mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 18:28:23 -05:00
WPS: Remove unused WEP related functionality
Now that WPS 2.0 support is enabled unconditionally, WEP and Shared auth type are not allowed. This made some of the older code unused and that can now be removed to clean up the implementation. There is still one place where WEP is allowed for testing purposes: wpa_supplicant as Registrar trying to configure an AP to use WEP. That is now only allowed in CONFIG_TESTING_OPTIONS=y builds, though. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
f19d87f1ee
commit
dc39004318
@ -1070,18 +1070,6 @@ int hostapd_init_wps(struct hostapd_data *hapd,
|
|||||||
if (conf->ssid.security_policy == SECURITY_PLAINTEXT) {
|
if (conf->ssid.security_policy == SECURITY_PLAINTEXT) {
|
||||||
wps->encr_types |= WPS_ENCR_NONE;
|
wps->encr_types |= WPS_ENCR_NONE;
|
||||||
wps->auth_types |= WPS_AUTH_OPEN;
|
wps->auth_types |= WPS_AUTH_OPEN;
|
||||||
} else if (conf->ssid.security_policy == SECURITY_STATIC_WEP) {
|
|
||||||
wps->encr_types |= WPS_ENCR_WEP;
|
|
||||||
if (conf->auth_algs & WPA_AUTH_ALG_OPEN)
|
|
||||||
wps->auth_types |= WPS_AUTH_OPEN;
|
|
||||||
if (conf->auth_algs & WPA_AUTH_ALG_SHARED)
|
|
||||||
wps->auth_types |= WPS_AUTH_SHARED;
|
|
||||||
} else if (conf->ssid.security_policy == SECURITY_IEEE_802_1X) {
|
|
||||||
wps->auth_types |= WPS_AUTH_OPEN;
|
|
||||||
if (conf->default_wep_key_len)
|
|
||||||
wps->encr_types |= WPS_ENCR_WEP;
|
|
||||||
else
|
|
||||||
wps->encr_types |= WPS_ENCR_NONE;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (conf->ssid.wpa_psk_file) {
|
if (conf->ssid.wpa_psk_file) {
|
||||||
@ -1642,8 +1630,6 @@ int hostapd_wps_config_ap(struct hostapd_data *hapd, const char *ssid,
|
|||||||
if (encr) {
|
if (encr) {
|
||||||
if (os_strncmp(encr, "NONE", 4) == 0)
|
if (os_strncmp(encr, "NONE", 4) == 0)
|
||||||
cred.encr_type = WPS_ENCR_NONE;
|
cred.encr_type = WPS_ENCR_NONE;
|
||||||
else if (os_strncmp(encr, "WEP", 3) == 0)
|
|
||||||
cred.encr_type = WPS_ENCR_WEP;
|
|
||||||
else if (os_strncmp(encr, "TKIP", 4) == 0)
|
else if (os_strncmp(encr, "TKIP", 4) == 0)
|
||||||
cred.encr_type = WPS_ENCR_TKIP;
|
cred.encr_type = WPS_ENCR_TKIP;
|
||||||
else if (os_strncmp(encr, "CCMP", 4) == 0)
|
else if (os_strncmp(encr, "CCMP", 4) == 0)
|
||||||
|
@ -106,8 +106,10 @@ static int eap_wsc_new_ap_settings(struct wps_credential *cred,
|
|||||||
}
|
}
|
||||||
if (os_strncmp(pos + 9, "NONE", 4) == 0)
|
if (os_strncmp(pos + 9, "NONE", 4) == 0)
|
||||||
cred->encr_type = WPS_ENCR_NONE;
|
cred->encr_type = WPS_ENCR_NONE;
|
||||||
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
else if (os_strncmp(pos + 9, "WEP", 3) == 0)
|
else if (os_strncmp(pos + 9, "WEP", 3) == 0)
|
||||||
cred->encr_type = WPS_ENCR_WEP;
|
cred->encr_type = WPS_ENCR_WEP;
|
||||||
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
else if (os_strncmp(pos + 9, "TKIP", 4) == 0)
|
else if (os_strncmp(pos + 9, "TKIP", 4) == 0)
|
||||||
cred->encr_type = WPS_ENCR_TKIP;
|
cred->encr_type = WPS_ENCR_TKIP;
|
||||||
else if (os_strncmp(pos + 9, "CCMP", 4) == 0)
|
else if (os_strncmp(pos + 9, "CCMP", 4) == 0)
|
||||||
|
@ -179,7 +179,7 @@ enum wps_msg_type {
|
|||||||
/* Authentication Type Flags */
|
/* Authentication Type Flags */
|
||||||
#define WPS_AUTH_OPEN 0x0001
|
#define WPS_AUTH_OPEN 0x0001
|
||||||
#define WPS_AUTH_WPAPSK 0x0002
|
#define WPS_AUTH_WPAPSK 0x0002
|
||||||
#define WPS_AUTH_SHARED 0x0004
|
#define WPS_AUTH_SHARED 0x0004 /* deprecated */
|
||||||
#define WPS_AUTH_WPA 0x0008
|
#define WPS_AUTH_WPA 0x0008
|
||||||
#define WPS_AUTH_WPA2 0x0010
|
#define WPS_AUTH_WPA2 0x0010
|
||||||
#define WPS_AUTH_WPA2PSK 0x0020
|
#define WPS_AUTH_WPA2PSK 0x0020
|
||||||
@ -188,7 +188,7 @@ enum wps_msg_type {
|
|||||||
|
|
||||||
/* Encryption Type Flags */
|
/* Encryption Type Flags */
|
||||||
#define WPS_ENCR_NONE 0x0001
|
#define WPS_ENCR_NONE 0x0001
|
||||||
#define WPS_ENCR_WEP 0x0002
|
#define WPS_ENCR_WEP 0x0002 /* deprecated */
|
||||||
#define WPS_ENCR_TKIP 0x0004
|
#define WPS_ENCR_TKIP 0x0004
|
||||||
#define WPS_ENCR_AES 0x0008
|
#define WPS_ENCR_AES 0x0008
|
||||||
#define WPS_ENCR_TYPES (WPS_ENCR_NONE | WPS_ENCR_WEP | WPS_ENCR_TKIP | \
|
#define WPS_ENCR_TYPES (WPS_ENCR_NONE | WPS_ENCR_WEP | WPS_ENCR_TKIP | \
|
||||||
|
@ -1599,8 +1599,6 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
|
|||||||
wps->auth_type = WPS_AUTH_WPAPSK;
|
wps->auth_type = WPS_AUTH_WPAPSK;
|
||||||
else if (wps->auth_type & WPS_AUTH_OPEN)
|
else if (wps->auth_type & WPS_AUTH_OPEN)
|
||||||
wps->auth_type = WPS_AUTH_OPEN;
|
wps->auth_type = WPS_AUTH_OPEN;
|
||||||
else if (wps->auth_type & WPS_AUTH_SHARED)
|
|
||||||
wps->auth_type = WPS_AUTH_SHARED;
|
|
||||||
else {
|
else {
|
||||||
wpa_printf(MSG_DEBUG, "WPS: Unsupported auth_type 0x%x",
|
wpa_printf(MSG_DEBUG, "WPS: Unsupported auth_type 0x%x",
|
||||||
wps->auth_type);
|
wps->auth_type);
|
||||||
@ -1620,10 +1618,12 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (wps->encr_type & WPS_ENCR_WEP)
|
if (wps->encr_type & WPS_ENCR_NONE)
|
||||||
wps->encr_type = WPS_ENCR_WEP;
|
|
||||||
else if (wps->encr_type & WPS_ENCR_NONE)
|
|
||||||
wps->encr_type = WPS_ENCR_NONE;
|
wps->encr_type = WPS_ENCR_NONE;
|
||||||
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
|
else if (wps->encr_type & WPS_ENCR_WEP)
|
||||||
|
wps->encr_type = WPS_ENCR_WEP;
|
||||||
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
else {
|
else {
|
||||||
wpa_printf(MSG_DEBUG, "WPS: No suitable encryption "
|
wpa_printf(MSG_DEBUG, "WPS: No suitable encryption "
|
||||||
"type for non-WPA/WPA2 mode");
|
"type for non-WPA/WPA2 mode");
|
||||||
|
@ -709,9 +709,9 @@ void wpas_dbus_signal_wps_cred(struct wpa_supplicant *wpa_s,
|
|||||||
DBusMessage *msg;
|
DBusMessage *msg;
|
||||||
DBusMessageIter iter, dict_iter;
|
DBusMessageIter iter, dict_iter;
|
||||||
struct wpas_dbus_priv *iface;
|
struct wpas_dbus_priv *iface;
|
||||||
char *auth_type[6]; /* we have six possible authorization types */
|
char *auth_type[5]; /* we have five possible authentication types */
|
||||||
int at_num = 0;
|
int at_num = 0;
|
||||||
char *encr_type[4]; /* we have four possible encryption types */
|
char *encr_type[3]; /* we have three possible encryption types */
|
||||||
int et_num = 0;
|
int et_num = 0;
|
||||||
|
|
||||||
iface = wpa_s->global->dbus;
|
iface = wpa_s->global->dbus;
|
||||||
@ -734,20 +734,15 @@ void wpas_dbus_signal_wps_cred(struct wpa_supplicant *wpa_s,
|
|||||||
auth_type[at_num++] = "open";
|
auth_type[at_num++] = "open";
|
||||||
if (cred->auth_type & WPS_AUTH_WPAPSK)
|
if (cred->auth_type & WPS_AUTH_WPAPSK)
|
||||||
auth_type[at_num++] = "wpa-psk";
|
auth_type[at_num++] = "wpa-psk";
|
||||||
if (cred->auth_type & WPS_AUTH_SHARED)
|
|
||||||
auth_type[at_num++] = "shared";
|
|
||||||
if (cred->auth_type & WPS_AUTH_WPA)
|
if (cred->auth_type & WPS_AUTH_WPA)
|
||||||
auth_type[at_num++] = "wpa-eap";
|
auth_type[at_num++] = "wpa-eap";
|
||||||
if (cred->auth_type & WPS_AUTH_WPA2)
|
if (cred->auth_type & WPS_AUTH_WPA2)
|
||||||
auth_type[at_num++] = "wpa2-eap";
|
auth_type[at_num++] = "wpa2-eap";
|
||||||
if (cred->auth_type & WPS_AUTH_WPA2PSK)
|
if (cred->auth_type & WPS_AUTH_WPA2PSK)
|
||||||
auth_type[at_num++] =
|
auth_type[at_num++] = "wpa2-psk";
|
||||||
"wpa2-psk";
|
|
||||||
|
|
||||||
if (cred->encr_type & WPS_ENCR_NONE)
|
if (cred->encr_type & WPS_ENCR_NONE)
|
||||||
encr_type[et_num++] = "none";
|
encr_type[et_num++] = "none";
|
||||||
if (cred->encr_type & WPS_ENCR_WEP)
|
|
||||||
encr_type[et_num++] = "wep";
|
|
||||||
if (cred->encr_type & WPS_ENCR_TKIP)
|
if (cred->encr_type & WPS_ENCR_TKIP)
|
||||||
encr_type[et_num++] = "tkip";
|
encr_type[et_num++] = "tkip";
|
||||||
if (cred->encr_type & WPS_ENCR_AES)
|
if (cred->encr_type & WPS_ENCR_AES)
|
||||||
|
@ -278,7 +278,6 @@ static int wpa_supplicant_wps_cred(void *ctx,
|
|||||||
{
|
{
|
||||||
struct wpa_supplicant *wpa_s = ctx;
|
struct wpa_supplicant *wpa_s = ctx;
|
||||||
struct wpa_ssid *ssid = wpa_s->current_ssid;
|
struct wpa_ssid *ssid = wpa_s->current_ssid;
|
||||||
u8 key_idx = 0;
|
|
||||||
u16 auth_type;
|
u16 auth_type;
|
||||||
#ifdef CONFIG_WPS_REG_DISABLE_OPEN
|
#ifdef CONFIG_WPS_REG_DISABLE_OPEN
|
||||||
int registrar = 0;
|
int registrar = 0;
|
||||||
@ -324,7 +323,6 @@ static int wpa_supplicant_wps_cred(void *ctx,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (auth_type != WPS_AUTH_OPEN &&
|
if (auth_type != WPS_AUTH_OPEN &&
|
||||||
auth_type != WPS_AUTH_SHARED &&
|
|
||||||
auth_type != WPS_AUTH_WPAPSK &&
|
auth_type != WPS_AUTH_WPAPSK &&
|
||||||
auth_type != WPS_AUTH_WPA2PSK) {
|
auth_type != WPS_AUTH_WPA2PSK) {
|
||||||
wpa_printf(MSG_DEBUG, "WPS: Ignored credentials for "
|
wpa_printf(MSG_DEBUG, "WPS: Ignored credentials for "
|
||||||
@ -387,38 +385,6 @@ static int wpa_supplicant_wps_cred(void *ctx,
|
|||||||
switch (cred->encr_type) {
|
switch (cred->encr_type) {
|
||||||
case WPS_ENCR_NONE:
|
case WPS_ENCR_NONE:
|
||||||
break;
|
break;
|
||||||
case WPS_ENCR_WEP:
|
|
||||||
if (cred->key_len <= 0)
|
|
||||||
break;
|
|
||||||
if (cred->key_len != 5 && cred->key_len != 13 &&
|
|
||||||
cred->key_len != 10 && cred->key_len != 26) {
|
|
||||||
wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key length "
|
|
||||||
"%lu", (unsigned long) cred->key_len);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
if (cred->key_idx > NUM_WEP_KEYS) {
|
|
||||||
wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key index %d",
|
|
||||||
cred->key_idx);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
if (cred->key_idx)
|
|
||||||
key_idx = cred->key_idx - 1;
|
|
||||||
if (cred->key_len == 10 || cred->key_len == 26) {
|
|
||||||
if (hexstr2bin((char *) cred->key,
|
|
||||||
ssid->wep_key[key_idx],
|
|
||||||
cred->key_len / 2) < 0) {
|
|
||||||
wpa_printf(MSG_ERROR, "WPS: Invalid WEP Key "
|
|
||||||
"%d", key_idx);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
ssid->wep_key_len[key_idx] = cred->key_len / 2;
|
|
||||||
} else {
|
|
||||||
os_memcpy(ssid->wep_key[key_idx], cred->key,
|
|
||||||
cred->key_len);
|
|
||||||
ssid->wep_key_len[key_idx] = cred->key_len;
|
|
||||||
}
|
|
||||||
ssid->wep_tx_keyidx = key_idx;
|
|
||||||
break;
|
|
||||||
case WPS_ENCR_TKIP:
|
case WPS_ENCR_TKIP:
|
||||||
ssid->pairwise_cipher = WPA_CIPHER_TKIP;
|
ssid->pairwise_cipher = WPA_CIPHER_TKIP;
|
||||||
break;
|
break;
|
||||||
@ -443,11 +409,6 @@ static int wpa_supplicant_wps_cred(void *ctx,
|
|||||||
}
|
}
|
||||||
#endif /* CONFIG_WPS_REG_DISABLE_OPEN */
|
#endif /* CONFIG_WPS_REG_DISABLE_OPEN */
|
||||||
break;
|
break;
|
||||||
case WPS_AUTH_SHARED:
|
|
||||||
ssid->auth_alg = WPA_AUTH_ALG_SHARED;
|
|
||||||
ssid->key_mgmt = WPA_KEY_MGMT_NONE;
|
|
||||||
ssid->proto = 0;
|
|
||||||
break;
|
|
||||||
case WPS_AUTH_WPAPSK:
|
case WPS_AUTH_WPAPSK:
|
||||||
ssid->auth_alg = WPA_AUTH_ALG_OPEN;
|
ssid->auth_alg = WPA_AUTH_ALG_OPEN;
|
||||||
ssid->key_mgmt = WPA_KEY_MGMT_PSK;
|
ssid->key_mgmt = WPA_KEY_MGMT_PSK;
|
||||||
@ -1920,8 +1881,10 @@ int wpas_wps_er_config(struct wpa_supplicant *wpa_s, const char *uuid,
|
|||||||
|
|
||||||
if (os_strcmp(settings->encr, "NONE") == 0)
|
if (os_strcmp(settings->encr, "NONE") == 0)
|
||||||
cred.encr_type = WPS_ENCR_NONE;
|
cred.encr_type = WPS_ENCR_NONE;
|
||||||
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
else if (os_strcmp(settings->encr, "WEP") == 0)
|
else if (os_strcmp(settings->encr, "WEP") == 0)
|
||||||
cred.encr_type = WPS_ENCR_WEP;
|
cred.encr_type = WPS_ENCR_WEP;
|
||||||
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
else if (os_strcmp(settings->encr, "TKIP") == 0)
|
else if (os_strcmp(settings->encr, "TKIP") == 0)
|
||||||
cred.encr_type = WPS_ENCR_TKIP;
|
cred.encr_type = WPS_ENCR_TKIP;
|
||||||
else if (os_strcmp(settings->encr, "CCMP") == 0)
|
else if (os_strcmp(settings->encr, "CCMP") == 0)
|
||||||
|
Loading…
Reference in New Issue
Block a user