Commit Graph

712 Commits

Author SHA1 Message Date
Jouni Malinen
96750ea5e5 WPS: Clean up Primary Device Type handling
Use shared functions for converting Primary Device Type between binary
and string formats. In addition, use array of eight octets instead of a
specific structure with multiple fields to reduce code complexity.
2009-11-26 11:39:29 +02:00
Jouni Malinen
8e2c104fa1 Resolve some sparse warnings
Mainly, this is including header files to get definitions for functions
which is good to verify that the parameters match. None of these are
issues that would have shown as incorrect behavior of the program.
2009-11-25 00:57:00 +02:00
Jouni Malinen
ec8d20187d Remove obsoleted get_scan_results() driver_ops
This has now been replaced with get_scan_results2() in every
in-tree driver.
2009-11-23 21:33:37 +02:00
Jouni Malinen
c2e8d0a092 Remove deprecated scan and set_probe_req_ie driver_ops
These have been replaced with scan2 driver_ops that provides all
parameters in a single call.
2009-11-23 21:13:46 +02:00
Jouni Malinen
4a867032ae Remove deprecated driver_ops handlers
This gets rid of previously deprecated driver_ops handlers set_wpa,
set_drop_unencrypted, set_auth_alg, set_mode. The same functionality
can be achieved by using the init/deinit/associate handlers.
2009-11-23 20:22:38 +02:00
Jouni Malinen
e90bba4c59 Add cleared deprecation notes on iwl,ndiswrapper,madwifi(sta) wrappers
These driver wrappers should not be used anymore; WEXT should be used
instead. However, there may still be users stuck on older kernel versions
that may require driver specific wrappers, so the source code still
remains in the repository.
2009-11-23 17:08:59 +02:00
Jouni Malinen
642187d6bf Merge set_key and hapd_set_key driver_ops into a single function 2009-11-23 16:58:32 +02:00
Jouni Malinen
fd7a5dd15f Move HOSTAPD_MTU definition into driver_hostap.c
This moves the MTU definition into driver_hostap.c since it was really
meant to be specific to this driver. Since this was the last remaining
definition in hostapd_defs.h, remove that header file as unnecessary.
2009-11-23 16:21:07 +02:00
Jouni Malinen
0715247aa8 Remove unneeded set-MTU operation from drivers
This code was copied from driver_hostap.c where it is used with the
special wlan#ap interface. It was not supposed to be used to change
the MTU for a normal data interface.
2009-11-23 16:17:41 +02:00
Jouni Malinen
d994a9b54e Move definitions away from hostapd_defs.h
Clean up definitions to reduce need to include header files from the
hostapd directory into files under the src subdirectories.
2009-11-23 16:14:39 +02:00
Jouni Malinen
c1bb3e0a62 nl80211: Build some client functionality unconditionally
Even though this makes the hostapd version a bit larger, the code will
be easier to maintain with the reduced number of complex ifdef blacks.
2009-11-23 15:40:29 +02:00
Jouni Malinen
dbb2618300 nl80211: Remove last remaining WEXT code
Clean up driver_nl80211.c by gettign rid of the last remaining WEXT use.
This requires that a recent mac80211 version is used to get full protection
in station mode via the authorized flag (IEEE 802.1X PAE).
2009-11-23 15:30:05 +02:00
Jouni Malinen
5d67487244 Merge set_beacon driver_ops into a single one
Clean up driver interface by merging hostapd and wpa_supplicant
specific set_beacon driver_ops into a single one. In addition,
merge set_beacon_int into to the same operation.
2009-11-23 15:26:05 +02:00
Jouni Malinen
3c2166d63c WPS: Do not try to send byebye advertisements if socket is not valid
If initialization fails, we could potentially try to sendto() on -1
socket which would fail. No point in doing that, so just return early
from the function.
2009-11-21 22:00:33 +02:00
Jouni Malinen
3617d81a70 Fix a typo in a comment 2009-11-21 21:13:19 +02:00
Jouni Malinen
55d0b0831e OpenSSL: Remove unneeded MinGW CryptoAPI compat code
The current MinGW/w32api versions seem to provide all the needed CryptoAPI
functions, so the code for loading these dynamically from the DLL can be
removed.
2009-11-21 20:33:41 +02:00
Jouni Malinen
e3992c3381 GnuTLS: Fix compilation with newer GnuTLS versions
Avoid duplicate defination of TLS_RANDOM_SIZE and TLS_MASTER_SIZE.
2009-11-21 20:23:58 +02:00
Jouni Malinen
6d798e8b7e Fix strict aliasing issue with the internal SHA-1 implementation
Need to define the workspace buffer properly to allow compiler to handle
strict aliasing between the incoming unsigned char[64] buffer as an u32
array. The previous version built with strict aliasing enabled can
result in SHA-1 producing incorrect results and consequently, with
4-way handshake failing.

This is based on a report and patch from Dan Williams <dcbw@redhat.com>
but with a different type (the union) used as a fix to avoid needing
extra type casting.

Discovered as part of the investigation of:

https://bugzilla.redhat.com/show_bug.cgi?id=494262#c32

if sha1 is built with gcc without turning off strict aliasing, it will
fail to correctly generate the hashes and will fail its own testcases as
well.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2009-11-21 20:17:24 +02:00
Jouni Malinen
11ff95783e WPS ER: Deinitialize protocol instance with STA after completion
In addition, remove the WPS ER Enrollee entry 10 seconds after
successful completion of the protocol run.
2009-11-21 18:39:12 +02:00
Jouni Malinen
a34a330706 WPS ER: Use random event identifier in event URL
This avoids some issues in cases where the ER has been started and
stopped multiple times on the same address and an AP may have stored
multiple event notification addresses for the same ER. The random
identifier allows the ER to filter out unexpected messages from further
processing.
2009-11-21 18:15:37 +02:00
Jouni Malinen
3f6dc111ff WPS: Cleanup subscription URL list handling
Do not give the allocated memory to the subscription code since it was
not using it as-is anyway. This makes it easier to understand who owns
the allocation an is responsible of freeing it. This may potentially
fix some memory leaks on error paths.
2009-11-21 18:06:02 +02:00
Jouni Malinen
ec72bd0c77 WPS ER: Move SSDP functionality into a separate file 2009-11-21 17:26:23 +02:00
Jouni Malinen
e694b34474 WPS ER: Add more AP information into the ctrl_interface message
This allow wpa_gui to show AP BSSID, WPS State (configured/unconfigured),
and primary device type.
2009-11-21 13:34:23 +02:00
Jouni Malinen
c3016248f4 WPS ER: Fetch AP's M1 to learn device type and WPS state 2009-11-21 13:13:02 +02:00
Jouni Malinen
52a45d20dd WPS ER: Use (addr,UUID) as the key for AP entries
This allows multiple WPS AP instances to be supported per IP address.
2009-11-21 12:51:40 +02:00
Jouni Malinen
7a082a83f0 WPS ER: Stop AP unlink loop on match
There is no need to continue through the list after this, since the
same AP entry can only be listed once.
2009-11-21 12:18:24 +02:00
Jouni Malinen
6a1e492a81 WPS ER: Move STA entry unlinking into a separate function 2009-11-21 12:18:03 +02:00
Jouni Malinen
7c04d5ec6c WPS ER: Fix AP entry freeing on timeout
Must unlink the entry first before trying to remove it to avoid
leaving behind pointers to freed memory.
2009-11-21 12:12:49 +02:00
Jouni Malinen
b3f371cabf WPS ER: Refresh ER data on WPS_ER_START when already started
This sends out the AP and Enrollee notifications for all tracked
devices and generates a new SSDP search to find more APs.
2009-11-20 21:57:30 +02:00
Jouni Malinen
7c009db2a6 WPS ER: Fix Enrollee entry freeing on timeout
Must unlink the entry first before trying to remove it to avoid
leaving behind pointers to freed memory.
2009-11-20 21:56:39 +02:00
Jouni Malinen
a3c6598fcd Add 'none' driver as an option for wpa_supplicant
This can be used, e.g., with WPS ER when no network interface is
actually used for IEEE 802.1X or wireless operations.
2009-11-20 21:12:49 +02:00
Jouni Malinen
4bdd556886 WPS: Fix MAC Address inside Credential be that of Enrollee's
The WPS 1.0h specification is quite unclear on what exactly should be
used as the MAC Address value in the Credential and AP Settings. It
looks like this should after all be the MAC Address of the Enrollee,
so change Registrar implementation to use that address instead of the
AP BSSID.

In addition, add validation code to the Enrollee implementation to
check the MAC Address value inside Credential (and also inside AP Settings)
to make sure it matches with the Enrollee's own address. However, since
there are deployed implementations that do not follow this interpretation
of the spec, only show the mismatch in debug information to avoid breaking
interoperability with existing devices.
2009-11-19 00:31:57 +02:00
Jouni Malinen
62fa124ce2 nl80211/SME: Use reassociation when roaming within the ESS 2009-11-17 19:25:05 +02:00
Jouni Malinen
33417cd75c WPS ER: Clear WPS protocol run on PutMessage failure 2009-11-15 22:56:39 +02:00
Jouni Malinen
2c073ad43d WPS ER: Deinit WPS protocol data when freeing AP entry 2009-11-15 22:53:10 +02:00
Jouni Malinen
cef4652f2c WPS ER: Use learnt AP settings to build credentials for an Enrollee 2009-11-15 22:46:30 +02:00
Jouni Malinen
e64dcfd54b WPS ER: Add command for fetching current AP settings 2009-11-15 22:27:06 +02:00
Jouni Malinen
82b857ec0b WPS: Determine the OpCode based on message type attribute (UPnP)
This allows WSC_ACK and WSC_NACK to be processed correctly in the AP
when operating as an Enrollee with an ER over UPnP transport.
2009-11-15 22:23:49 +02:00
Jouni Malinen
f6d23cfd9e WPS ER: Do not try to process AP Settings in proxied M7 to ER
In this case, the Enrollee is not an AP, so do not try to process
AP Settings in M7.
2009-11-15 18:54:37 +02:00
Jouni Malinen
564cd7fa2c WPS ER: Add preliminary PBC support
This will need some additional code in wps_er_pbc() to handle PBC mode
enabling for a single AP only. For now, this can only be expected to work
when the ER is connected to a single AP.
2009-11-15 18:46:03 +02:00
Jouni Malinen
5d34ab644d WPS ER: Only send Enrollee notification on Probe Request and M1
No need to do this for M3..M7 or NACK/ACK/Done messages.
2009-11-15 18:29:19 +02:00
Jouni Malinen
b78bc3a37e WPS ER: Add ctrl_iface notifications for AP/Enrollee add/remove 2009-11-15 12:07:27 +02:00
Jouni Malinen
462adee5fe WPS ER: Store AP UUID in binary format for future use 2009-11-15 11:07:20 +02:00
Jouni Malinen
fcac668faa WPS: Use a dummy WSC_ACK as WLANEvent as the initial event if needed
UPnP device architecture specification requires all evented variables to
be included in the initial event message after subscription. Since this
can happen before we have seen any events, generated a dummy event
(WSC_ACK with all-zeros nonces) if needed.
2009-11-15 01:11:28 +02:00
Jouni Malinen
44577e4c2e WPS: Send SSDP byebye notifications when stopping UPnP advertisements
This will notify control points of the services going away and allows
them to notice this without having to wait timeout on the
initial advertisements.
2009-11-15 00:46:58 +02:00
Jouni Malinen
d806a5588e WPS: Remove derivation of management keys
MgmtAuthKey and MgmtEncKey were not used for anything and are unlikely
to ever be used, so better remove the code to reduce binary size.
2009-11-14 14:18:15 +02:00
Jouni Malinen
00785aba71 WPS: Remove unused WFA WLANConfig Service actions
This removes following WFA WLANConfig Service actions and the related
state variables: GetAPSettings, SetAPSettings, DelAPSettings,
GetSTASettings, SetSTASettings, DelSTASettings, RebootAP,
ResetAP, RebootSTA, ResetSTA.

While WFA WLANConfig Service version 1.0 claims that some of these are
mandatory to implement for an AP, there are no known implementations
supporting these actions neither in an AP/proxy or an External Registrar
that would use them. These are unlikely to be supported in the future
either and as such, it is just simpler to get rid of them to clean up
the implementation and reduce code size.
2009-11-14 14:08:58 +02:00
Jouni Malinen
7ec2e26ddf WPS ER: Fix Op-Code for WSC_{ACK,NACK,Done}
When using UPnP transport, the Op-Code is not included, but the WPS
frame processing will need this. Generate a matching Op-Code based
on the message type.
2009-11-13 22:40:27 +02:00
Jouni Malinen
ed835e539b WPS: Fix AP to proxy WSC_NACK to ER 2009-11-13 22:40:07 +02:00
Jouni Malinen
04f5d74077 WPS: Fix OpCode when proxying WSC_ACK or WSC_NACK from ER
Previously, WSC_MSG was hardcoded for every message from ER, but
this needs to be changed based on message type to send a valid
message to the Enrollee via EAP transport.
2009-11-13 22:29:31 +02:00
Jouni Malinen
72df2f5fc6 WPS ER: Add PIN configuration and SetSelectedRegistrar call
New PINs can now be added to WPS ER. This results in the ER code
using SetSelectedRegistrar to modify AP state so that Enrollees
will be able to notice the actice registrar more easily.
2009-11-13 22:07:11 +02:00
Jouni Malinen
d64d9ddf6c WPS: Fix http_link_update() to nul terminate the result 2009-11-13 22:05:11 +02:00
Jouni Malinen
ecc6d04b89 WPS ER: Add PutWLANResponse generation and transmission
This allows the M2D message to be transmitted as a response to the
Enrollee via the proxying AP.
2009-11-12 01:24:50 +02:00
Jouni Malinen
b345031997 WPS ER: Add STA/Enrollee entries and start processing EAP messages
This keeps STA/Enrollee entries up to date and sets up registration
protocol session. M1 is processed and M2D generated, but the there
is no code yet to transmit the response back to the AP with
PutWLANResponse.
2009-11-11 23:50:17 +02:00
Felix Fietkau
6980c19127 hostapd: fix AP mode initialization for nl80211
Always bring down the wlan interface, even when not changing the
BSSID, the interface also needs to be down for changing its type
from managed to AP mode.
2009-11-11 16:47:01 +02:00
Jouni Malinen
dc6d9ac250 WPS ER: Parse WLANEvent notifications and send HTTP response
The receive Probe Request and EAP-WSC notifications are now parsed
(including the TLVs in them) and contents is shown in the debug log.
Actual processing of the received information is still missing (TODO
comments indicate the needed functionality).
2009-11-11 00:23:22 +02:00
Jouni Malinen
feae037c25 driver_prism54: Use os_zalloc instead of malloc to clear memory
This will make sure the full buffer is initialized even if some
fields were not explicitly set.
2009-11-10 17:08:33 +02:00
Jouni Malinen
6689218ec7 Fix comparison to use correct symbol name (__rand vs. rand)
rand would be the address of rand() function and never NULL. The previous
version could have crashed on invalid AKA-AUTS command. Though, these
commands are only from hostapd which sends valid requests and as such,
the actual issue did not show up.
2009-11-10 16:51:59 +02:00
Jouni Malinen
69856fadf7 Add wpa_msg_ctrl() for ctrl_interface-only messages
This is like wpa_msg(), but the output is directed only to
ctrl_interface listeners. In other words, the output will not be
shown on stdout or in syslog.

Change scan result reporting to use wpa_msg_ctrl() for
CTRL-EVENT-SCAN-RESULTS message at info level and wpa_printf() at
debug level to avoid showing scan result events in syslog in the
common configuration used with NetworkManager.
2009-11-10 15:59:41 +02:00
Jouni Malinen
efa6481438 WPS: Fixed printf size_t warning on 32-bit builds 2009-11-10 11:30:11 +02:00
Jouni Malinen
097c7b3723 WPS ER: Subscribe to UPnP events
This adds code to start a HTTP server and to subscribe to UPnP events
from each discovered WPS AP. The event messages are received, but there
is not yet any code to actually parse the contents of the event.
2009-11-09 20:01:50 +02:00
Jouni Malinen
875a4e5936 WPS: Read HTTP request within HTTP server code
This removes HTTP related code from wps_upnp_web.c and makes it easier
to use HTTP server functionality for new uses (e.g., WPS ER).
2009-11-08 22:33:34 +02:00
Jouni Malinen
b905c4a398 WPS: Add HTTP server module
Clean up code so that UPnP implementation does not need to include all
the HTTP functionality. In addition, make it easier to share HTTP server
functionality with other components in the future.
2009-11-08 17:26:55 +02:00
Jouni Malinen
585774f28a WPS ER: Fetch and parse device description 2009-11-08 16:46:03 +02:00
Jouni Malinen
0b40d03394 WPS: Move generic UPnP XML helper functionality into a separate file 2009-11-08 14:06:01 +02:00
Jouni Malinen
092794f480 WPS: Add HTTP client module to clean up code
Instead of implementing HTTP client functionality inside
wps_upnp_event.c, use a generic HTTP client module to do this. The HTTP
client code can now be shared more easily for other purposes, too.
2009-11-08 12:35:37 +02:00
Jouni Malinen
b02ee4a228 WPS: Mark functions static
These functions are used only within wps_upnp_event.c.
2009-11-07 17:04:19 +02:00
Jouni Malinen
e9bcfebfce WPS: Add initial part of External Registrar functionality
This is the first step in adding support for using wpa_supplicant as a
WPS External Registrar to manage APs over UPnP. Only the device
discovery part is implemented in this commit.
2009-11-07 12:41:01 +02:00
Jouni Malinen
08eb154db5 Fix MCS set field to be based on driver info
Instead of using hardcoded Rx MCS bitmask (indexes 0..15 enabled),
use the real information from the driver capabilities.
2009-11-05 12:38:47 +02:00
Jouni Malinen
5a641ae01e Use type-punning to avoid breaking strict aliasing rules
While the actual use here would be unlikely to be broken by any C
optimization, it is better to use explicit union construction to let
gcc know about the aliasing and avoid warnings from gcc 4.4.
2009-11-05 12:11:49 +02:00
Jouni Malinen
0ae7b08691 Work around some gcc 4.4 strict-aliasing warnings
gcc 4.4 ends up generating strict-aliasing warnings about some very common
networking socket uses that do not really result in a real problem and
cannot be easily avoided with union-based type-punning due to struct
definitions including another struct in system header files. To avoid having
to fully disable strict-aliasing warnings, provide a mechanism to hide the
typecast from aliasing for now. A cleaner solution will hopefully be found
in the future to handle these cases.
2009-11-04 19:49:14 +02:00
Jouni Malinen
eb999fefcb Add Xcode project file for building wpa_supplicant 2009-11-02 19:37:46 +02:00
Andriy Tkachuk
72ffc08242 WPS: SelectedRegistrar expiration for internal PIN registrar
Though we have such a timeout when handling SetSelectedRegistrar UPnP
message from an external registrar, it looks like we don't have one when
the internal registrar is activated for PIN connection. Thus we set the
SelectedRegistrar flag when AP is activated for PIN connection but we
never reset it - not by some timeout, nor when registration succeeds.
This lead to situations where AP everlastingly declare that it is
activated for WPS PIN connection when in reality it is not.

Use the same timeout (and also success with PIN) to clear the selected
registrar flag when using internal registrar, too.
2009-11-01 22:19:02 +02:00
Jouni Malinen
2e71444516 WPS: Abort ongoing PBC protocol run if session overlap is detected
If PBC session overlap is detected during an ongoing PBC protocol run,
reject the run (if M8, i.e., credentials, have not yet been sent). This
provides a bit longer monitoring time at the Registrar for PBC mode to
catch some cases where two Enrollees in PBC mode try to enroll
credentials at about the same time.
2009-11-01 21:59:30 +02:00
Oleg Kravtsov
63330c6832 WPS: Add PBC overlap and timeout events from WPS module
This provides information about PBC mode result from the WPS Registrar
module. This could be used, e.g., to provide a user notification on the
AP UI on PBC failures.
2009-11-01 21:26:13 +02:00
Jouni Malinen
7e3a67514f WPS: Use Config Error 12 to indicate PBC overlap in M2D
If PBC session overlap is detected between button press on the registrar
and M1 is reception, report session overlap with the Config Error
attribute in M2D to the Enrollee.
2009-11-01 20:57:36 +02:00
Jouni Malinen
e5fc45d7ae Fix dbus build without EAP 2009-10-22 11:11:53 -07:00
Jouni Malinen
08d38568df Move shared MD5/SHA-1 internal definitions into header files 2009-10-17 12:55:12 +03:00
Jouni Malinen
1e8c857abe Move shared DES definitions into a header file 2009-10-17 12:53:27 +03:00
Jouni Malinen
f1739bac4f Move PKCS# {1,5,8} functionality into separate files
This functionality fits better with src/tls (i.e., internal TLS
implementation), so move it there to make crypto_internal.c more
of a wrapper like other crypto_*.c files.
2009-10-17 12:48:55 +03:00
Jouni Malinen
3af9f2983c TLS: Replace set_key helpers to return key instead of status code
The status code was not being used anyway, so it is simpler to
just return the key as is done in crypto functions.
2009-10-17 12:15:46 +03:00
Jouni Malinen
3f4ed97a70 Add support for PKCS #5 encrypted PKCS #8 keys with internal crypto
Private keys can now be used in either unencrypted or encrypted
PKCS #8 encoding. Only the pbeWithMD5AndDES-CBC algorithm (PKCS #5)
is currently supported.
2009-10-17 12:06:36 +03:00
Jouni Malinen
506b45ed22 Add DES-CBC support into internal crypto implementation 2009-10-17 12:05:06 +03:00
Jouni Malinen
8ef74414fc Internal TLS: Add support for unencrypred PKCS#8 private keys in PEM
Recognize the PEM header "BEGIN PRIVATE KEY" as base64-decode the data
to be able to use PEM encoded, unencrypted PKCS#8 private keys with the
internal TLS implementation. Previously, only DER encoding of the
PKCS#8 private key was supported.
2009-10-16 22:00:45 +03:00
Jouni Malinen
43fb529750 Add AP mode WPA status into ctrl_iface 2009-10-16 18:35:45 +03:00
Jouni Malinen
20bd9547a1 Add ctrl_iface events for AP mode STA connect/disconnect
These are used to notify ctrl_iface monitors when a STA completes
connection (the port becomes authorized) and when a STA disconnects.
2009-10-16 17:51:49 +03:00
Jouni Malinen
278da1b52a openssl: Allow build with OpenSSL 0.9.7
OpenSSL 0.9.7 does not include get_rfc3526_prime_1536() function, so
provide that functionality internally if needed. In addition, make
sha256_vector() building depend on whether SHA256 support is included
in the OpenSSL library. This with CONFIG_INTERNAL_SHA256=y in .config
allows OpenSSL without SHA256 support to be used.
2009-10-16 15:57:17 +03:00
Jouni Malinen
d8130bdf13 openssl: Mark openssl_digest_vector() static 2009-10-16 15:54:52 +03:00
Masashi Honma
9b336bcef0 DragonFly BSD: Fix driver_bsd.c build
Both hostapd/wpa_supplicant compilation fails on DragonFly BSD.

This patch solves this issue.

I have tested only compilation. Not functionality.
Because I don't have any device which can work on DragonFly BSD.
2009-10-12 09:56:57 +03:00
Jouni Malinen
6d6f4bb87f nl80211: Work around mac80211 limitation on (re)auth when authenticated
mac80211 does not currently allow (re)authentication when we are already
authenticated. In order to work around this, force deauthentication if
nl80211 authentication command fails with EALREADY. Unfortunately, the
workaround code in driver_nl80211.c alone is not enough since the
following disconnection event would clear wpa_supplicant authentication
state. To handle this, add some code to restore authentication state
when using userspace SME.

This workaround will hopefully become unnecessary in some point should
mac80211 start accepting new authentication requests even when in
authenticated state.
2009-10-12 09:39:55 +03:00
Jouni Malinen
34c9910dc7 Fix EAP-AKA server build without EAP-SIM 2009-10-11 22:23:05 +03:00
Jouni Malinen
38b462868c Clean up crypto makefile segments
Reorganize the TLS/crypto library segments into a single set of blocks
for each library instead of multiple locations handling library-specific
operations. Group crypto functionality together and get wpa_supplicant
and hostapd Makefile closer to eachother in order to make it easier to
eventually move this into a shared makefile.
2009-10-11 22:04:29 +03:00
Jouni Malinen
f042122a57 Allow the internal DH implementation to be overridden
Crypto library wrappers can now override the internal DH (group 5)
implementation. As a starting point, this is done with OpenSSL. The
new mechanism is currently available only for WPS (i.e., IKEv2 still
depends on the internal DH implementation).
2009-10-11 19:17:22 +03:00
Jouni Malinen
dd01b1ff9d Include only the used DH groups in the build
This reduces the binary size by 3 kB or so when WPS is included in
the build, but IKEv2 is not.
2009-10-11 15:24:40 +03:00
Jouni Malinen
b3ad11bb80 nl80211: Add parsing of NL80211_BSS_SEEN_MS_AGO into scan results 2009-10-01 17:53:22 +03:00
Jouni Malinen
d942a79e6a nl80211: Recognize NL80211_CMD_TRIGGER_SCAN events
Replace "nl80211: Ignored unknown event (cmd=33)" with
"nl80211: Scan trigger" to make debug output clearer. We do not
currently do anything with this event apart from showing it in
the debug log.
2009-10-01 13:58:17 +03:00
Jouni Malinen
ebf214e670 NSS: Implement TLS PRF using new TLS extractor interface
This allows NSS to be used to derive EAP-TLS/PEAP/TTLS keying material.
NSS requires a patch from
https://bugzilla.mozilla.org/show_bug.cgi?id=507359
to provide the new API. In addition, that patch needs to be modified to
add the 16-bit context length value in SSL_ExportKeyingMaterial() only if
contextlen != 0 in order to match with the EAP-TLS/PEAP/TTLS use cases.
This issue seems to be coming from the unfortunate incompatibility in
draft-ietf-tls-extractor-07.txt (draft-ietf-tls-extractor-00.txt would
have used compatible PRF construction).

At this point, it is unclear how this will be resolved eventually, but
anyway, this shows a mechanism that can be used to implement EAP key
derivation with NSS with a small patch to NSS.
2009-09-30 20:12:32 +03:00
Author: Johannes Berg
1c766b094a nl80211: Fix a typo in set_sta_vlan()
The VLAN interface index needs to use NL80211_ATTR_STA_VLAN. It was
adding a duplicate NL80211_ATTR_IFINDEX.
2009-09-30 19:23:52 +03:00
Jouni Malinen
289ffc2b61 Add preliminary version of NSS TLS/crypto wrapper for wpa_supplicant
This brings in the first step in adding support for using NSS
(Mozilla Network Security Services) as the crypto and TLS library
with wpa_supplicant. This version is able to run through EAP-PEAP
and EAP-TTLS authentication, but does not yet implement any
certificate/private key configuration. In addition, this does not
implement proper key fetching functions either, so the end result
is not really of much use in real world yet.
2009-09-29 01:21:09 +03:00
Masashi Honma
f335c69e14 DragonFly BSD: Fix wired IEEE 802.1X
On DragonFly BSD, wired IEEE 802.1X fails with this message:
ioctl[SIOC{ADD/DEL}MULTI]: Invalid argument

This patch solves this issue.

I have tested with these:
OS : DragonFly BSD 2.4.0
EAP : EAP-TLS
Switch : Cisco Catalyst 2950
2009-09-28 16:10:02 +03:00