIO_FREQ_ATTR_START] ||
if (nla_parse_nested(tb_freq, NL80211_WIPHY_RADIO_FREQ_ATTR_MAX,
radio_attr, NULL) ||
!tb_freq[NL80211_WIPHY_RADIO_FREQ_ATTR_START] ||
!tb_freq[NL80211_WIPHY_RADIO_FREQ_ATTR_END])
return NL_STOP;

2
src/drivers/driver_nl80211_scan.c
View file

@ -235,7 +235,7 @@ nl80211_scan_common(struct i802_bss *bss, u8 cmd,
wpa_printf(MSG_DEBUG, "nl80211: Passive scan requested");
}
if (params->extra_ies) {
if (params->extra_ies && drv->capa.max_scan_ie_len >= params->extra_ies_len) {
wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs",
params->extra_ies, params->extra_ies_len);
if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len,

4
src/drivers/drivers.c
View file

@ -10,6 +10,10 @@
#include "utils/common.h"
#include "driver.h"
void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event,
union wpa_event_data *data);
void (*wpa_supplicant_event_global)(void *ctx, enum wpa_event_type event,
union wpa_event_data *data);
const struct wpa_driver_ops *const wpa_drivers[] =
{

4
src/drivers/drivers.mak
View file

@ -54,7 +54,6 @@ NEED_SME=y
NEED_AP_MLME=y
NEED_NETLINK=y
NEED_LINUX_IOCTL=y
NEED_RFKILL=y
NEED_RADIOTAP=y
NEED_LIBNL=y
endif
@ -111,7 +110,6 @@ DRV_WPA_CFLAGS += -DCONFIG_DRIVER_WEXT
CONFIG_WIRELESS_EXTENSION=y
NEED_NETLINK=y
NEED_LINUX_IOCTL=y
NEED_RFKILL=y
endif
ifdef CONFIG_DRIVER_NDIS
@ -137,7 +135,6 @@ endif
ifdef CONFIG_WIRELESS_EXTENSION
DRV_WPA_CFLAGS += -DCONFIG_WIRELESS_EXTENSION
DRV_WPA_OBJS += ../src/drivers/driver_wext.o
NEED_RFKILL=y
endif
ifdef NEED_NETLINK
@ -146,6 +143,7 @@ endif
ifdef NEED_RFKILL
DRV_OBJS += ../src/drivers/rfkill.o
DRV_WPA_CFLAGS += -DCONFIG_RFKILL
endif
ifdef NEED_RADIOTAP

16
src/drivers/rfkill.h
View file

@ -18,8 +18,24 @@ struct rfkill_config {
void (*unblocked_cb)(void *ctx);
};
#ifdef CONFIG_RFKILL
struct rfkill_data * rfkill_init(struct rfkill_config *cfg);
void rfkill_deinit(struct rfkill_data *rfkill);
int rfkill_is_blocked(struct rfkill_data *rfkill);
#else
static inline struct rfkill_data * rfkill_init(struct rfkill_config *cfg)
{
return (void *) 1;
}
static inline void rfkill_deinit(struct rfkill_data *rfkill)
{
}
static inline int rfkill_is_blocked(struct rfkill_data *rfkill)
{
return 0;
}
#endif
#endif /* RFKILL_H */

44
src/p2p/p2p.c
View file

@ -13,9 +13,13 @@
#include "common/defs.h"
#include "common/ieee802_11_defs.h"
#include "common/ieee802_11_common.h"
#include "common/wpa_common.h"
#include "common/wpa_ctrl.h"
#include "common/sae.h"
#include "crypto/sha256.h"
#include "crypto/sha384.h"
#include "crypto/crypto.h"
#include "pasn/pasn_common.h"
#include "wps/wps_i.h"
#include "p2p_i.h"
#include "p2p.h"
@ -1919,17 +1923,16 @@ static void p2p_rx_p2p_action(struct p2p_data *p2p, const u8 *sa,
switch (data[0]) {
case P2P_GO_NEG_REQ:
p2p_process_go_neg_req(p2p, sa, data + 1, len - 1, rx_freq);
p2p_handle_go_neg_req(p2p, sa, data + 1, len - 1, rx_freq);
break;
case P2P_GO_NEG_RESP:
p2p_process_go_neg_resp(p2p, sa, data + 1, len - 1, rx_freq);
p2p_handle_go_neg_resp(p2p, sa, data + 1, len - 1, rx_freq);
break;
case P2P_GO_NEG_CONF:
p2p_process_go_neg_conf(p2p, sa, data + 1, len - 1);
p2p_handle_go_neg_conf(p2p, sa, data + 1, len - 1, false);
break;
case P2P_INVITATION_REQ:
p2p_process_invitation_req(p2p, sa, data + 1, len - 1,
rx_freq);
p2p_handle_invitation_req(p2p, sa, data + 1, len - 1, rx_freq);
break;
case P2P_INVITATION_RESP:
p2p_process_invitation_resp(p2p, sa, data + 1, len - 1);
@ -2981,6 +2984,10 @@ bool is_p2p_6ghz_disabled(struct p2p_data *p2p)
static void p2p_pairing_info_deinit(struct p2p_data *p2p)
{
#ifdef CONFIG_PASN
pasn_initiator_pmksa_cache_deinit(p2p->initiator_pmksa);
pasn_responder_pmksa_cache_deinit(p2p->responder_pmksa);
#endif /* CONFIG_PASN */
os_free(p2p->pairing_info);
}
@ -3012,6 +3019,10 @@ static int p2p_pairing_info_init(struct p2p_data *p2p)
p2p_pairing_info_deinit(p2p);
p2p->pairing_info = pairing_info;
#ifdef CONFIG_PASN
p2p->initiator_pmksa = pasn_initiator_pmksa_cache_init();
p2p->responder_pmksa = pasn_responder_pmksa_cache_init();
#endif /* CONFIG_PASN */
return 0;
}
@ -4971,8 +4982,13 @@ int p2p_get_interface_addr(struct p2p_data *p2p, const u8 *dev_addr,
u8 *iface_addr)
{
struct p2p_device *dev = p2p_get_device(p2p, dev_addr);
if (dev == NULL || is_zero_ether_addr(dev->interface_addr))
if (!dev || is_zero_ether_addr(dev->interface_addr)) {
p2p_dbg(p2p,
"P2P: Failed to get interface address from device addr "
MACSTR, MAC2STR(dev_addr));
return -1;
}
os_memcpy(iface_addr, dev->interface_addr, ETH_ALEN);
return 0;
}
@ -4982,8 +4998,13 @@ int p2p_get_dev_addr(struct p2p_data *p2p, const u8 *iface_addr,
u8 *dev_addr)
{
struct p2p_device *dev = p2p_get_device_interface(p2p, iface_addr);
if (dev == NULL)
if (!dev) {
p2p_dbg(p2p,
"P2P: Failed to get device address from interface address "
MACSTR, MAC2STR(iface_addr));
return -1;
}
os_memcpy(dev_addr, dev->info.p2p_device_addr, ETH_ALEN);
return 0;
}
@ -5923,3 +5944,12 @@ void p2p_process_usd_elems(struct p2p_data *p2p, const u8 *ies, u16 ies_len,
p2p_parse_free(&msg);
}
#ifdef CONFIG_PASN
int p2p_pasn_auth_rx(struct p2p_data *p2p, const struct ieee80211_mgmt *mgmt,
size_t len, int freq)
{
return -1; /* TODO */
}
#endif /* CONFIG_PASN */

30
src/p2p/p2p.h
View file

@ -1180,7 +1180,8 @@ struct p2p_config {
* When P2PS provisioning completes (successfully or not) we must
* transmit all of the results to the upper layers.
*/
void (*p2ps_prov_complete)(void *ctx, u8 status, const u8 *dev,
void (*p2ps_prov_complete)(void *ctx, enum p2p_status_code status,
const u8 *dev,
const u8 *adv_mac, const u8 *ses_mac,
const u8 *grp_mac, u32 adv_id, u32 ses_id,
u8 conncap, int passwd_id,
@ -1245,6 +1246,31 @@ struct p2p_config {
*/
void (*register_bootstrap_comeback)(void *ctx, const u8 *addr,
u16 comeback_after);
/**
* bootstrap_req_rx - Indicate bootstrap request from a P2P peer
* @ctx: Callback context from cb_ctx
* @addr: P2P device address from which bootstrap request was received
* @bootstrap_method: Bootstrapping method request by the peer device
*
* This function can be used to notify that bootstrap request is
* received from a P2P peer.
*/
void (*bootstrap_req_rx)(void *ctx, const u8 *addr,
u16 bootstrap_method);
/**
* bootstrap_completed - Indicate bootstrapping completed with P2P peer
* @ctx: Callback context from cb_ctx
* @addr: P2P device address with which bootstrapping is completed
* @status: P2P Status Code of bootstrapping handshake
* @freq: Frequency in which bootstrapping is done
*
* This function can be used to notify the status of bootstrapping
* handshake.
*/
void (*bootstrap_completed)(void *ctx, const u8 *addr,
enum p2p_status_code status, int freq);
};
@ -2550,5 +2576,7 @@ int p2p_channel_to_freq(int op_class, int channel);
struct wpabuf * p2p_usd_elems(struct p2p_data *p2p);
void p2p_process_usd_elems(struct p2p_data *p2p, const u8 *ies, u16 ies_len,
const u8 *peer_addr, unsigned int freq);
int p2p_pasn_auth_rx(struct p2p_data *p2p, const struct ieee80211_mgmt *mgmt,
size_t len, int freq);
#endif /* P2P_H */

34
src/p2p/p2p_build.c
View file

@ -957,3 +957,37 @@ int p2p_build_wps_ie(struct p2p_data *p2p, struct wpabuf *buf, int pw_id,
return 0;
}
struct wpabuf * p2p_encaps_ie(const struct wpabuf *subelems, u32 ie_type)
{
struct wpabuf *ie;
const u8 *pos, *end;
size_t len;
if (!subelems)
return NULL;
len = wpabuf_len(subelems) + 1000;
ie = wpabuf_alloc(len);
if (!ie)
return NULL;
pos = wpabuf_head(subelems);
end = pos + wpabuf_len(subelems);
while (end > pos) {
size_t frag_len = end - pos;
if (frag_len > 251)
frag_len = 251;
wpabuf_put_u8(ie, WLAN_EID_VENDOR_SPECIFIC);
wpabuf_put_u8(ie, 4 + frag_len);
wpabuf_put_be32(ie, ie_type);
wpabuf_put_data(ie, pos, frag_len);
pos += frag_len;
}
return ie;
}

247
src/p2p/p2p_go_neg.c
View file

@ -135,11 +135,11 @@ static const char * p2p_wps_method_str(enum p2p_wps_method wps_method)
}
static struct wpabuf * p2p_build_go_neg_req(struct p2p_data *p2p,
struct p2p_device *peer)
struct wpabuf * p2p_build_go_neg_req(struct p2p_data *p2p,
struct p2p_device *peer)
{
struct wpabuf *buf;
u8 *len;
struct wpabuf *subelems;
u8 group_capab;
size_t extra = 0;
u16 pw_id;
@ -159,7 +159,12 @@ static struct wpabuf * p2p_build_go_neg_req(struct p2p_data *p2p,
p2p_buf_add_public_action_hdr(buf, P2P_GO_NEG_REQ, peer->dialog_token);
len = p2p_buf_add_ie_hdr(buf);
subelems = wpabuf_alloc(500);
if (!subelems) {
wpabuf_free(buf);
return NULL;
}
group_capab = 0;
if (peer->flags & P2P_DEV_PREFER_PERSISTENT_GROUP) {
group_capab |= P2P_GROUP_CAPAB_PERSISTENT_GROUP;
@ -170,17 +175,20 @@ static struct wpabuf * p2p_build_go_neg_req(struct p2p_data *p2p,
group_capab |= P2P_GROUP_CAPAB_CROSS_CONN;
if (p2p->cfg->p2p_intra_bss)
group_capab |= P2P_GROUP_CAPAB_INTRA_BSS_DIST;
p2p_buf_add_capability(buf, p2p->dev_capab &
p2p_buf_add_capability(subelems, p2p->dev_capab &
~P2P_DEV_CAPAB_CLIENT_DISCOVERABILITY,
group_capab);
p2p_buf_add_go_intent(buf, (p2p->go_intent << 1) | peer->tie_breaker);
p2p_buf_add_config_timeout(buf, p2p->go_timeout, p2p->client_timeout);
p2p_buf_add_listen_channel(buf, p2p->cfg->country, p2p->cfg->reg_class,
p2p_buf_add_go_intent(subelems,
(p2p->go_intent << 1) | peer->tie_breaker);
p2p_buf_add_config_timeout(subelems, p2p->go_timeout,
p2p->client_timeout);
p2p_buf_add_listen_channel(subelems, p2p->cfg->country,
p2p->cfg->reg_class,
p2p->cfg->channel);
if (p2p->ext_listen_interval)
p2p_buf_add_ext_listen_timing(buf, p2p->ext_listen_period,
p2p_buf_add_ext_listen_timing(subelems, p2p->ext_listen_period,
p2p->ext_listen_interval);
p2p_buf_add_intended_addr(buf, p2p->intended_addr);
p2p_buf_add_intended_addr(subelems, p2p->intended_addr);
is_6ghz_capab = is_p2p_6ghz_capable(p2p) &&
p2p_is_peer_6ghz_capab(p2p, peer->info.p2p_device_addr);
if (p2p->num_pref_freq) {
@ -191,16 +199,15 @@ static struct wpabuf * p2p_build_go_neg_req(struct p2p_data *p2p,
p2p->num_pref_freq, &pref_chanlist, go);
p2p_channels_dump(p2p, "channel list after filtering",
&pref_chanlist);
p2p_buf_add_channel_list(buf, p2p->cfg->country,
p2p_buf_add_channel_list(subelems, p2p->cfg->country,
&pref_chanlist, is_6ghz_capab);
} else {
p2p_buf_add_channel_list(buf, p2p->cfg->country,
p2p_buf_add_channel_list(subelems, p2p->cfg->country,
&p2p->channels, is_6ghz_capab);
}
p2p_buf_add_device_info(buf, p2p, peer);
p2p_buf_add_operating_channel(buf, p2p->cfg->country,
p2p_buf_add_device_info(subelems, p2p, peer);
p2p_buf_add_operating_channel(subelems, p2p->cfg->country,
p2p->op_reg_class, p2p->op_channel);
p2p_buf_update_ie_hdr(buf, len);
p2p_buf_add_pref_channel_list(buf, p2p->pref_freq_list,
p2p->num_pref_freq);
@ -209,8 +216,9 @@ static struct wpabuf * p2p_build_go_neg_req(struct p2p_data *p2p,
pw_id = p2p_wps_method_pw_id(peer->wps_method);
if (peer->oob_pw_id)
pw_id = peer->oob_pw_id;
if (p2p_build_wps_ie(p2p, buf, pw_id, 0) < 0) {
if (!peer->p2p2 && p2p_build_wps_ie(p2p, buf, pw_id, 0) < 0) {
p2p_dbg(p2p, "Failed to build WPS IE for GO Negotiation Request");
wpabuf_free(subelems);
wpabuf_free(buf);
return NULL;
}
@ -223,6 +231,8 @@ static struct wpabuf * p2p_build_go_neg_req(struct p2p_data *p2p,
if (p2p->vendor_elem && p2p->vendor_elem[VENDOR_ELEM_P2P_GO_NEG_REQ])
wpabuf_put_buf(buf, p2p->vendor_elem[VENDOR_ELEM_P2P_GO_NEG_REQ]);
buf = wpabuf_concat(buf, p2p_encaps_ie(subelems, P2P_IE_VENDOR_TYPE));
wpabuf_free(subelems);
return buf;
}
@ -293,7 +303,7 @@ static struct wpabuf * p2p_build_go_neg_resp(struct p2p_data *p2p,
u8 tie_breaker)
{
struct wpabuf *buf;
u8 *len;
struct wpabuf *subelems;
u8 group_capab;
size_t extra = 0;
u16 pw_id;
@ -316,8 +326,13 @@ static struct wpabuf * p2p_build_go_neg_resp(struct p2p_data *p2p,
p2p_buf_add_public_action_hdr(buf, P2P_GO_NEG_RESP, dialog_token);
len = p2p_buf_add_ie_hdr(buf);
p2p_buf_add_status(buf, status);
subelems = wpabuf_alloc(500);
if (!subelems) {
wpabuf_free(buf);
return NULL;
}
p2p_buf_add_status(subelems, status);
group_capab = 0;
if (peer && peer->go_state == LOCAL_GO) {
if (peer->flags & P2P_DEV_PREFER_PERSISTENT_GROUP) {
@ -331,24 +346,26 @@ static struct wpabuf * p2p_build_go_neg_resp(struct p2p_data *p2p,
if (p2p->cfg->p2p_intra_bss)
group_capab |= P2P_GROUP_CAPAB_INTRA_BSS_DIST;
}
p2p_buf_add_capability(buf, p2p->dev_capab &
p2p_buf_add_capability(subelems, p2p->dev_capab &
~P2P_DEV_CAPAB_CLIENT_DISCOVERABILITY,
group_capab);
p2p_buf_add_go_intent(buf, (p2p->go_intent << 1) | tie_breaker);
p2p_buf_add_config_timeout(buf, p2p->go_timeout, p2p->client_timeout);
p2p_buf_add_go_intent(subelems, (p2p->go_intent << 1) | tie_breaker);
p2p_buf_add_config_timeout(subelems, p2p->go_timeout,
p2p->client_timeout);
if (p2p->override_pref_op_class) {
p2p_dbg(p2p, "Override operating channel preference");
p2p_buf_add_operating_channel(buf, p2p->cfg->country,
p2p_buf_add_operating_channel(subelems, p2p->cfg->country,
p2p->override_pref_op_class,
p2p->override_pref_channel);
} else if (peer && peer->go_state == REMOTE_GO && !p2p->num_pref_freq) {
p2p_dbg(p2p, "Omit Operating Channel attribute");
} else {
p2p_buf_add_operating_channel(buf, p2p->cfg->country,
p2p_buf_add_operating_channel(subelems, p2p->cfg->country,
p2p->op_reg_class,
p2p->op_channel);
}
p2p_buf_add_intended_addr(buf, p2p->intended_addr);
p2p_buf_add_intended_addr(subelems, p2p->intended_addr);
if (p2p->num_pref_freq) {
bool go = (peer && peer->go_state == LOCAL_GO) ||
p2p->go_intent == 15;
@ -362,12 +379,12 @@ static struct wpabuf * p2p_build_go_neg_resp(struct p2p_data *p2p,
p2p->allow_6ghz);
}
if (status || peer == NULL) {
p2p_buf_add_channel_list(buf, p2p->cfg->country,
p2p_buf_add_channel_list(subelems, p2p->cfg->country,
&pref_chanlist, false);
} else if (peer->go_state == REMOTE_GO) {
is_6ghz_capab = is_p2p_6ghz_capable(p2p) &&
p2p_is_peer_6ghz_capab(p2p, peer->info.p2p_device_addr);
p2p_buf_add_channel_list(buf, p2p->cfg->country,
p2p_buf_add_channel_list(subelems, p2p->cfg->country,
&pref_chanlist, is_6ghz_capab);
} else {
struct p2p_channels res;
@ -376,22 +393,22 @@ static struct wpabuf * p2p_build_go_neg_resp(struct p2p_data *p2p,
p2p_is_peer_6ghz_capab(p2p, peer->info.p2p_device_addr);
p2p_channels_intersect(&pref_chanlist, &peer->channels,
&res);
p2p_buf_add_channel_list(buf, p2p->cfg->country, &res,
is_6ghz_capab);
p2p_buf_add_channel_list(subelems, p2p->cfg->country, &res,
is_6ghz_capab);
}
p2p_buf_add_device_info(buf, p2p, peer);
p2p_buf_add_device_info(subelems, p2p, peer);
if (peer && peer->go_state == LOCAL_GO) {
p2p_buf_add_group_id(buf, p2p->cfg->dev_addr, p2p->ssid,
p2p_buf_add_group_id(subelems, p2p->cfg->dev_addr, p2p->ssid,
p2p->ssid_len);
}
p2p_buf_update_ie_hdr(buf, len);
/* WPS IE with Device Password ID attribute */
pw_id = p2p_wps_method_pw_id(peer ? peer->wps_method : WPS_NOT_READY);
if (peer && peer->oob_pw_id)
pw_id = peer->oob_pw_id;
if (p2p_build_wps_ie(p2p, buf, pw_id, 0) < 0) {
if (peer && !peer->p2p2 && p2p_build_wps_ie(p2p, buf, pw_id, 0) < 0) {
p2p_dbg(p2p, "Failed to build WPS IE for GO Negotiation Response");
wpabuf_free(subelems);
wpabuf_free(buf);
return NULL;
}
@ -404,6 +421,8 @@ static struct wpabuf * p2p_build_go_neg_resp(struct p2p_data *p2p,
if (p2p->vendor_elem && p2p->vendor_elem[VENDOR_ELEM_P2P_GO_NEG_RESP])
wpabuf_put_buf(buf, p2p->vendor_elem[VENDOR_ELEM_P2P_GO_NEG_RESP]);
buf = wpabuf_concat(buf, p2p_encaps_ie(subelems, P2P_IE_VENDOR_TYPE));
wpabuf_free(subelems);
return buf;
}
@ -801,21 +820,21 @@ void p2p_check_pref_chan(struct p2p_data *p2p, int go,
}
void p2p_process_go_neg_req(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len, int rx_freq)
struct wpabuf * p2p_process_go_neg_req(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len, int rx_freq,
bool p2p2)
{
struct p2p_device *dev = NULL;
struct wpabuf *resp;
struct p2p_message msg;
u8 status = P2P_SC_FAIL_INVALID_PARAMS;
int tie_breaker = 0;
int freq;
p2p_dbg(p2p, "Received GO Negotiation Request from " MACSTR "(freq=%d)",
MAC2STR(sa), rx_freq);
if (p2p_parse(data, len, &msg))
return;
return NULL;
if (!msg.capability) {
p2p_dbg(p2p, "Mandatory Capability attribute missing from GO Negotiation Request");
@ -890,7 +909,7 @@ void p2p_process_go_neg_req(struct p2p_data *p2p, const u8 *sa,
p2p->cfg->send_action_done(p2p->cfg->cb_ctx);
p2p_go_neg_failed(p2p, *msg.status);
p2p_parse_free(&msg);
return;
return NULL;
}
goto fail;
}
@ -922,7 +941,7 @@ void p2p_process_go_neg_req(struct p2p_data *p2p, const u8 *sa,
p2p_dbg(p2p, "User has rejected this peer");
status = P2P_SC_FAIL_REJECTED_BY_USER;
} else if (dev == NULL ||
(dev->wps_method == WPS_NOT_READY &&
(dev->wps_method == WPS_NOT_READY && !p2p2 &&
(p2p->authorized_oob_dev_pw_id == 0 ||
p2p->authorized_oob_dev_pw_id !=
msg.dev_password_id))) {
@ -968,7 +987,7 @@ void p2p_process_go_neg_req(struct p2p_data *p2p, const u8 *sa,
os_memcmp(sa, p2p->cfg->dev_addr, ETH_ALEN) > 0) {
p2p_dbg(p2p, "Do not reply since peer has higher address and GO Neg Request already sent");
p2p_parse_free(&msg);
return;
return NULL;
}
if (dev->go_neg_req_sent &&
@ -976,7 +995,7 @@ void p2p_process_go_neg_req(struct p2p_data *p2p, const u8 *sa,
p2p_dbg(p2p,
"Do not reply since peer is waiting for us to start a new GO Negotiation and GO Neg Request already sent");
p2p_parse_free(&msg);
return;
return NULL;
}
go = p2p_go_det(p2p->go_intent, *msg.go_intent);
@ -993,6 +1012,9 @@ void p2p_process_go_neg_req(struct p2p_data *p2p, const u8 *sa,
goto fail;
}
if (p2p2)
goto skip;
switch (msg.dev_password_id) {
case DEV_PW_REGISTRAR_SPECIFIED:
p2p_dbg(p2p, "PIN from peer Display");
@ -1060,6 +1082,7 @@ void p2p_process_go_neg_req(struct p2p_data *p2p, const u8 *sa,
goto fail;
}
skip:
if (go && p2p_go_select_channel(p2p, dev, &status) < 0)
goto fail;
@ -1099,18 +1122,8 @@ fail:
!tie_breaker);
p2p_parse_free(&msg);
if (resp == NULL)
return;
p2p_dbg(p2p, "Sending GO Negotiation Response");
if (rx_freq > 0)
freq = rx_freq;
else
freq = p2p_channel_to_freq(p2p->cfg->reg_class,
p2p->cfg->channel);
if (freq < 0) {
p2p_dbg(p2p, "Unknown regulatory class/channel");
wpabuf_free(resp);
return;
}
return NULL;
if (status == P2P_SC_SUCCESS) {
p2p->pending_action_state = P2P_PENDING_GO_NEG_RESPONSE;
dev->flags |= P2P_DEV_WAIT_GO_NEG_CONFIRM;
@ -1128,6 +1141,33 @@ fail:
} else
p2p->pending_action_state =
P2P_PENDING_GO_NEG_RESPONSE_FAILURE;
return resp;
}
void p2p_handle_go_neg_req(struct p2p_data *p2p, const u8 *sa, const u8 *data,
size_t len, int rx_freq)
{
int freq;
struct wpabuf *resp;
resp = p2p_process_go_neg_req(p2p, sa, data, len, rx_freq, false);
if (!resp)
return;
p2p_dbg(p2p, "Sending GO Negotiation Response");
if (rx_freq > 0)
freq = rx_freq;
else
freq = p2p_channel_to_freq(p2p->cfg->reg_class,
p2p->cfg->channel);
if (freq < 0) {
p2p_dbg(p2p, "Unknown regulatory class/channel");
wpabuf_free(resp);
return;
}
if (p2p_send_action(p2p, freq, sa, p2p->cfg->dev_addr,
p2p->cfg->dev_addr,
wpabuf_head(resp), wpabuf_len(resp), 100) < 0) {
@ -1144,7 +1184,7 @@ static struct wpabuf * p2p_build_go_neg_conf(struct p2p_data *p2p,
const u8 *resp_chan, int go)
{
struct wpabuf *buf;
u8 *len;
struct wpabuf *subelems;
struct p2p_channels res;
u8 group_capab;
size_t extra = 0;
@ -1166,8 +1206,13 @@ static struct wpabuf * p2p_build_go_neg_conf(struct p2p_data *p2p,
p2p_buf_add_public_action_hdr(buf, P2P_GO_NEG_CONF, dialog_token);
len = p2p_buf_add_ie_hdr(buf);
p2p_buf_add_status(buf, status);
subelems = wpabuf_alloc(500);
if (!subelems) {
wpabuf_free(buf);
return NULL;
}
p2p_buf_add_status(subelems, status);
group_capab = 0;
if (peer->go_state == LOCAL_GO) {
if (peer->flags & P2P_DEV_PREFER_PERSISTENT_GROUP) {
@ -1181,25 +1226,26 @@ static struct wpabuf * p2p_build_go_neg_conf(struct p2p_data *p2p,
if (p2p->cfg->p2p_intra_bss)
group_capab |= P2P_GROUP_CAPAB_INTRA_BSS_DIST;
}
p2p_buf_add_capability(buf, p2p->dev_capab &
p2p_buf_add_capability(subelems, p2p->dev_capab &
~P2P_DEV_CAPAB_CLIENT_DISCOVERABILITY,
group_capab);
if (go || resp_chan == NULL)
p2p_buf_add_operating_channel(buf, p2p->cfg->country,
p2p_buf_add_operating_channel(subelems, p2p->cfg->country,
p2p->op_reg_class,
p2p->op_channel);
else
p2p_buf_add_operating_channel(buf, (const char *) resp_chan,
p2p_buf_add_operating_channel(subelems,
(const char *) resp_chan,
resp_chan[3], resp_chan[4]);
p2p_channels_intersect(&p2p->channels, &peer->channels, &res);
is_6ghz_capab = is_p2p_6ghz_capable(p2p) &&
p2p_is_peer_6ghz_capab(p2p, peer->info.p2p_device_addr);
p2p_buf_add_channel_list(buf, p2p->cfg->country, &res, is_6ghz_capab);
p2p_buf_add_channel_list(subelems, p2p->cfg->country, &res,
is_6ghz_capab);
if (go) {
p2p_buf_add_group_id(buf, p2p->cfg->dev_addr, p2p->ssid,
p2p_buf_add_group_id(subelems, p2p->cfg->dev_addr, p2p->ssid,
p2p->ssid_len);
}
p2p_buf_update_ie_hdr(buf, len);
#ifdef CONFIG_WIFI_DISPLAY
if (p2p->wfd_ie_go_neg)
@ -1209,36 +1255,40 @@ static struct wpabuf * p2p_build_go_neg_conf(struct p2p_data *p2p,
if (p2p->vendor_elem && p2p->vendor_elem[VENDOR_ELEM_P2P_GO_NEG_CONF])
wpabuf_put_buf(buf, p2p->vendor_elem[VENDOR_ELEM_P2P_GO_NEG_CONF]);
buf = wpabuf_concat(buf, p2p_encaps_ie(subelems, P2P_IE_VENDOR_TYPE));
wpabuf_free(subelems);
return buf;
}
void p2p_process_go_neg_resp(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len, int rx_freq)
struct wpabuf * p2p_process_go_neg_resp(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len,
int rx_freq, bool p2p2)
{
struct p2p_device *dev;
int go = -1;
struct p2p_message msg;
u8 status = P2P_SC_SUCCESS;
int freq;
struct wpabuf *conf = NULL;
p2p_dbg(p2p, "Received GO Negotiation Response from " MACSTR
" (freq=%d)", MAC2STR(sa), rx_freq);
dev = p2p_get_device(p2p, sa);
if (dev == NULL || dev->wps_method == WPS_NOT_READY ||
if (dev == NULL || (!p2p2 && dev->wps_method == WPS_NOT_READY) ||
dev != p2p->go_neg_peer) {
p2p_dbg(p2p, "Not ready for GO negotiation with " MACSTR,
MAC2STR(sa));
return;
return NULL;
}
if (p2p_parse(data, len, &msg))
return;
return NULL;
if (!(dev->flags & P2P_DEV_WAIT_GO_NEG_RESPONSE)) {
p2p_dbg(p2p, "Was not expecting GO Negotiation Response - ignore");
p2p_parse_free(&msg);
return;
return NULL;
}
dev->flags &= ~P2P_DEV_WAIT_GO_NEG_RESPONSE;
p2p_update_peer_6ghz_capab(dev, &msg);
@ -1247,7 +1297,7 @@ void p2p_process_go_neg_resp(struct p2p_data *p2p, const u8 *sa,
p2p_dbg(p2p, "Unexpected Dialog Token %u (expected %u)",
msg.dialog_token, dev->dialog_token);
p2p_parse_free(&msg);
return;
return NULL;
}
if (!msg.status) {
@ -1276,7 +1326,7 @@ void p2p_process_go_neg_resp(struct p2p_data *p2p, const u8 *sa,
}
p2p->cfg->send_action_done(p2p->cfg->cb_ctx);
p2p_parse_free(&msg);
return;
return NULL;
}
if (!msg.capability) {
@ -1377,6 +1427,9 @@ void p2p_process_go_neg_resp(struct p2p_data *p2p, const u8 *sa,
} else
dev->oper_freq = 0;
if (p2p2)
goto skip;
switch (msg.dev_password_id) {
case DEV_PW_REGISTRAR_SPECIFIED:
p2p_dbg(p2p, "PIN from peer Display");
@ -1432,6 +1485,7 @@ void p2p_process_go_neg_resp(struct p2p_data *p2p, const u8 *sa,
goto fail;
}
skip:
if (go && p2p_go_select_channel(p2p, dev, &status) < 0)
goto fail;
@ -1456,8 +1510,10 @@ fail:
go);
p2p_parse_free(&msg);
if (dev->go_neg_conf == NULL)
return;
p2p_dbg(p2p, "Sending GO Negotiation Confirm");
return NULL;
conf = wpabuf_dup(dev->go_neg_conf);
if (status == P2P_SC_SUCCESS) {
p2p->pending_action_state = P2P_PENDING_GO_NEG_CONFIRM;
dev->go_state = go ? LOCAL_GO : REMOTE_GO;
@ -1471,7 +1527,39 @@ fail:
dev->go_neg_conf_freq = freq;
dev->go_neg_conf_sent = 0;
if (p2p_send_action(p2p, freq, sa, p2p->cfg->dev_addr, sa,
if (status != P2P_SC_SUCCESS) {
p2p_dbg(p2p, "GO Negotiation failed");
dev->status = status;
}
return conf;
}
void p2p_handle_go_neg_resp(struct p2p_data *p2p, const u8 *sa, const u8 *data,
size_t len, int rx_freq)
{
int freq;
struct p2p_device *dev;
struct wpabuf *conf;
conf = p2p_process_go_neg_resp(p2p, sa, data, len, rx_freq, false);
if (!conf)
return;
wpabuf_free(conf);
dev = p2p_get_device(p2p, sa);
if (!dev)
return;
p2p_dbg(p2p, "Sending GO Negotiation Confirm");
if (rx_freq > 0)
freq = rx_freq;
else
freq = dev->listen_freq;
if (dev->go_neg_conf &&
p2p_send_action(p2p, freq, sa, p2p->cfg->dev_addr, sa,
wpabuf_head(dev->go_neg_conf),
wpabuf_len(dev->go_neg_conf), 50) < 0) {
p2p_dbg(p2p, "Failed to send Action frame");
@ -1479,15 +1567,14 @@ fail:
p2p->cfg->send_action_done(p2p->cfg->cb_ctx);
} else
dev->go_neg_conf_sent++;
if (status != P2P_SC_SUCCESS) {
p2p_dbg(p2p, "GO Negotiation failed");
p2p_go_neg_failed(p2p, status);
}
if (dev->status != P2P_SC_SUCCESS)
p2p_go_neg_failed(p2p, dev->status);
}
void p2p_process_go_neg_conf(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len)
void p2p_handle_go_neg_conf(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len, bool p2p2)
{
struct p2p_device *dev;
struct p2p_message msg;
@ -1495,7 +1582,7 @@ void p2p_process_go_neg_conf(struct p2p_data *p2p, const u8 *sa,
p2p_dbg(p2p, "Received GO Negotiation Confirm from " MACSTR,
MAC2STR(sa));
dev = p2p_get_device(p2p, sa);
if (dev == NULL || dev->wps_method == WPS_NOT_READY ||
if (dev == NULL || (!p2p2 && dev->wps_method == WPS_NOT_READY) ||
dev != p2p->go_neg_peer) {
p2p_dbg(p2p, "Not ready for GO negotiation with " MACSTR,
MAC2STR(sa));

44
src/p2p/p2p_i.h
View file

@ -621,6 +621,11 @@ struct p2p_data {
bool allow_6ghz;
struct p2p_pairing_info *pairing_info;
/* Pairing initiator PMKSA cache */
struct rsn_pmksa_cache *initiator_pmksa;
/* Pairing responder PMKSA cache */
struct rsn_pmksa_cache *responder_pmksa;
};
/**
@ -733,6 +738,15 @@ struct p2p_message {
const u8 *pbma_info;
size_t pbma_info_len;
const u8 *action_frame_wrapper;
size_t action_frame_wrapper_len;
const u8 *dira;
size_t dira_len;
const u8 *wlan_ap_info;
size_t wlan_ap_info_len;
};
@ -872,6 +886,7 @@ int p2p_build_wps_ie(struct p2p_data *p2p, struct wpabuf *buf, int pw_id,
void p2p_buf_add_pref_channel_list(struct wpabuf *buf,
const struct weighted_pcl *pref_freq_list,
unsigned int size);
struct wpabuf * p2p_encaps_ie(const struct wpabuf *subelems, u32 ie_type);
/* p2p_sd.c */
struct p2p_sd_query * p2p_pending_sd_req(struct p2p_data *p2p,
@ -888,15 +903,23 @@ void p2p_rx_gas_comeback_resp(struct p2p_data *p2p, const u8 *sa,
int p2p_start_sd(struct p2p_data *p2p, struct p2p_device *dev);
/* p2p_go_neg.c */
struct wpabuf * p2p_build_go_neg_req(struct p2p_data *p2p,
struct p2p_device *peer);
int p2p_peer_channels_check(struct p2p_data *p2p, struct p2p_channels *own,
struct p2p_device *dev,
const u8 *channel_list, size_t channel_list_len);
void p2p_process_go_neg_req(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len, int rx_freq);
void p2p_process_go_neg_resp(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len, int rx_freq);
void p2p_process_go_neg_conf(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len);
void p2p_handle_go_neg_req(struct p2p_data *p2p, const u8 *sa, const u8 *data,
size_t len, int rx_freq);
void p2p_handle_go_neg_resp(struct p2p_data *p2p, const u8 *sa, const u8 *data,
size_t len, int rx_freq);
void p2p_handle_go_neg_conf(struct p2p_data *p2p, const u8 *sa, const u8 *data,
size_t len, bool p2p2);
struct wpabuf * p2p_process_go_neg_req(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len, int rx_freq,
bool p2p2);
struct wpabuf * p2p_process_go_neg_resp(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len,
int rx_freq, bool p2p2);
int p2p_connect_send(struct p2p_data *p2p, struct p2p_device *dev);
u16 p2p_wps_method_pw_id(enum p2p_wps_method wps_method);
void p2p_reselect_channel(struct p2p_data *p2p,
@ -917,8 +940,13 @@ void p2p_process_pcea(struct p2p_data *p2p, struct p2p_message *msg,
struct p2p_device *dev);
/* p2p_invitation.c */
void p2p_process_invitation_req(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len, int rx_freq);
void p2p_handle_invitation_req(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len, int rx_freq);
void p2p_handle_invitation_resp(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len);
struct wpabuf * p2p_process_invitation_req(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len,
int rx_freq);
void p2p_process_invitation_resp(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len);
int p2p_invite_send(struct p2p_data *p2p, struct p2p_device *dev,

45
src/p2p/p2p_invitation.c
View file

@ -181,14 +181,14 @@ static struct wpabuf * p2p_build_invitation_resp(struct p2p_data *p2p,
}
void p2p_process_invitation_req(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len, int rx_freq)
struct wpabuf * p2p_process_invitation_req(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len,
int rx_freq)
{
struct p2p_device *dev;
struct p2p_message msg;
struct wpabuf *resp = NULL;
u8 status = P2P_SC_FAIL_INFO_CURRENTLY_UNAVAILABLE;
int freq;
int go = 0;
u8 group_bssid[ETH_ALEN], *bssid;
int op_freq = 0;
@ -202,7 +202,7 @@ void p2p_process_invitation_req(struct p2p_data *p2p, const u8 *sa,
MAC2STR(sa), rx_freq);
if (p2p_parse(data, len, &msg))
return;
return NULL;
dev = p2p_get_device(p2p, sa);
if (dev == NULL || (dev->flags & P2P_DEV_PROBE_REQ_ONLY)) {
@ -388,19 +388,6 @@ fail:
resp = p2p_build_invitation_resp(p2p, dev, msg.dialog_token, status,
bssid, reg_class, channel, channels);
if (resp == NULL)
goto out;
if (rx_freq > 0)
freq = rx_freq;
else
freq = p2p_channel_to_freq(p2p->cfg->reg_class,
p2p->cfg->channel);
if (freq < 0) {
p2p_dbg(p2p, "Unknown regulatory class/channel");
goto out;
}
/*
* Store copy of invitation data to be used when processing TX status
* callback for the Acton frame.
@ -424,6 +411,28 @@ fail:
}
p2p->inv_status = status;
p2p->inv_op_freq = op_freq;
p2p_parse_free(&msg);
return resp;
}
void p2p_handle_invitation_req(struct p2p_data *p2p, const u8 *sa,
const u8 *data, size_t len, int rx_freq)
{
int freq;
struct wpabuf *resp;
resp = p2p_process_invitation_req(p2p, sa, data, len, rx_freq);
if (!resp)
return;
if (rx_freq > 0)
freq = rx_freq;
else
freq = p2p_channel_to_freq(p2p->cfg->reg_class,
p2p->cfg->channel);
if (freq < 0)
p2p_dbg(p2p, "Unknown regulatory class/channel");
p2p->pending_action_state = P2P_PENDING_INVITATION_RESPONSE;
if (p2p_send_action(p2p, freq, sa, p2p->cfg->dev_addr,
@ -432,9 +441,7 @@ fail:
p2p_dbg(p2p, "Failed to send Action frame");
}
out:
wpabuf_free(resp);
p2p_parse_free(&msg);
}

34
src/p2p/p2p_parse.c
View file

@ -437,6 +437,40 @@ static int p2p_parse_attribute(u8 id, const u8 *data, u16 len,
msg->pbma_info_len = len;
wpa_printf(MSG_DEBUG, "P2P: * PBMA (length=%u)", len);
break;
case P2P_ATTR_ACTION_FRAME_WRAPPER:
if (len < 2) {
wpa_printf(MSG_DEBUG,
"P2P: Too short Action Frame Wrapper attribute (length %d)",
len);
return -1;
}
msg->action_frame_wrapper = data;
msg->action_frame_wrapper_len = len;
wpa_printf(MSG_DEBUG, "P2P: * Action frame wrapper (length=%u)",
len);
break;
case P2P_ATTR_DEVICE_IDENTITY_RESOLUTION:
if (len < 1) {
wpa_printf(MSG_DEBUG, "P2P: Too short DIRA (length %d)",
len);
return -1;
}
msg->dira = data;
msg->dira_len = len;
wpa_printf(MSG_DEBUG, "P2P: * DIRA (length=%u)", len);
break;
case P2P_ATTR_WLAN_AP_INFORMATION:
/* One or more AP Info fields (each being 12 octets) is required
* to be included. */
if (len < 12) {
wpa_printf(MSG_DEBUG,
"P2P: Too short WLAN AP info (length %d)",
len);
return -1;
}
msg->wlan_ap_info = data;
msg->wlan_ap_info_len = len;
break;
default:
wpa_printf(MSG_DEBUG, "P2P: Skipped unknown attribute %d "
"(length %d)", id, len);

14
src/p2p/p2p_pd.c
View file

@ -781,6 +781,9 @@ static void p2p_process_prov_disc_bootstrap_req(struct p2p_data *p2p,
if (!dev->req_bootstrap_method) {
status = P2P_SC_COMEBACK;
if (p2p->cfg->bootstrap_req_rx)
p2p->cfg->bootstrap_req_rx(p2p->cfg->cb_ctx,
sa, bootstrap);
goto out;
}
} else {
@ -807,6 +810,9 @@ static void p2p_process_prov_disc_bootstrap_req(struct p2p_data *p2p,
dev->bootstrap_params->comeback_after =
p2p->cfg->comeback_after;
status = P2P_SC_COMEBACK;
if (p2p->cfg->bootstrap_req_rx)
p2p->cfg->bootstrap_req_rx(p2p->cfg->cb_ctx,
sa, bootstrap);
goto out;
}
}
@ -1631,7 +1637,7 @@ static void p2p_process_prov_disc_bootstrap_resp(struct p2p_data *p2p,
size_t len, int rx_freq)
{
struct p2p_device *dev;
u8 status = P2P_SC_SUCCESS;
enum p2p_status_code status = P2P_SC_SUCCESS;
size_t cookie_len = 0;
const u8 *pos, *cookie;
u16 comeback_after;
@ -1707,6 +1713,10 @@ static void p2p_process_prov_disc_bootstrap_resp(struct p2p_data *p2p,
p2p->cfg->send_action_done(p2p->cfg->cb_ctx);
if (dev->flags & P2P_DEV_PD_BEFORE_GO_NEG)
dev->flags &= ~P2P_DEV_PD_BEFORE_GO_NEG;
if (p2p->cfg->bootstrap_completed)
p2p->cfg->bootstrap_completed(p2p->cfg->cb_ctx, sa, status,
rx_freq);
}
@ -1716,7 +1726,7 @@ static void p2p_process_prov_disc_resp(struct p2p_data *p2p,
{
struct p2p_device *dev;
u16 report_config_methods = 0, req_config_methods;
u8 status = P2P_SC_SUCCESS;
enum p2p_status_code status = P2P_SC_SUCCESS;
u32 adv_id = 0;
u8 conncap = P2PS_SETUP_NEW;
u8 adv_mac[ETH_ALEN];

5
src/pasn/pasn_common.c
View file

@ -28,6 +28,9 @@ struct pasn_data * pasn_data_init(void)
void pasn_data_deinit(struct pasn_data *pasn)
{
if (!pasn)
return;
os_free(pasn->rsnxe_ie);
bin_clear_free(pasn, sizeof(struct pasn_data));
}
@ -157,7 +160,7 @@ void pasn_set_rsnxe_ie(struct pasn_data *pasn, const u8 *rsnxe_ie)
{
if (!pasn || !rsnxe_ie)
return;
pasn->rsnxe_ie = rsnxe_ie;
pasn->rsnxe_ie = os_memdup(rsnxe_ie, 2 + rsnxe_ie[1]);
}

25
src/pasn/pasn_common.h
View file

@ -54,7 +54,7 @@ struct pasn_data {
int wpa_key_mgmt;
int rsn_pairwise;
u16 rsnxe_capab;
const u8 *rsnxe_ie;
u8 *rsnxe_ie;
bool custom_pmkid_valid;
u8 custom_pmkid[PMKID_LEN];
@ -66,6 +66,7 @@ struct pasn_data {
size_t extra_ies_len;
/* External modules do not access below variables */
size_t kek_len;
u16 group;
bool secure_ltf;
int freq;
@ -206,6 +207,17 @@ void pasn_set_initiator_pmksa(struct pasn_data *pasn,
void pasn_set_responder_pmksa(struct pasn_data *pasn,
struct rsn_pmksa_cache *pmksa);
int pasn_set_pt(struct pasn_data *pasn, struct sae_pt *pt);
struct rsn_pmksa_cache * pasn_initiator_pmksa_cache_init(void);
void pasn_initiator_pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa);
int pasn_initiator_pmksa_cache_add(struct rsn_pmksa_cache *pmksa,
const u8 *own_addr, const u8 *bssid, u8 *pmk,
size_t pmk_len, u8 *pmkid);
int pasn_initiator_pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
const u8 *bssid, u8 *pmkid, u8 *pmk,
size_t *pmk_len);
void pasn_initiator_pmksa_cache_remove(struct rsn_pmksa_cache *pmksa,
const u8 *bssid);
void pasn_initiator_pmksa_cache_flush(struct rsn_pmksa_cache *pmksa);
/* Responder */
void pasn_set_noauth(struct pasn_data *pasn, bool noauth);
@ -217,6 +229,17 @@ void pasn_set_rsnxe_ie(struct pasn_data *pasn, const u8 *rsnxe_ie);
void pasn_set_custom_pmkid(struct pasn_data *pasn, const u8 *pmkid);
int pasn_set_extra_ies(struct pasn_data *pasn, const u8 *extra_ies,
size_t extra_ies_len);
struct rsn_pmksa_cache * pasn_responder_pmksa_cache_init(void);
void pasn_responder_pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa);
int pasn_responder_pmksa_cache_add(struct rsn_pmksa_cache *pmksa,
const u8 *own_addr, const u8 *bssid, u8 *pmk,
size_t pmk_len, u8 *pmkid);
int pasn_responder_pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
const u8 *bssid, u8 *pmkid, u8 *pmk,
size_t *pmk_len);
void pasn_responder_pmksa_cache_remove(struct rsn_pmksa_cache *pmksa,
const u8 *bssid);
void pasn_responder_pmksa_cache_flush(struct rsn_pmksa_cache *pmksa);
int pasn_get_akmp(struct pasn_data *pasn);
int pasn_get_cipher(struct pasn_data *pasn);

67
src/pasn/pasn_initiator.c
View file

@ -26,6 +26,65 @@
#include "pasn_common.h"
struct rsn_pmksa_cache * pasn_initiator_pmksa_cache_init(void)
{
return pmksa_cache_init(NULL, NULL, NULL, NULL, NULL);
}
void pasn_initiator_pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa)
{
return pmksa_cache_deinit(pmksa);
}
int pasn_initiator_pmksa_cache_add(struct rsn_pmksa_cache *pmksa,
const u8 *own_addr, const u8 *bssid, u8 *pmk,
size_t pmk_len, u8 *pmkid)
{
if (pmksa_cache_add(pmksa, pmk, pmk_len, pmkid, NULL, 0, bssid,
own_addr, NULL, WPA_KEY_MGMT_SAE, 0))
return 0;
return -1;
}
void pasn_initiator_pmksa_cache_remove(struct rsn_pmksa_cache *pmksa,
const u8 *bssid)
{
struct rsn_pmksa_cache_entry *entry;
entry = pmksa_cache_get(pmksa, bssid, NULL, NULL, NULL, 0);
if (!entry)
return;
pmksa_cache_remove(pmksa, entry);
}
int pasn_initiator_pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
const u8 *bssid, u8 *pmkid, u8 *pmk,
size_t *pmk_len)
{
struct rsn_pmksa_cache_entry *entry;
entry = pmksa_cache_get(pmksa, bssid, NULL, NULL, NULL, 0);
if (entry) {
os_memcpy(pmkid, entry->pmkid, PMKID_LEN);
os_memcpy(pmk, entry->pmk, entry->pmk_len);
*pmk_len = entry->pmk_len;
return 0;
}
return -1;
}
void pasn_initiator_pmksa_cache_flush(struct rsn_pmksa_cache *pmksa)
{
return pmksa_cache_flush(pmksa, NULL, NULL, 0, false);
}
void pasn_set_initiator_pmksa(struct pasn_data *pasn,
struct rsn_pmksa_cache *pmksa)
{
@ -587,7 +646,10 @@ static struct wpabuf * wpas_pasn_build_auth_1(struct pasn_data *pasn,
if (wpa_pasn_add_wrapped_data(buf, wrapped_data_buf) < 0)
goto fail;
wpa_pasn_add_rsnxe(buf, pasn->rsnxe_capab);
if (pasn->rsnxe_ie)
wpabuf_put_data(buf, pasn->rsnxe_ie, 2 + pasn->rsnxe_ie[1]);
else
wpa_pasn_add_rsnxe(buf, pasn->rsnxe_capab);
wpa_pasn_add_extra_ies(buf, pasn->extra_ies, pasn->extra_ies_len);
@ -747,6 +809,7 @@ void wpa_pasn_reset(struct pasn_data *pasn)
pasn->derive_kdk = false;
pasn->rsn_ie = NULL;
pasn->rsn_ie_len = 0;
os_free(pasn->rsnxe_ie);
pasn->rsnxe_ie = NULL;
pasn->custom_pmkid_valid = false;
@ -1233,7 +1296,7 @@ int wpa_pasn_auth_rx(struct pasn_data *pasn, const u8 *data, size_t len,
pasn->own_addr, pasn->peer_addr,
wpabuf_head(secret), wpabuf_len(secret),
&pasn->ptk, pasn->akmp, pasn->cipher,
pasn->kdk_len);
pasn->kdk_len, pasn->kek_len);
if (ret) {
wpa_printf(MSG_DEBUG, "PASN: Failed to derive PTK");
goto fail;

65
src/pasn/pasn_responder.c
View file

@ -26,6 +26,65 @@
#include "pasn_common.h"
struct rsn_pmksa_cache * pasn_responder_pmksa_cache_init(void)
{
return pmksa_cache_auth_init(NULL, NULL);
}
void pasn_responder_pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa)
{
return pmksa_cache_auth_deinit(pmksa);
}
int pasn_responder_pmksa_cache_add(struct rsn_pmksa_cache *pmksa,
const u8 *own_addr, const u8 *bssid, u8 *pmk,
size_t pmk_len, u8 *pmkid)
{
if (pmksa_cache_auth_add(pmksa, pmk, pmk_len, pmkid, NULL, 0, own_addr,
bssid, 0, NULL, WPA_KEY_MGMT_SAE))
return 0;
return -1;
}
int pasn_responder_pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
const u8 *bssid, u8 *pmkid, u8 *pmk,
size_t *pmk_len)
{
struct rsn_pmksa_cache_entry *entry;
entry = pmksa_cache_auth_get(pmksa, bssid, NULL);
if (entry) {
os_memcpy(pmkid, entry->pmkid, PMKID_LEN);
os_memcpy(pmk, entry->pmk, entry->pmk_len);
*pmk_len = entry->pmk_len;
return 0;
}
return -1;
}
void pasn_responder_pmksa_cache_remove(struct rsn_pmksa_cache *pmksa,
const u8 *bssid)
{
struct rsn_pmksa_cache_entry *entry;
entry = pmksa_cache_auth_get(pmksa, bssid, NULL);
if (!entry)
return;
pmksa_cache_free_entry(pmksa, entry);
}
void pasn_responder_pmksa_cache_flush(struct rsn_pmksa_cache *pmksa)
{
return pmksa_cache_auth_flush(pmksa);
}
void pasn_set_responder_pmksa(struct pasn_data *pasn,
struct rsn_pmksa_cache *pmksa)
{
@ -349,7 +408,7 @@ pasn_derive_keys(struct pasn_data *pasn,
ret = pasn_pmk_to_ptk(pmk, pmk_len, peer_addr, own_addr,
wpabuf_head(secret), wpabuf_len(secret),
&pasn->ptk, pasn->akmp,
pasn->cipher, pasn->kdk_len);
pasn->cipher, pasn->kdk_len, pasn->kek_len);
if (ret) {
wpa_printf(MSG_DEBUG, "PASN: Failed to derive PTK");
return -1;
@ -414,7 +473,7 @@ static void handle_auth_pasn_comeback(struct pasn_data *pasn,
"PASN: comeback: STA=" MACSTR, MAC2STR(peer_addr));
ret = pasn->send_mgmt(pasn->cb_ctx, wpabuf_head_u8(buf),
wpabuf_len(buf), 0, 0, 0);
wpabuf_len(buf), 0, pasn->freq, 0);
if (ret)
wpa_printf(MSG_INFO, "PASN: Failed to send comeback frame 2");
@ -579,7 +638,7 @@ done:
MAC2STR(peer_addr));
ret = pasn->send_mgmt(pasn->cb_ctx, wpabuf_head_u8(buf),
wpabuf_len(buf), 0, 0, 0);
wpabuf_len(buf), 0, pasn->freq, 0);
if (ret)
wpa_printf(MSG_INFO, "send_auth_reply: Send failed");

3
src/rsn_supp/wpa.c
View file

@ -4155,6 +4155,8 @@ static u32 wpa_key_mgmt_suite(struct wpa_sm *sm)
}
#ifdef CONFIG_CTRL_IFACE_MIB
#define RSN_SUITE "%02x-%02x-%02x-%d"
#define RSN_SUITE_ARG(s) \
((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
@ -4236,6 +4238,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
return (int) len;
}
#endif
#endif /* CONFIG_CTRL_IFACE */

11
src/tls/Makefile
View file

@ -1,3 +1,10 @@
LIB_OBJS= asn1.o
ifneq ($(CONFIG_TLS),gnutls)
ifneq ($(CONFIG_TLS),mbedtls)
ifneq ($(CONFIG_TLS),openssl)
ifneq ($(CONFIG_TLS),wolfssl)
CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH
CFLAGS += -DCONFIG_CRYPTO_INTERNAL
CFLAGS += -DCONFIG_TLSV11
@ -21,5 +28,9 @@ LIB_OBJS= \
tlsv1_server_read.o \
tlsv1_server_write.o \
x509v3.o
endif
endif
endif
endif
include ../lib.rules

69
src/utils/build_features.h Normal file
View file

@ -0,0 +1,69 @@
#ifndef BUILD_FEATURES_H
#define BUILD_FEATURES_H
static inline int has_feature(const char *feat)
{
#if defined(IEEE8021X_EAPOL) || (defined(HOSTAPD) && !defined(CONFIG_NO_RADIUS))
if (!strcmp(feat, "eap"))
return 1;
#endif
#ifdef CONFIG_IEEE80211AC
if (!strcmp(feat, "11ac"))
return 1;
#endif
#ifdef CONFIG_IEEE80211AX
if (!strcmp(feat, "11ax"))
return 1;
#endif
#ifdef CONFIG_IEEE80211BE
if (!strcmp(feat, "11be"))
return 1;
#endif
#ifdef CONFIG_IEEE80211R
if (!strcmp(feat, "11r"))
return 1;
#endif
#ifdef CONFIG_ACS
if (!strcmp(feat, "acs"))
return 1;
#endif
#ifdef CONFIG_SAE
if (!strcmp(feat, "sae"))
return 1;
#endif
#ifdef CONFIG_OWE
if (!strcmp(feat, "owe"))
return 1;
#endif
#ifdef CONFIG_SUITEB192
if (!strcmp(feat, "suiteb192"))
return 1;
#endif
#ifdef CONFIG_WEP
if (!strcmp(feat, "wep"))
return 1;
#endif
#ifdef CONFIG_HS20
if (!strcmp(feat, "hs20"))
return 1;
#endif
#ifdef CONFIG_WPS
if (!strcmp(feat, "wps"))
return 1;
#endif
#ifdef CONFIG_FILS
if (!strcmp(feat, "fils"))
return 1;
#endif
#ifdef CONFIG_OCV
if (!strcmp(feat, "ocv"))
return 1;
#endif
#ifdef CONFIG_MESH
if (!strcmp(feat, "mesh"))
return 1;
#endif
return 0;
}
#endif /* BUILD_FEATURES_H */

20
src/utils/eloop.c
View file

@ -77,6 +77,9 @@ struct eloop_sock_table {
struct eloop_data {
int max_sock;
eloop_timeout_poll_handler timeout_poll_cb;
eloop_poll_handler poll_cb;
size_t count; /* sum of all table counts */
#ifdef CONFIG_ELOOP_POLL
size_t max_pollfd_map; /* number of pollfds_map currently allocated */
@ -1121,6 +1124,12 @@ void eloop_run(void)
os_reltime_sub(&timeout->time, &now, &tv);
else
tv.sec = tv.usec = 0;
}
if (eloop.timeout_poll_cb && eloop.timeout_poll_cb(&tv, !!timeout))
timeout = (void *)1;
if (timeout) {
#if defined(CONFIG_ELOOP_POLL) || defined(CONFIG_ELOOP_EPOLL)
timeout_ms = tv.sec * 1000 + tv.usec / 1000;
#endif /* defined(CONFIG_ELOOP_POLL) || defined(CONFIG_ELOOP_EPOLL) */
@ -1190,7 +1199,8 @@ void eloop_run(void)
eloop.exceptions.changed = 0;
eloop_process_pending_signals();
if (eloop.poll_cb)
eloop.poll_cb();
/* check if some registered timeouts have occurred */
timeout = dl_list_first(&eloop.timeout, struct eloop_timeout,
@ -1252,6 +1262,14 @@ out:
return;
}
int eloop_register_cb(eloop_poll_handler poll_cb,
eloop_timeout_poll_handler timeout_cb)
{
eloop.poll_cb = poll_cb;
eloop.timeout_poll_cb = timeout_cb;
return 0;
}
void eloop_terminate(void)
{

8
src/utils/eloop.h
View file

@ -65,6 +65,9 @@ typedef void (*eloop_timeout_handler)(void *eloop_ctx, void *user_ctx);
*/
typedef void (*eloop_signal_handler)(int sig, void *signal_ctx);
typedef bool (*eloop_timeout_poll_handler)(struct os_reltime *tv, bool tv_set);
typedef void (*eloop_poll_handler)(void);
/**
* eloop_init() - Initialize global event loop data
* Returns: 0 on success, -1 on failure
@ -73,6 +76,9 @@ typedef void (*eloop_signal_handler)(int sig, void *signal_ctx);
*/
int eloop_init(void);
int eloop_register_cb(eloop_poll_handler poll_cb,
eloop_timeout_poll_handler timeout_cb);
/**
* eloop_register_read_sock - Register handler for read events
* @sock: File descriptor number for the socket
@ -320,6 +326,8 @@ int eloop_register_signal_reconfig(eloop_signal_handler handler,
*/
int eloop_sock_requeue(void);
void eloop_add_uloop(void);
/**
* eloop_run - Start the event loop
*

64
src/utils/uloop.c Normal file
View file

@ -0,0 +1,64 @@
#include <libubox/uloop.h>
#include "includes.h"
#include "common.h"
#include "eloop.h"
static void eloop_uloop_event_cb(int sock, void *eloop_ctx, void *sock_ctx)
{
}
static void eloop_uloop_fd_cb(struct uloop_fd *fd, unsigned int events)
{
unsigned int changed = events ^ fd->flags;
if (changed & ULOOP_READ) {
if (events & ULOOP_READ)
eloop_register_sock(fd->fd, EVENT_TYPE_READ, eloop_uloop_event_cb, fd, fd);
else
eloop_unregister_sock(fd->fd, EVENT_TYPE_READ);
}
if (changed & ULOOP_WRITE) {
if (events & ULOOP_WRITE)
eloop_register_sock(fd->fd, EVENT_TYPE_WRITE, eloop_uloop_event_cb, fd, fd);
else
eloop_unregister_sock(fd->fd, EVENT_TYPE_WRITE);
}
}
static bool uloop_timeout_poll_handler(struct os_reltime *tv, bool tv_set)
{
struct os_reltime tv_uloop;
int timeout_ms = uloop_get_next_timeout();
if (timeout_ms < 0)
return false;
tv_uloop.sec = timeout_ms / 1000;
tv_uloop.usec = (timeout_ms % 1000) * 1000;
if (!tv_set || os_reltime_before(&tv_uloop, tv)) {
*tv = tv_uloop;
return true;
}
return false;
}
static void uloop_poll_handler(void)
{
uloop_run_timeout(0);
}
void eloop_add_uloop(void)
{
static bool init_done = false;
if (!init_done) {
uloop_init();
uloop_fd_set_cb = eloop_uloop_fd_cb;
init_done = true;
}
eloop_register_cb(uloop_poll_handler, uloop_timeout_poll_handler);
}

Some files were not shown because too many files have changed in this diff Show more