Commit Graph

591 Commits

Author SHA1 Message Date
Jouni Malinen
9d388d5007 Further crypto makefile unification 2009-10-11 20:31:15 +03:00
Jouni Malinen
0dba0175c5 Fix crypto config for minimal builds 2009-10-11 20:19:12 +03:00
Jouni Malinen
000bbd77c9 Cleaned up and unified some of the crypto Makefile code 2009-10-11 19:42:04 +03:00
Jouni Malinen
f042122a57 Allow the internal DH implementation to be overridden
Crypto library wrappers can now override the internal DH (group 5)
implementation. As a starting point, this is done with OpenSSL. The
new mechanism is currently available only for WPS (i.e., IKEv2 still
depends on the internal DH implementation).
2009-10-11 19:17:22 +03:00
Jouni Malinen
dd01b1ff9d Include only the used DH groups in the build
This reduces the binary size by 3 kB or so when WPS is included in
the build, but IKEv2 is not.
2009-10-11 15:24:40 +03:00
Blaž Bačnik
1066c1ee3c Fix VLAN ID validation check to use the new VLAN ID
When checking the validity of VLAN ID based on RADIUS-based ACL or
accept_mac_file, the assigned vlan_id, not the old sta->vlan_id
(likely zero) needs to be used.
2009-09-30 20:44:04 +03:00
Jouni Malinen
4f760fcc7c Fix hostapd wpa_msg() calls ctx for wpa_supplicant AP mode
Need to use wpa_s pointer, not hapd pointer, for these calls.
2009-09-29 21:25:14 +03:00
Jouni Malinen
c140a22858 Remove the STA entry on reassociation to clear STA PS state
hostapd needs to remove the old STA entry if it exists when processing
reassociation back to the same AP. This removes the potentially PS
buffered frames and allows association parameters to be updated with
mac80211.
2009-09-26 21:30:43 +03:00
Jouni Malinen
abad3ccb1e Convert WPS IE concat routine to a generic helper
This may also be needed in wpa_supplicant and potentially for other
IE types, too.
2009-09-11 16:36:59 +03:00
Jouni Malinen
ded30a6b41 Move STA list ctrl_iface handlers to a separate file
This makes it easier to share the hostapd station table query
functionality with wpa_supplicant AP mode operations.
2009-09-08 12:56:07 +03:00
Jouni Malinen
2678509dec WPS: Store device info and make it available through AP ctrl_iface
Store a copy of device attributes during WPS protocol run and make it
available for external programs via the control interface STA MIB
command for associated stations. This gives access to device name and
type which can be useful when showing user information about associated
stations.
2009-09-07 22:09:13 +03:00
Jouni Malinen
e6965d4e5d Fix WPA reconfiguration to update GTK
The group key state machine needs to be re-initialized with possible
updated GTK length when restarting WPA (e.g., when WPS was used to
reconfigure the AP).
2009-09-06 13:55:01 +03:00
Jouni Malinen
7cba52d852 Use OpenSSL for RC4 instead of internal implementation 2009-08-16 22:26:13 +03:00
Jouni Malinen
ac73690c06 Move RC4 into crypto.h as a replaceable crypto function
This allows crypto library wrappers to override the internal RC4
implementation in the same way as can already be done for other crypto
algorithms.
2009-08-16 20:13:14 +03:00
Jouni Malinen
8ef1683115 Remove rc4() wrapper
This is not really of that much use since rc4_skip() can be used as
easily. In addition, rc4 has caused some symbol conflicts in the past,
so it is easier to live without that as an exported symbol.
2009-08-16 19:57:50 +03:00
Jouni Malinen
c5f6ad5766 Verify CHAP/MSCHAPv2 return code
Check the return code in some (but not yet all) places where the
functions from ms_funcs.c are used.
2009-08-16 19:07:57 +03:00
Jouni Malinen
ce78b289c4 Fix OpenSSL build (internal SHA256 not used anymore) 2009-08-16 19:05:29 +03:00
Bjarke Istrup Pedersen
466940c55e Use LDFLAGS in all linker commands
When building hostapd and wpa_supplicant, the build system does not
respect the LDFLAGS selected in the environment in some cases. [Bug 311]
2009-08-16 09:47:56 +03:00
Jouni Malinen
cedf947308 Figure out absolute path for the pid file before daemonizing
This allows relative path to be used in the same way as was already
supported by wpa_supplicant.
2009-08-15 20:09:24 +03:00
Jouni Malinen
ba30964b60 Force rebuilding of src/drivers between hostapd and wpa_supplicant
This is a (hopefully) temporary workaround to allow the same source code
tree to be used for building hostapd and wpa_supplicant without having
to manually force recompilation of some files. Currently, some of the
driver wrapper files need to be built separately for hostapd and
wpa_supplicant (#ifdef's in the files based on AP functionality).

This is somewhat racy as far as parallel make execution is concerned,
i.e., it may be necessary to run "make -j#" twice (plain "make" works
fine. Since this is supposed to be a temporary workaround, there is not
much point in trying to fix this with any more complex make processing.
2009-08-14 20:40:37 +03:00
Johannes Berg
fe6bdb777e Replace NEED_MLME with NEED_AP_MLME
This makes it clearer that it's about the AP, not client-side MLME, even
when built into the client (wpa_supplicant).
2009-08-14 20:01:41 +03:00
Johannes Berg
e7cd16cac5 Create a common drivers makefile snippet
Instead of having all driver stuff collected across wpa_supplicant
and hostapd, create a common snippet that they both include and
that handles the build configuration.
2009-08-14 19:53:27 +03:00
Jouni Malinen
061971b5f8 Fix hlr_auc_gw build after crypto build cleanup 2009-08-13 11:50:52 +03:00
Johannes Berg
4c9e03e0b2 Crypto build cleanup: remove CONFIG_NO_AES_*
Instead of using a defines and conditional building of AES parts,
move the conditional functionality into separate files.
2009-08-13 11:40:28 +03:00
Johannes Berg
27da6d4a0e Crypto build cleanup: remove CONFIG_NO_AES_ENCRYPT
Instead of using a define and conditional building of AES parts,
move the AES encryption routines into a separate file.
2009-08-13 11:21:32 +03:00
Johannes Berg
381fcbc9f4 Crypto build cleanup: remove CONFIG_NO_AES_DECRYPT
Instead of using a define and conditional building of AES parts,
move the AES decryption routines into a separate file.
2009-08-13 11:16:21 +03:00
Johannes Berg
18abe7acb0 Crypto build cleanup: remove CONFIG_NO_PBKDF2
Instead of using a define and conditional building of sha1.c parts,
move the PBKDF2 implementation into a separate file.
2009-08-11 20:31:39 +03:00
Johannes Berg
d9feab18fc Crypto build cleanup: remove CONFIG_NO_TLS_PRF
Instead of using a define and conditional building of sha1.c parts,
move the TLS PRF implementation into a separate file.
2009-08-11 20:24:06 +03:00
Johannes Berg
6f693b5d0b Crypto build cleanup: remove CONFIG_NO_T_PRF
Instead of using a define and conditional building of sha1.c parts,
move the T-PRF implementation into a separate file.
2009-08-11 20:19:37 +03:00
Johannes Berg
05edfe2994 Crypto build cleanup: remove NEED_FIPS186_2_PRF
Instead of using a define and conditional building of crypto wrapper
parts, move the FIPS 186-2 PRF implementation into separate files.
2009-08-11 20:06:23 +03:00
Johannes Berg
ad01a5315e Crypto build cleanup: remove INTERNAL_MD5
Instead of using a define and conditional building of md5.c parts,
move the internal-MD5 into a separate file.
2009-07-28 21:36:13 +03:00
Johannes Berg
bd4e28950d Crypto build cleanup: remove INTERNAL_MD4
In addition, rename md4.c to md4-internal.c to match in style with
SHA-1 conditionally built internal implementation.
2009-07-28 21:27:02 +03:00
Johannes Berg
598a792d8c Crypto build cleanup: remove INTERNAL_SHA256
Instead of using a define and conditional building of sha256.c parts,
move the internal-SHA256 into a separate file.
2009-07-28 21:20:04 +03:00
Johannes Berg
246157cba6 Crypto build cleanup: remove INTERNAL_AES
In addition, rename aes.c to aes-internal.c to match in style with
SHA-1 conditionally built internal implementation.
2009-07-28 21:09:57 +03:00
Johannes Berg
657f038102 Crypto build cleanup: remove INTERNAL_DES
In addition, rename des.c to des-internal.c to match in style with
SHA-1 conditionally built internal implementation.
2009-07-28 21:00:44 +03:00
Johannes Berg
928a50a355 Crypto build cleanup: remove INTERNAL_SHA1
Instead of using a define and conditional building of sha1.c parts,
move the internal-SHA-1 into a separate file.
2009-07-28 20:47:04 +03:00
Johannes Berg
b2840aafaf make the build process quieter to see warnings 2009-07-28 14:37:40 +03:00
Jouni Malinen
fa16028d0f Add generic infrastructure for Probe Request callbacks
Instead of calling specific Probe Request handler functions, use a
generic mechanism that allows multiple callback functions to be
registered for getting notification on receive Probe Request frames.
2009-06-12 18:13:40 +03:00
Jouni Malinen
3fed6f2504 Replace hostapd_wps_probe_req_rx() with more generic ProbeReq notifier
The driver wrappers should not need to include wps_hostapd.h, so let's
make this easier by introducing a driver callback for reporting Probe
Request frames.
2009-06-12 17:31:43 +03:00
Jouni Malinen
36c88ec814 hostapd: EAP-AKA' needs SHA256 2009-05-29 22:35:08 +03:00
Jouni Malinen
8077a80042 Fix STA flag setting for auto-authorization if 802.1X/WPA is not used
The authorized flag needs to be added to the set_flags mask to fix
the flags_or/_and values that are now used with the new nl80211
attribute.
2009-05-28 17:37:47 +03:00
Jouni Malinen
f8e96eb6fd hostapd: Require EAPOL-Key type to match with selected protocol
Previously, we would have allowed both the WPA and RSN EAPOL-Key
types to be used regardless of whether the association is using
WPA or RSN/WPA2. This shouldn't result in any significant problems
on the Authenticator side, but anyway, we should check the type and
ignore the EAPOL-Key frames that used unexpected type.
2009-05-27 09:52:24 +03:00
Jouni Malinen
077a781f7a WPS: Add support for setting timeout for PIN
hostapd_cli wps_pin command can now have an optional timeout
parameter that sets the PIN lifetime in seconds. This can be used
to reduce the likelihood of someone else using the PIN should an
active PIN be left in the Registrar.
2009-05-26 17:44:44 +03:00
Jouni Malinen
b63303b864 hostapd: Fix internal crypto build without TLS 2009-05-26 17:09:04 +03:00
Jouni Malinen
9f64b827c3 hostapd: Fix non-802.11w build 2009-05-26 17:08:43 +03:00
Jouni Malinen
eddd8010e6 Fix WMM and MFP STA flag setting with flags_or/flags_and
These were included correctly in total_flags, but not in
flags_or/flags_and.
2009-05-11 13:49:57 +03:00
Jouni Malinen
c4e281fd91 Drop unprotected Robust Action frames from MFP STAs
These frames are delivered through mac80211 monitor interface, so we
need to filter them out in hostapd.
2009-05-08 12:51:28 +03:00
Jouni Malinen
92305c5d9a Add more debugging details for SA Query processing 2009-05-06 19:04:01 +03:00
Jouni Malinen
24c9fcebfb Reject hostapd configuration without channel for nl80211 drivers
We could use auto-channel selection here eventually, but for now,
reject the configuration since it is not going to work correctly
(Beacon and Probe Response frames use incorrect value  in DS Params).
2009-05-06 16:07:43 +03:00
Jouni Malinen
617d155547 Add code to re-use an existing ctrl_iface socket file
Port the code from wpa_supplicant to re-use an existing ctrl_iface
socket file if the file does not seem to be in use. This allows
hostapd to recover from unclean shutdown of the control interface.
2009-05-06 11:31:45 +03:00
Jouni Malinen
1fb1a6f0bf Remove unused set_broadcast_ssid() driver op
None of the driver wrappers user this. hostapd-controlled broadcast SSID
hiding can only be used with drivers that use hostapd for handling
Beacon and Probe Request/Response frames.
2009-04-22 16:15:24 +03:00
Jouni Malinen
9351257cfb Remove the unused set_ieee80211d driver op
None of the driver wrappers use this. Only the drivers that use hostapd
for Beacon and Probe Request/Response handling can now use IEEE 802.11d
properly.
2009-04-22 16:11:22 +03:00
Jouni Malinen
f55802e8bf Move default_wep_key variable into EAPOL authenticator data
With this change, eapol_sm.c does not need to dereference main hostapd
structures anymore (i.e., hostapd.h is not needed to be included).
2009-04-22 15:27:51 +03:00
Jouni Malinen
30985b8600 Remove unused set_retry() driver op 2009-04-21 18:01:43 +03:00
Jouni Malinen
61693eaa80 hostapd: Remove unused passive scan functionality
This was not really supported by any of the included driver wrappers. If
this functionality is desired in the future, this (or something similar)
can be added with the changes needed into a driver wrapper to use the
mechanism.
2009-04-17 15:47:37 +03:00
Jouni Malinen
4b9841d34c Move more multi-BSSID processing into drv_callbacks.c
This simplifies driver wrapper operations and removes last direct
struct hostapd_data dereferences from driver_nl80211.c. In addition,
some of the TX callbacks are now fixed for secondary BSSes.
2009-04-17 13:29:29 +03:00
Jouni Malinen
412036f5f0 Provide own_addr buffer in hapd_init() parameters
This reduces number of places in driver wrapper that would need to
dereference struct hostapd_data pointer directly.
2009-04-17 11:55:51 +03:00
Jouni Malinen
731723a5bd Add own_addr as a parameter to sta_deauth() and sta_disassoc()
This fixes deauth/disassoc frames in secondary BSSes when using
multi-BSSID. In addition, it reduces need to dereference
struct hostapd_data inside driver wrappers.
2009-04-17 11:37:22 +03:00
Jouni Malinen
ad1e68e6b5 Clean up HT40 scan and share nl80211 scanning code
Instead of adding a new driver_ops for fetching neighbor BSS data (that
nl80211 driver interface had to scan during initialization), share the
same scan operations that wpa_supplicant is using. This gets rid of
duplicated scan code in driver_nl80211.c (and better yet, removes large
part of old WEXT code).

hostapd interface initialization is now completed in a callback, if
needed, i.e., he_features channel/hw_mode selection can use as much time
as needed. This can also help with radar detection in the future.
2009-04-16 16:22:40 +03:00
Jouni Malinen
b4fd6fab5b Share driver beacon configuration handlers 2009-04-09 23:44:39 +03:00
Jouni Malinen
92f475b4d8 Merge hostapd driver init functions into one
Use a parameter structure to pass in information that can be more easily
extended in the future. Include some of the parameters that were
previously read directly from hapd->conf in order to reduce need for
including hostapd/config.h into driver wrappers.
2009-04-09 23:28:21 +03:00
Jouni Malinen
e785c2ba3b Share same set_country driver op for hostapd and wpa_supplicant 2009-04-09 20:01:25 +03:00
Jouni Malinen
9f324b61ba Share management frame send driver op for hostapd and wpa_supplicant
The same implementation can be shared in most cases, so better share the
same driver_ops handler function.
2009-04-09 19:57:20 +03:00
Jouni Malinen
8342130269 Remove flags parameter from send_mgmt_frame() driver op
This was not documented properly and was not really used nor would it be
suitable to be used in generic way as it was implemented. It is better
to just remove the parameter since there does not seem to be any
reasonable use for it.
2009-04-09 19:42:19 +03:00
Jouni Malinen
c3965310e6 Use common get_hw_feature_data for hostapd and wpa_supplicant
This merges the driver wrapper implementations to use the same
implementation both for hostapd and wpa_supplicant operations to avoid
code duplication.
2009-04-09 14:11:39 +03:00
Jouni Malinen
c51218372f Merge wpa_supplicant and hostapd driver wrapper implementations
This commit merges the driver_ops structures and implementations from
hostapd/driver*.[ch] into src/drivers. This is only an initial step and
there is room for number of cleanups to share code between the hostapd
and wpa_supplicant parts of the wrappers to avoid unnecessary source
code duplication.
2009-04-09 13:40:12 +03:00
Jouni Malinen
acae30ed7b nl80211: Add bridge interfaces from secondary BSSes to ifidx list
This fixes EAPOL RX for secondary BSSes that are in a bridge that does
not match with the bridge used for the primary BSS.
2009-04-03 21:17:23 +03:00
Jouni Malinen
f82ef4d8db nl80211: Fix EAPOL frame RX for secondary BSSes
Need to figure out which BSS should process the frame based on the
source address (STA/Supplicant MAC address).
2009-04-03 21:04:25 +03:00
Jouni Malinen
6143f11705 nl80211: Remove dead code
The EAPOL packet socket is not bound to a specific ifindex, so no need
to setup the address for a bind() call that is not here anyway.
2009-04-03 20:55:19 +03:00
Jouni Malinen
c043aadc40 nl80211: Remove unuset set_privacy() and set_internal_bridge() 2009-04-03 20:44:03 +03:00
Jouni Malinen
515cf93f8c Mark STA authorized if IEEE 802.1X and WPA is not used
This fixes multi-BSS configuration with driver_nl80211.c to mark STAs
that use secondary BSSes with open/static WEP without having to make
driver_nl80211.c track 802.1X configuration for each BSS.
2009-04-03 20:40:07 +03:00
Jouni Malinen
c213cc0433 Fix some multi-BSSID configuration operations
Static WEP keys were configured only for the first BSS. In addition,
STAs were flushed only for the first BSS. These operations should be in
hostapd_setup_bss(), not setup_interface().

Remove extra call to ieee802_11_set_beacon() for the first BSS. This
should only be done from hostapd_setup_bss(), i.e., once for each BSS.
2009-04-03 20:14:39 +03:00
Jouni Malinen
6caf9ca68c Share same hw_feature definitions between hostapd and wpa_supplicant 2009-04-03 19:04:20 +03:00
Jouni Malinen
6de726abb5 Remove unused driver_ops
get_rts, get_frag, get_retry, and set_key_tx_rx_threshold were not used
anywhere, so get rid of them.
2009-04-03 11:59:08 +03:00
Jouni Malinen
a9a2cb5abb Merge wireless_event_{,de}init() into {,de}init() driver op 2009-04-03 11:51:40 +03:00
Jouni Malinen
0915d02c3c wpa_supplicant AP: Add management frame RX for nl80211 2009-04-02 21:59:14 +03:00
Jouni Malinen
f1f54cb8b1 Fix RSN parameter setting for multi-BSS case
rsn_pairwise and wpa_group were set properly only for the last BSS, but
they do need to be set for all BSSes.
2009-04-02 19:54:13 +03:00
Jouni Malinen
74f2ad326f Merge set_dtim_period() into set_beacon()
No need for a separate driver_ops handler for setting DTIM period since
this is always set at the same time with the Beacon data. Beacon
interval is still set separately since it is consider per-radio
parameter (Beacon data and DTIM period are per-BSS parameters).
2009-04-02 16:05:21 +03:00
Jouni Malinen
c0a6190815 Fix SHA-256-based KDF when using CCMP as the pairwise cipher
IEEE 802.11r KDF uses key length in the derivation and as such, the PTK
length must be specified correctly. The previous version was deriving
using 512-bit PTK regardless of the negotiated cipher suite; this works
for TKIP, but not for CCMP. Update the code to use proper PTK length
based on the pairwise cipher.

This fixed PTK derivation for both IEEE 802.11r and IEEE 802.11w (when
using AKMP that specifies SHA-256-based key derivation). The fixed
version does not interoperate with the previous versions. [Bug 307]
2009-04-01 12:04:36 +03:00
Jouni Malinen
6ce4b59342 WPS: Fix hostapd runtime WPS configuration after Enrollee run
If the AP is configured with WPS, we need to update the local WPS data
in order to provide correct credentials for Enrollees.
2009-03-30 18:48:41 +03:00
Jouni Malinen
9c6d8e1db5 Make channel number available to set_freq()
Since we have the channel number, we could as well pass it to the driver
wrapper should there be drivers that use channel number instead of
frequency.
2009-03-30 17:55:37 +03:00
Jouni Malinen
0f2b2c1973 Add needed AP driver wrappers (most of which are still to-do) 2009-03-27 17:13:54 +02:00
Jouni Malinen
c813b69546 Update driver SSID and 802.1X/WPA parameters on configuration reload
This is needed for WPS AP reconfiguration with driver wrappers that do
not use hostapd MLME.
2009-03-27 16:10:14 +02:00
Masashi Honma
871bb568d2 Fix: Loop in driver selection routine
Increment an index variable not 'i' but 'j'.

(this was broken yesterday by a cleanup change
3067ac2bb8)
2009-03-27 10:49:47 +02:00
Jouni Malinen
89111f3bbc Rename struct wpa_driver_ops to hapd_driver_ops
This avoids conflicts with the wpa_supplicant structure with the same
name.
2009-03-26 20:35:49 +02:00
Jouni Malinen
b6a7859d15 Move hostapd_init() into main.c 2009-03-26 19:23:41 +02:00
Jouni Malinen
3067ac2bb8 Get rid of couple of shadowed variable warnings 2009-03-26 19:23:02 +02:00
Jouni Malinen
21db94c5dc Remove shadowed variable 2009-03-26 19:09:25 +02:00
Jouni Malinen
5c333467b3 Move main() and configuration file related functions into main.c
This makes it easier to share hostapd.c with wpa_supplicant
2009-03-26 19:06:02 +02:00
Jouni Malinen
c746331b52 Allow hostapd/config.h and wpa_supplicant/config_ssid.h coexist
Move the shared IEEE 802.11w enum definition into src/common/defs.h to
avoid redefinition when both configuration structures are included into
the same file.
2009-03-26 16:06:15 +02:00
Jouni Malinen
89d39d9d6c Move hostapd driver_ops to use similar set_key with wpa_supplicant 2009-03-25 17:49:22 +02:00
Jouni Malinen
fb86519d12 Replace deprecated add_sta() with add_sta2() 2009-03-25 16:55:09 +02:00
Jouni Malinen
909a6ef00c Remove deprecated version of set_freq() and rename the new version 2009-03-25 16:48:22 +02:00
Jouni Malinen
4f86ca6870 Remove unused set_assoc_ap() wpa_driver_ops
The need for this was removed with the experimental
hostapd-as-a-client-STA functionality.
2009-03-25 16:45:57 +02:00
Jouni Malinen
089757c6a9 Fix wpa_supplicant AP build after hostapd header file cleanup 2009-03-25 16:35:26 +02:00
Jouni Malinen
b1c0e29733 Include config.h explicitly into files that actually use it
hostapd.h does not need to include config.h.
2009-03-25 16:29:00 +02:00
Jouni Malinen
97234b5073 Move STA entry structure into sta_info.h and remove ap.h
This cleans up some of the hostapd include file usage and only includes
the needed STA flags into driver wrappers.
2009-03-25 16:13:35 +02:00
Jouni Malinen
2991469cd1 Replace sta_aid array with bitfield
The actual pointer to struct sta_info was not really used and it is
enough to use a single bit to indicate whether an AID is allocated. This
makes the BSS data take less memory while making the allocation routine
faster and removing the arbitrary MAX_AID_TABLE_SIZE limit of 128 STAs.
2009-03-25 15:54:25 +02:00
Jouni Malinen
d42a62b36c Move AID derivation into a separate function 2009-03-25 15:35:00 +02:00
Jouni Malinen
1e5839e06f Rename EAP server defines from EAP_* to EAP_SERVER_*
This allows separate set of EAP server and peer methods to be built into
a single binary.
2009-03-25 12:06:19 +02:00
Jouni Malinen
17449e213f Remove local variable shadowing to avoid a warning 2009-03-25 11:36:09 +02:00
Jouni Malinen
5ce2a4649d driver_madwifi: Fix build with old driver versions
Do not reference ie.rsn_ie in wpa_hexdump outside #ifdef MADWIFI_NG.
[Bug 302]
2009-03-22 15:54:26 +02:00
Jouni Malinen
75864b7f63 Fix UNIX domain socket address handling to be more portable
Remove all fields before sun_path before printing or comparing sun_path
contents. Using offsetof should be portable. In addition, set sun_len
for FreeBSD.
2009-03-21 22:07:14 +02:00
Jouni Malinen
7d737d6bf9 Fix FreeBSD build by not adding -ldl
Unlike Linux, FreeBSD does not use libdl.
2009-03-21 20:59:07 +02:00
Jouni Malinen
4df91b3f3f Fix driver_bsd.c build for FreeBSD 2009-03-21 20:58:27 +02:00
Jouni Malinen
8104763131 Fix CONFIG_DRIVER_RADIUS_ACL=y build 2009-03-21 20:56:39 +02:00
Jouni Malinen
4cb0dcd92d Fix IEEE 802.11r key derivation function to match with the standard
IEEE Std 802.11r-2008, 8.5.1.5.2 starts the 'i' counter from 1, not 0.
Note: this breaks interoperability with previous versions. [Bug 303]
2009-03-19 15:46:00 +02:00
Jouni Malinen
c5aaa01562 Detach ctrl_iface monitor if the client socket is removed
No need to wait for 10 errors when using UNIX domain socket; we can
detach the client immediately on ENOENT.
2009-03-17 16:56:30 +02:00
Kel Modderman
bffc384cbf hostapd: Fix some manual page formatting
lintian (Debian package lint tool) found some small deficiencies in
hostapd.8 and hostapd_cli.1.
2009-03-13 20:49:01 +02:00
Jouni Malinen
51853c899b Fix TNC with EAP-TTLS
This was broken by 510c02d4a3 which added
validation of eap_ttls_phase2_eap_init() return value. The main problem
in the code trying to initialize a new phase 2 EAP method
unconditionally; this should only happen if there is a new method in the
inner method sequence.
2009-03-13 18:20:59 +02:00
Jouni Malinen
90ac1f9fc9 Allow more complex BSSID masks to be used for multi-BSSID
If every secondary BSS is configured with a pre-set BSSID, hostapd does
not enforce the BSSID mask requirements anymore, i.e., they are used
only if hostapd is responsible for generating MAC addresses for virtual
interfaces.
2009-03-12 22:01:26 +02:00
Jouni Malinen
eb1f7446b5 Move DTIM period configuration into Beacon set operation
This is needed to make mac80211 work with multi-BSS configuration. The
previous design ended up setting DTIM period for secondary BSSes before
setting the Beacon and driver_nl80211.c was not really prepared for
that. Eventually, the Beacon configuration routines should be combined
into a single driver operation, but for now, just moving this call is
the simplest workaround.
2009-03-12 21:57:08 +02:00
Jouni Malinen
816bce98e1 nl80211: Add per-BSS data structure and enable BSS add/remove
This allows mac80211 to be used for multi-BSSID operations.
2009-03-12 21:55:42 +02:00
Jouni Malinen
f238cf9f42 FT: Add RIC Request processing and RIC Response generation
hostapd will now go through the RIC Request and process each RDIE. Only
WMM TSPEC requests are currently supported; all other request
descriptors will be declined.

RIC Response is written by hostapd and verified by wpa_supplicant (MIC
validation). wpa_supplicant does not yet have code to notify the driver
about the resource request results.
2009-03-09 22:25:58 +02:00
Jouni Malinen
babfbf15cc FT: Add RIC Request generation and validation (but not processing)
This adds first part of FT resource request as part of Reassocition
Request frame (i.e., FT Protocol, not FT Resource Request Protocol).
wpa_supplicant can generate a test resource request when driver_test.c
is used with internal MLME code and hostapd can verify the FTIE MIC
properly with the included RIC Request.

The actual RIC Request IEs are not processed yet and hostapd does not
yet reply with RIC Response (nor would wpa_supplicant be able to
validate the FTIE MIC for a frame with RIC Response).
2009-03-09 20:45:17 +02:00
Jouni Malinen
143a4bf632 WPS: Add a workaround for static WEP with Windows network probe
Windows XP and Vista clients can get confused about EAP-Identity/Request
when they probe the network with EAPOL-Start. In such a case, they may
assume the network is using IEEE 802.1X and prompt user for a
certificate while the correct (non-WPS) behavior would be to ask for the
static WEP key. As a workaround, use Microsoft Provisioning IE to
advertise that legacy 802.1X is not supported.

This seems to make Windows ask for a static WEP key when adding a new
network, but at least Windows XP SP3 was still marking IEEE 802.1X
enabled for the network. Anyway, this is better than just leaving the
network configured with IEEE 802.1X and automatic WEP key distribution.
2009-03-08 19:36:02 +02:00
Jouni Malinen
ed843aaa33 WMM-AC: Fix hostapd processing of ADDTS Request and add test code
Calculate the estimated medium time using integer variables since there
is no real need to use floating point arithmetics here. In addition,
make sure there is no division by zero regardless of how invalid the
request from the station is. Reject invalid parameters and refuse
requests that would take most of the bandwidth by themselves.

Add test code into wpa_supplicant mlme.c to allow WMM-AC negotiation to
be tested with driver_test.
2009-03-06 20:15:00 +02:00
Jouni Malinen
9cf548c082 Allow PN531_PATH to be overriden from .config 2009-03-06 16:25:48 +02:00
Masashi Honma
e1ee6b600b WPS: Add support for NFC out-of-band mechanism
The new file wps_nfc.c and ndef.c implements NFC device independent
operation, wps_nfc_pn531.c implements NFC device dependent operation.

This patch is only for the following use case:
- Enrollee = wpa_supplicant
- Registrar = hostapd internal Registrar

Following NFC methods can be used:
- Enrollee PIN with NFC
- Registrar PIN with NFC
- unencrypted credential with NFC

Encrypted credentials are not supported.

Enrollee side operation:

Registrar side operation:

Example configuration.
CONFIG_WPS=y
CONFIG_WPS_NFC=y
CONFIG_WPS_NFC_PN531=y

I used NFC device "NXP PN531". The NFC device access method is
confidential, so I used outer library. Please download below files from
https://www.saice-wpsnfc.bz/index.php

[WPS NFC Library]
WpsNfcLibrary/WpsNfc.h
WpsNfcLibrary/WpsNfcType.h
WpsNfcLibrary/WpsNfcVersion.h
WpsNfcLibrary/linux/libnfc_mapping_pn53x.dll
WpsNfcLibrary/linux/wpsnfc.dll

[NFC Reader/Writer Kernel Driver]
NFCKernelDriver-1.0.3/linux/kobj/sonyrw.ko

<WiFi test>
The hostapd/wpa_supplicant with this patch passed below tests on
"Wi-Fi WPS Test Plan Version 1.6".
4.2.5 Add device using NFC Method with password token
(I used SONY STA instead of NXP STA.)

4.2.6 Add device using NFC Method with configuration token

5.1.9 Add to AP using NFC Method with password token
through internal registrar
(I used SONY AP instead of NXP AP.)

5.1.10 Add to AP using NFC Method with configuration token
through internal registrar
2009-03-06 16:16:22 +02:00
Jouni Malinen
d85825e355 Fix UP-to-AC mapping for prio 3 (EE) to be AC_BE, not AC_VI 2009-03-05 16:37:13 +02:00
Jouni Malinen
37d8922e58 Fix non-HT STA addition
35463eaed3 broke non-HT STA add by trying
to se random HT capabilities to mac80211. Fix that by using NULL ht_cap
for non-HT case.
2009-03-05 11:25:32 +02:00
Jouni Malinen
f72750896c nl80211: Add verbose result debugging for NL80211_CMD_NEW_STATION 2009-03-05 11:24:48 +02:00
Jouni Malinen
b175bff0ce No need for including endian.h anymore 2009-03-04 16:29:36 +02:00
Jouni Malinen
317c33ebfb No need to check WMM IE OUI or type here
IE parser has already taken care of this. In addition, show QoS info
field in debug output.
2009-03-04 16:28:47 +02:00
Jouni Malinen
979be3fecf Use bit mask/shift and helper functions instead of C bit fields 2009-03-04 16:23:44 +02:00
Jouni Malinen
3ae0800c5f WMM cleanup (WME -> WMM rename, comments, etc.)
This updates the terminogy to match with the final WMM specification. In
addition, some of the WMM TSPEC structure fields were in incorrect order
and used without byte order swapping. Those are also taken care of this
cleanup patch.
2009-03-04 12:33:24 +02:00
Jouni Malinen
1c6965f7db Remove unused tsinfo() 2009-03-04 11:32:51 +02:00
vasanth
35463eaed3 Pass negotiated ht capability information after the association
This patch replaces the station's ht capability information with the
negotiated one in NL80211_CMD_NEW_STATION. This negotiated ht
capability will be needed for rate control initialization in the
driver.

Signed-off-by: vasanth <vasanth@atheros.com>
2009-03-02 19:17:35 +02:00
Jouni Malinen
1fd4b0db7c Fix EAPOL/EAP reauthentication with external RADIUS server
The EAP server state machine will need to have special code in
getDecision() to avoid starting passthrough operations before having
completed Identity round in the beginning of reauthentication. This was
broken when moving into using the full authenticator state machine from
RFC 4137 in 0.6.x.
2009-03-02 19:06:23 +02:00
Jouni Malinen
24466b188a WPS: Convert WEP key to hex
Use of hex is safer since the enrollee may configure AP with 5 or 13
random octets of binary data as the key.
2009-02-27 17:08:17 +02:00
Jouni Malinen
f4c617ee4c WPS UFD: Add entry to ChangeLog 2009-02-26 22:10:50 +02:00
Jouni Malinen
116f7bb0a3 WPS UFD: Build OOB functionality only if UFD is enabled 2009-02-26 22:10:21 +02:00
Jouni Malinen
d5e2b2d274 WPS UFD: Use pre-configured DH keys only with OOB
The old behavior of generating new DH keys can be maintained for non-OOB
cases and only OOB (in this case, with UFD) will use the pre-configured
DH keys to allow the public key hash to be checked.
2009-02-26 22:09:35 +02:00
Jouni Malinen
7cbf51bbd8 WPS UFD: Remove oob_dev pointer from wps_context
This pointer and the especially the oob_dev->device_path does not remain
valid, so better not save it any longer than it is needed.
2009-02-26 22:07:55 +02:00
Jouni Malinen
390cd3105d WPS UFD: Make build conditional on CONFIG_WPS_UFD=y
Not all embedded devices have USB interface and it is useful to be able
to remove unneeded functionality from the binary. In addition, the
current implementation has some UNIX specific calls in it which may make
it not compile cleanly on all target systems.
2009-02-26 22:01:36 +02:00
Masashi Honma
46bdb83acd WPS: Add UFD support (USBA out-of-band mechanism)
This patch is only for the following use case:
- Enrollee = wpa_supplicant
- Registrar = hostapd internal Registrar

Following UFD methods can be used:
- Enrollee PIN with UFD
- Registrar PIN with UFD
- unencrypted credential with UFD

Encrypted credentials are not supported.

Enrollee side operation:
wpa_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

wpa_cli -i ath0 wps_oob ufd /mnt/ pin-r

Registrar side operation:
./hostapd_cli -i ath0 wps_oob <device type> <mount point> <oob method>
    oob method = pin-e/pin-r/cred

hostapd_cli -i ath0 wps_oob ufd /mnt/ cred
2009-02-26 21:57:38 +02:00
Jouni Malinen
a9aca28ba3 Fix WPS in non-WPA modes with drivers that implement MLME
Need to set WLAN_STA_WPS and WLAN_STA_MAYBE_WPS flags even if WPA is not
enabled. This allows open and static WEP modes to initiate WPS
negotiation with madwifi-like drivers.
2009-02-23 20:57:07 +02:00
Jouni Malinen
6d7fb6918d Add new driver wrapper for the Atheros driver
This uses similar, but not identical, interface to madwifi. It is easier
to keep this separate to avoid conflicts with potential changes in the
driver interfaces.
2009-02-19 16:27:07 +02:00
Jouni Malinen
d3cba719ff WPS: Use WEP key index 1..4 instead of 0..3 when configuring AP 2009-02-18 20:17:47 +02:00
Sebastien Decugis
ab61c4fc36 Fix hostapd build without NEED_MLME
The following patch fixes a compilation issue when compiling hostapd to
serve as pure RADIUS authentication server.
2009-02-18 19:43:07 +02:00
Jouni Malinen
8807377fe4 nl80211: Add TX/RX packet counts into accounting information 2009-02-18 11:29:45 +02:00
Jouni Malinen
dbdf58b053 driver_nl80211: Fix STA accounting data collection
TX/RX bytes are now reported correctly (typo ended up leaving TX bytes
uninitialized and set RX bytes value to use correct TX bytes). TX/RX
packet counts are not yet available from kernel, so we have to clear the
values to avoid reporting bogus data.
2009-02-16 13:28:42 +02:00
Masashi Honma
34a6c94178 WPS: Fix clearing of WPS IE with madwifi driver
On WPS init/deinit process, the hostapd clears it's own WPS IE
with 0 length WPS IE. But it fails. Because the parameter to
ioctl is too short. Then hostapd prints a below message.

ioctl[IEEE80211_IOCTL_SET_APPIEBUF]: Invalid argument
2009-02-10 11:23:59 +02:00
Jouni Malinen
d0184cb25c UPnP: Renamed PutWLANResponse callback function to match action
No point in adding extra "event_" to the name.
2009-02-06 21:44:19 +02:00
Jouni Malinen
915c1ba3c5 WPS UPnP: Added support for multiple external Registrars
Allow more than one pending PutWLANMessage data to be stored (M2/M2D
from multiple external Registrars) and drop pending M2/M2D messages when
the Enrollee replies with M3.
2009-02-06 21:39:32 +02:00
Jouni Malinen
e1bad1cd7d UPnP: Workaround bogus NewWLANEventMAC in PutWLANResponse
It looks like Intel wsccmd may send a bogus NewWLANEventMAC
(11:22:33:44:55:66) when acting as an wired external Registrar. Work
around this by going through all STAs if the address does not match and
pick the STA that is in an ongoing WPS registration.
2009-02-06 16:39:49 +02:00
Daniel Mierswa
b77eab282a Explicitly link against libdl when including TNC support
If you don't choose OpenSSL as TLS implementation and choose to enable
CONFIG_EAP_TNC you have to link against libdl. The OpenSSL libraries
implicitly link against them, so this might be a reason why it wasn't
noticed yet. I assume the same applies to hostapd.
2009-02-05 19:24:16 +02:00
Jouni Malinen
42f1ee7d1f Fixed scan buffer increasing with WEXT
We can now handle up to 65535 byte result buffer which is the maximum
due to WEXT using 16-bit length field. Previously, this was limited to
32768 bytes in practice even through we tried with 65536 and 131072
buffers which we just truncated into 0 in the 16-bit variable.

This more or less doubles the number of BSSes we can received from scan
results.
2009-02-05 12:00:23 +02:00
Pavel Roskin
e7e9c46e55 Use better examples for MadWifi path in defconfig, clarify comments
MadWifi is unlikely to be in ../head relative to hostapd or
wpa_supplicant, as it would be inside the hostap git repository.
MadWifi sources are more likely to be in a directory called "madwifi"
and residing outside the hostap repository.  Using "madwifi" also
demonstrates that the top-level madwifi directory is needed.
2009-02-04 21:45:14 +02:00
Jouni Malinen
5eb4e3d024 802.11n: scan for overlapping BSSes before starting 20/40 MHz channel
Try to match PRI/SEC channel with neighboring 20/40 MHz BSSes per
IEEE 802.11n/D7.0 11.14.3.2. This is not yet complete implementation,
but at least some parts of the 40 MHz coex are improved.

40 MHz operation maybe rejected (i.e., fall back to using 20 MHz) or
pri/sec channels may be switched if needed.
2009-02-04 21:19:54 +02:00
Jouni Malinen
30fd5f1467 Verify that driver supports configured HT capabilities 2009-02-04 12:49:23 +02:00
Sebastien Decugis
c9c3eafacb Remove unused variable from struct hostapd_config
I think that the "radius" pointer in the structure hostapd_config is
never used; when the configuration is parsed the related data is stored
in hostapd_bss_config's "radius" var.
2009-01-30 21:21:46 +02:00
Jouni Malinen
6f4071c084 Do not use country_code default (was: US)
If country_code is not included in hostapd.conf, refuse to enable IEEE
802.11d and do not try to set the regulatory domain in kernel.
2009-01-30 12:43:19 +02:00
Jouni Malinen
c5e1522f9a Added notes about WPS UPnP support and external Registrars 2009-01-29 19:19:30 +02:00
Jouni Malinen
f620268f13 WPS: Add support for external Registrars using UPnP transport
This adds mostly feature complete external Registrar support with the
main missing part being proper support for multiple external Registrars
working at the same time and processing of concurrent registrations when
using an external Registrar.

This code is based on Sony/Saice implementation
(https://www.saice-wpsnfc.bz/) and the changes made by Ted Merrill
(Atheros) to make it more suitable for hostapd design and embedded
systems. Some of the UPnP code is based on Intel's libupnp. Copyrights
and licensing are explained in src/wps/wps_upnp.c in more detail.
2009-01-29 18:47:02 +02:00
Jouni Malinen
1e14526571 Use Data::Data only with Host AP driver; mac80211 can use Data::Nullfunc
The inactivity poll was originally supposed to use Data::Nullfunc, but
due to Prism2/2.5/3 firmware issues, this was changed to an empty
Data::Data frame. mac80211 does not have such an issue, so change the
inactivity poll frame to be Data::Nullfunc by default and use the
Data::Data workaround only with Host AP driver.
2009-01-27 16:36:27 +02:00
Jouni Malinen
f01a6b1e3e driver_nl80211: Fixed inactivity poll status processing
Previous version was discarding TX status for FromDS data frames, but
those are the exact ones that we need to check for inactivity poll to
work, i.e., they are TX status reports for injected data frames.

In addition, remove the debug printing of TX status for data frame since
that could fill up the debug output if kernel-side filtering cannot be
used with monitor interface.
2009-01-27 16:34:48 +02:00
Johannes Berg
9616af520b driver_nl80211: use Linux socket filter to improve performance
TX status information for all transmitted data frames is not going to
be sent to hostapd anymore, so the CPU load with high traffic load is
going to be significantly reduced.
2009-01-27 12:28:05 +02:00
Jouni Malinen
7ce3304ab3 Do not forget wpa_passphrase so that WPS can use it
Send ASCII passphrase instead of derived PSK if the configuration uses
the passphrase.
2009-01-24 12:51:28 +02:00
Jouni Malinen
3b2cf800af WPS: Lock AP Setup on multiple AP PIN validation failures
If a Registrar tries to configure the AP, but fails to validate the
device password (AP PIN), lock the AP setup after four failures. This
protects the AP PIN against brute force guessing attacks.
2009-01-23 21:57:43 +02:00
Jouni Malinen
4c29cae932 Added ap_settings option for overriding WPS AP Settings in M7
This optional configuration parameter can be used to override AP
Settings attributes in M7 similarly to extra_cred option for Credential
attribute(s) in M8.
2009-01-23 21:08:55 +02:00
Jouni Malinen
6296625308 Free extra_cred when freeing configuration 2009-01-23 20:51:26 +02:00
Jouni Malinen
401e039633 Allow WPS device strings to be unconfigured
Previous version was causing a NULL pointer dereference if a required
string was not set in configuration. It is better to make these
optional.
2009-01-22 21:26:14 +02:00
Jouni Malinen
695e2b48e2 Documented interface for external WPS credential processing 2009-01-21 16:42:11 +02:00
Jouni Malinen
a60e7213e1 Fixed WPS with open and shared WEP networks
Do not initialize EAPOL state machine for the STA when hostapd is
configured to use WPS with open or shared WEP networks. This allows the
STA to use EAPOL-Start to indicate it wants to start WPS in such a case
and hostapd does not end up running through EAPOL authentication timeout
and disconnecting the STA if WPS is not used.

There was already code for starting EAPOL state machines based on
received EAPOL packets, but that was not working properly since
portEnabled was not set to TRUE on that code path. This is now fixed,
too.
2009-01-21 14:18:14 +02:00
Jouni Malinen
aabe26a136 WPS: Added option to disable AP auto-config on first registration
This operation can now be moved into an external program by configuring
hostapd with wps_cred_processing=1 and skip_cred_build=1. A new
ctrl_iface message (WPS-REG-SUCCESS <Enrollee MAC addr> <UUID-E>) will
be used to notify external programs of each successful registration and
that can be used as a tricker to move from unconfigured to configured
state.
2009-01-21 13:48:10 +02:00
Jouni Malinen
d745c7cc1a Added wps_cred_processing configuration option for hostapd
This behaves like the one in wpa_supplicant, i.e., hostapd can be
configured not to process new credentials (AP settings) internally and
instead pass the WPS attributes for an external program to process over
ctrl_iface.
2009-01-21 11:54:12 +02:00
Jouni Malinen
42d16805c9 Enable wpa_msg() for hostapd
Use wpa_msg() like wpa_supplicant in order to avoid having to use direct
hostapd_ctrl_iface_send() calls.
2009-01-21 11:45:56 +02:00
Jouni Malinen
1cc84c1c6b Increased wpa_cli/hostapd_cli ping interval and made it configurable
The default interval is now 5 seconds (used to be 1 second for
interactive mode and 2 seconds for wpa_cli -a). The interval can be
changed with -G<seconds> command line option.
2009-01-20 21:12:00 +02:00
Jouni Malinen
adddffd129 Fixed MFP Association Comeback mechanism to use Timeout Interval IE
The separate Association Comeback Time IE was removed from IEEE 802.11w
and the Timeout Interval IE (from IEEE 802.11r) is used instead. The
editing on this is still somewhat incomplete in IEEE 802.11w/D7.0, but
still, the use of Timeout Interval IE is the expected mechanism.
2009-01-19 18:42:10 +02:00
Jouni Malinen
eca6e0a9a5 WPS: Provide the unparsed Credential attribute to cred_cb()
This makes it easier to pass the credential data to external programs
(e.g., Network Manager) for processing. The actual use of this data is
not yet included in hostapd/wpa_supplicant.
2009-01-17 22:17:12 +02:00
Jouni Malinen
6fa68a0ee5 Added an option to add (or override) Credential attribute(s) in M8 2009-01-16 22:50:41 +02:00
Jouni Malinen
4bb081f1b4 Renamed PMKSA cache functions to avoid duplicate symbols with supplicant
This allows hostapd/pmksa_cache.c and src/rsn_supp/pmksa_cache.c to be
linked into the same program.
2009-01-14 22:01:26 +02:00
Jouni Malinen
13268290b6 Moved rsn_pmkid() into shared code to avoid duplication 2009-01-14 21:31:47 +02:00
Jouni Malinen
010dc06853 Moved RADIUS Class attribute helpers into RADIUS module 2009-01-13 20:01:29 +02:00
Jouni Malinen
61e64e7b7f Removed dead code 2009-01-13 19:15:42 +02:00
Jouni Malinen
c77bb61aee Fixed copy-paste error in retry configuration (incorrect ioctl used) 2009-01-13 19:14:38 +02:00
Jouni Malinen
25ba219f3e Removed unused set_regulatory_domain driver function 2009-01-13 19:12:25 +02:00
Jouni Malinen
f49275c92f Fixed build without CONFIG_IEEE80211N 2009-01-12 22:08:53 +02:00
Jouni Malinen
4cdde5caf7 Fixed a typo in printf -> wpa_printf changes 2009-01-12 22:06:51 +02:00
Jouni Malinen
24bb3d9788 Fixed build with wpa_printf disabled 2009-01-12 22:06:06 +02:00
Jouni Malinen
a9843f614f Removed hw_features.o from build if hostapd MLME is not used 2009-01-12 22:03:58 +02:00
Jouni Malinen
7fd46d466f Added build option for disabling control interface (CONFIG_NO_CTRL_IFACE) 2009-01-12 21:44:57 +02:00
Jouni Malinen
30b32314eb Added build option for removing VLAN support (CONFIG_NO_VLAN) 2009-01-12 21:39:19 +02:00
Jouni Malinen
71f04b3cf9 Fixed CONFIG_NO_HOSTAPD_LOGGER build 2009-01-12 21:21:31 +02:00
Jouni Malinen
27750f29d6 Comment out RADIUS configuration parsing if RADIUS client support is
disabled in the build.
2009-01-12 16:49:39 +02:00
Jouni Malinen
10656fc23a Replaced printf() calls with wpa_printf() 2009-01-12 16:49:04 +02:00
Jouni Malinen
815d2189d9 Remove TLS-PRF from hostapd build if it is not needed 2009-01-12 15:20:12 +02:00
Jouni Malinen
03ba2cb4c6 Added CONFIG_NO_AES_EXTRAS for hostapd
This allows unneeded AES routines to be removed from the build to reduce
binary size.
2009-01-12 15:15:35 +02:00
Jouni Malinen
bc521fac13 Fixed couple of build failures with minimal configuration 2009-01-12 15:08:33 +02:00
Jouni Malinen
3904625396 Silenced some sparse warnings 2009-01-11 10:42:07 +02:00
Jouni Malinen
b7fc385071 Fixed build with 802.11n disabled 2009-01-10 21:36:41 +02:00
Jouni Malinen
5fa30f32da Cleaned up main() by splitting it into number of helper functions 2009-01-09 18:04:57 +02:00
Jouni Malinen
b5b969e9c7 Moved driver callback functions from hostapd.c to a new file 2009-01-09 17:27:03 +02:00
Jouni Malinen
81897f4c88 Moved TKIP countermeasures from hostapd.c to its own file 2009-01-09 17:12:33 +02:00
Jouni Malinen
9302c5e19c Cleanup: move related functions closer to eachother 2009-01-09 17:06:54 +02:00
Jouni Malinen
3313cea0d6 Fixed TKIP countermeasueres for drivers that do not use hostapd MLME
The Michael MIC reporting functions have to be included even when using
driver MLME.
2009-01-09 17:00:29 +02:00
Jouni Malinen
649d8890b1 Add wrapper functions for IEEE 802.11 driver calls into driver.h
These functions allow the driver_*.c wrappers not to include
ieee802_11.h.
2009-01-09 16:55:59 +02:00
Jouni Malinen
b83cbb3b3b Use a wrapper function for ieee802_1x_receive() to avoid ieee802_1x.h
Driver wrappers should not need to include ieee802_1x.h, so use a
wrapper function declared in driver.h.
2009-01-09 16:33:59 +02:00
Jouni Malinen
33eb3c4ec4 Moved disassociation processing away from driver_*.c 2009-01-09 16:27:30 +02:00
Jouni Malinen
940a0ce970 Moved association check from driver_*.c into ieee802_1x_receive() 2009-01-09 16:17:20 +02:00
Jouni Malinen
602996f8db Moved WPA setup etc. association processing away from driver_*.c
This is all details that should not need to be handled in driver_*.c.
2009-01-09 16:13:07 +02:00
Jouni Malinen
214021f585 Move RX-from-unknown-STA processing away from driver_*.c
This cleans up the driver wrapper interface by getting rid of sta_info.h
dependency in all drivers that use MLME implementation in hostapd
(driver_hostap.c and driver_nl80211.c).
2009-01-09 15:44:45 +02:00
Jouni Malinen
8607f4c31f Moved TX status processing for STA entries away from driver_*.c
Driver wrappers should not need to know about this level of core hostapd
details.
2009-01-09 15:33:36 +02:00
Jouni Malinen
76e2592190 Share the same radiotap helper implementation 2009-01-09 15:22:19 +02:00
Jouni Malinen
d200828b41 Moved rfc1042_header into driver_*.c that use it
No need to share such a small buffer and make hostapd.[ch] more complex
with it.
2009-01-09 15:06:48 +02:00
Jouni Malinen
a2f517fb93 Fixed a typo in a comment 2009-01-09 15:01:50 +02:00
Jouni Malinen
8d06da09a4 Move generic definitions away from hostapd.h
This is an initial step in trying to make hostapd.h not needed to be
included in so many files.
2009-01-08 20:14:05 +02:00
Jouni Malinen
bfddd95c9e Split hostapd/driver.h into two files
driver.h contains the definitions needed in driver wrapper
implementations (driver_*.c) and driver_i.h contains the definitions
that are used in core hostapd code to interact with the driver wrappers.
2009-01-08 20:02:56 +02:00
Jouni Malinen
f88bd28836 Added support for removing RADIUS accounting and RADIUS in general
CONFIG_NO_ACCOUNTING=y and CONFIG_NO_RADIUS=y build options can now be
used to remove RADIUS support from the hostapd build.
2009-01-08 19:15:25 +02:00
Jouni Malinen
9c584c06bd Remove MLME code from build if none of the enabled drivers need it 2009-01-08 18:40:14 +02:00
Jouni Malinen
bb305cbdcc Replaced printf() with wpa_printf() 2009-01-08 16:57:04 +02:00
Jouni Malinen
03018d3e7c Added CONFIG_NO_STDOUT_DEBUG for hostapd
This is similar to one in wpa_supplicant and can be used to reduce the
binary size by removing debugging messages.
2009-01-08 16:47:04 +02:00
Jouni Malinen
7d02e64157 Mark shared secret const in RADIUS client routines 2009-01-08 16:41:47 +02:00
Jouni Malinen
1c6e69ccda Moved documentation from developer.txt into source code files
Use Doxygen comments for functions to replace the old text file that was
not up-to-date anymore.
2009-01-08 16:33:00 +02:00
Jouni Malinen
6f78f2fb3b Preparations for 0.6.7 release 2009-01-06 20:11:15 +02:00
Jouni Malinen
f58b20ce66 Fixed IMAGE_PATH for doxygen run in root directory 2009-01-04 14:44:33 +02:00
Jouni Malinen
2eba45c8de Added endianness annotation for sparse 2009-01-03 21:00:38 +02:00
Jouni Malinen
5306f43fc3 Fixed sparse warnings about integer vs. pointer use
The configuration parsing functions seemed to have worked fine before,
but these were real bugs even if they did not show up in practice.
hostapd_ip_diff() was broken for IPv6 addresses (overwrote address and
always returned 1.
2009-01-03 20:46:32 +02:00
Jouni Malinen
d953d9ab80 Removed sparse destinations since "CC=cgcc make" works fine 2009-01-03 20:39:52 +02:00
Jouni Malinen
7e5ba1b916 Mark functions static if not used elsewhere and use proper prototypes 2009-01-03 20:38:42 +02:00
Jouni Malinen
875f6d7b93 Create all doxygen docs from root directory to get proper path names
This updated all doxygen runs to use the same style that was used for
wpa_supplicant full documents. The full vs. fast configurations are now
otherwise identical apart from fast not generating dot files or
latex/pdf version of the documentation.
2009-01-03 09:59:12 +02:00
Jouni Malinen
a17df5fb8b Fixed number of doxygen warnings 2009-01-02 22:28:04 +02:00
Jouni Malinen
a4149765a2 Added more src subdirectories into doxygen docs 2009-01-02 22:27:17 +02:00
Jouni Malinen
4be048a8a6 Updated doxygen configuration files to work with new doxygen
The doxygen run is not exactly warning free yet, but this gets a step
closer to being able to produce something useful again.
2009-01-02 21:57:51 +02:00
Jouni Malinen
862e08a9a4 Include ieee802_11_defs.h explicitly instead of assuming it gets included
Some build configurations failed to compile because this file did not
get included.
2009-01-02 21:14:21 +02:00
Jouni Malinen
79da74a20c WPS: Generate UUID based on MAC address, if not set
Generate a SHA1 hash -based UUID from the local MAC address if the UUID
was not configured. This makes it easier to prepare for WPS since there
is no need to generate an UUID.
2009-01-01 22:56:52 +02:00
Jouni Malinen
e834272f73 Include pending MFP defines in nl80211_copy.h
This can be used to get rid of the extra cpp define since we have our
local copy of wireless.h and nl80211.h.
2008-12-31 18:10:14 +02:00
Jouni Malinen
ac43f1fa39 Renamed nl80211 HT channel parameters to match with kernel 2008-12-31 17:59:13 +02:00
Jouni Malinen
df1e9601a4 Fixed SA Query Request length
Do not send extra 24 octets of random data in the end.
2008-12-31 17:50:14 +02:00
Jouni Malinen
1aa5c13471 Clear BIP keys, too, when removing broadcast keys with MFP enabled 2008-12-31 17:49:43 +02:00
Jouni Malinen
d5263983ac MFP: Remove mac80211 workaround of IGTK in monitor netdev
mac80211 can now figure out which key to use for injected frames (in
most cases), so we can remove the workaround for configuring IGTK on the
monitor interface that is used for injecting frames.
2008-12-31 17:48:13 +02:00
Jouni Malinen
88b4b4246d Added ctrl_interface command for sending a SA Query request
This can be useful for testing IEEE 802.11w functionality, so provide
means for manual request to send a SA Query request.
2008-12-30 18:04:29 +02:00
Jouni Malinen
805e6dc663 Disconnect the STA if EAP timeout is reached
There is not really much else the Authenticator can do if it does not
receive valid EAP response from the Supplicant/EAP peer. EAP-Failure
would need to be sent before trying to start again with
EAP-Request/Identity, but that is not allowed before the EAP peer
actually replies. Anyway, forcing a new association is likely to clean
up peer state, too, so it can help fixing some issues that could have
caused the peer not to be able to reply in the first place.
2008-12-29 19:16:48 +02:00
Jouni Malinen
8e09c6d253 Fixed retransmission of EAP requests if no response is received
It looks like this never survived the move from IEEE 802.1X-2001 to
IEEE 802.1X-2004 and EAP state machine (RFC 4137). The retransmission
scheduling and control is now in EAP authenticator and the
calculateTimeout() producedure is used to determine timeout for
retransmission (either dynamic backoff or value from EAP method hint).

The recommended calculations based on SRTT and RTTVAR (RFC 2988) are not
yet implemented since there is no round-trip time measurement available
yet.

This should make EAP authentication much more robust in environments
where initial packets are lost for any reason. If the EAP method does
not provide a hint on timeout, default schedule of 3, 6, 12, 20, 20, 20,
... seconds will be used.
2008-12-29 18:10:34 +02:00
Jouni Malinen
65d50f0ac6 Add RADIUS server support for identity selection hint (RFC 4284)
Previously, only the delivery option 1 from RFC 4284
(EAP-Request/Identity from the AP) was supported. Now option 3
(subsequent EAP-Request/Identity from RADIUS server) can also be used
when hostapd is used as a RADIUS server. The eap_user file will need to
have a Phase 1 user entry pointing to Identity method in order for this
to happen (e.g., "* Identity" in the end of the file). The identity hint
is configured in the same was as for AP/Authenticator case (eap_message
in hostapd.conf).
2008-12-26 20:22:12 +02:00
Andriy Tkachuk
d9f5626293 NEED_BASE64 for WPS
It looks like we need base64 routines when compiling WPS in hostapd
(used in src/wps/wps_registrar.c:910).
2008-12-26 16:40:27 +02:00
Jouni Malinen
6f5c8dbd79 Added a TODO item for sending protected Disassoc after failed SA Query 2008-12-26 15:56:30 +02:00
Jouni Malinen
cae93bdc9c Added a note about IEEE 802.11w/D7.0 update 2008-12-26 12:59:07 +02:00
Jouni Malinen
8f4617c6c4 Do not use SA Query procedure if reassociation is part of FT 2008-12-26 12:55:35 +02:00
Jouni Malinen
ff89afb77b Add Key Length field into IGTK sub-element (FTIE) per 802.11w/D7.0 2008-12-26 12:49:15 +02:00
Jouni Malinen
45c94154a6 Updated SA Query procedure to use timeouts per 802.11w/D7.0
The previous max_attempts * timeout is now replaced with two timeouts
(one for each retry, the other one for maximum wait).
2008-12-26 12:30:34 +02:00
Jouni Malinen
93b76319f1 Renamed Ping procedure into SA Query procedure per 802.11w/D7.0
This commit changes just the name and Action category per D7.0. The
retransmit/timeout processing in the AP is not yet updated with the
changes in D7.0.
2008-12-26 11:46:21 +02:00
Jouni Malinen
9a9876bf9c Fixed the MFP Status/Reason Code values per 802.11w/D7.0 2008-12-26 11:29:17 +02:00
Jouni Malinen
ff36ff00b8 Reject association if HT STA tries to use TKIP as pairwise cipher 2008-12-22 14:05:53 +02:00
Jouni Malinen
f130ba9b4a Allow HT to be enabled for a STA even without WMM
The STA won't be able to use block ACK/aggregation, but at least it
should be allowed to use MCS rates and HT40.
2008-12-22 13:05:33 +02:00
Jouni Malinen
e6f9861ace Added a note about mac80211-based drivers and nl80211 2008-12-20 13:02:29 +02:00
Jouni Malinen
a2b3a34bab IANA allocated EAP method type 51 to EAP-GPSK 2008-12-20 12:39:24 +02:00
Jouni Malinen
bae61562a4 Cleaned up EAPOL-Key timeout processing
dot11RSNAConfigGroupUpdateTimeOut and
dot11RSNAConfigPairwiseUpdateTimeOut MIB variables were only used in
draft versions of IEEE 802.11i, so rename these in order not to use
confusing name here.

Replaced EAPOL-Key timeout to use following timeouts (in
milliseconds): 100,1000,1000,1000 (this was 1000,1000,1000,0). There
is no point in sending out the final EAPOL-Key frame which would be
immediately followed by disconnection. After the change to allow
response to any pending EAPOL-Key frame, it is fine to send the first
retransmission quickly to avoid long wait in cases where Supplicant
did not receive the first frame for any reason. The new sequence will
still provide 3.1 seconds of time to get any response frame, so this
does not reduce the previous time.
2008-12-18 17:15:36 +02:00
Jouni Malinen
47f72245e2 Do not allow HT with WPA/WPA2 to be enabled without CCMP
IEEE 802.11n does not allow HT STAs to use TKIP between themselves, so
do do allow a configuration that would force this to happen if HT is
used.
2008-12-17 12:16:13 +02:00