mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 02:44:03 -05:00
a0bf1b68c0
This was originally added to allow the IEEE 802.11 protocol to be tested, but there are no known fully functional implementations based on this nor any known deployments of PeerKey functionality. Furthermore, PeerKey design in the IEEE Std 802.11-2016 standard has already been marked as obsolete for DLS and it is being considered for complete removal in REVmd. This implementation did not really work, so it could not have been used in practice. For example, key configuration was using incorrect algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in mapping to an invalid WPA_ALG_* value for the actual driver operation. As such, the derived key could not have been successfully set for the link. Since there are bugs in this implementation and there does not seem to be any future for the PeerKey design with DLS (TDLS being the future for DLS), the best approach is to simply delete all this code to simplify the EAPOL-Key handling design and to get rid of any potential issues if these code paths were accidentially reachable. Signed-off-by: Jouni Malinen <j@w1.fi>
206 lines
5.9 KiB
Plaintext
206 lines
5.9 KiB
Plaintext
# Example hostapd build time configuration
|
|
#
|
|
# This file lists the configuration options that are used when building the
|
|
# hostapd binary. All lines starting with # are ignored. Configuration option
|
|
# lines must be commented out complete, if they are not to be included, i.e.,
|
|
# just setting VARIABLE=n is not disabling that variable.
|
|
#
|
|
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
|
|
# be modified from here. In most cass, these lines should use += in order not
|
|
# to override previous values of the variables.
|
|
|
|
# Driver interface for Host AP driver
|
|
#CONFIG_DRIVER_HOSTAP=y
|
|
|
|
# Driver interface for wired authenticator
|
|
#CONFIG_DRIVER_WIRED=y
|
|
|
|
# Driver interface for drivers using the nl80211 kernel interface
|
|
#CONFIG_DRIVER_NL80211=y
|
|
# driver_nl80211.c requires a rather new libnl (version 1.1) which may not be
|
|
# shipped with your distribution yet. If that is the case, you need to build
|
|
# newer libnl version and point the hostapd build to use it.
|
|
#LIBNL=/usr/src/libnl
|
|
#CFLAGS += -I$(LIBNL)/include
|
|
#LIBS += -L$(LIBNL)/lib
|
|
CONFIG_LIBNL20=y
|
|
|
|
# QCA vendor extensions to nl80211
|
|
CONFIG_DRIVER_NL80211_QCA=y
|
|
|
|
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
|
|
#CONFIG_DRIVER_BSD=y
|
|
#CFLAGS += -I/usr/local/include
|
|
#LIBS += -L/usr/local/lib
|
|
#LIBS_p += -L/usr/local/lib
|
|
#LIBS_c += -L/usr/local/lib
|
|
|
|
# Driver interface for no driver (e.g., RADIUS server only)
|
|
#CONFIG_DRIVER_NONE=y
|
|
|
|
# IEEE 802.11F/IAPP
|
|
#CONFIG_IAPP=y
|
|
|
|
# WPA2/IEEE 802.11i RSN pre-authentication
|
|
#CONFIG_RSN_PREAUTH=y
|
|
|
|
# IEEE 802.11w (management frame protection)
|
|
# This version is an experimental implementation based on IEEE 802.11w/D1.0
|
|
# draft and is subject to change since the standard has not yet been finalized.
|
|
# Driver support is also needed for IEEE 802.11w.
|
|
CONFIG_IEEE80211W=y
|
|
|
|
# Integrated EAP server
|
|
#CONFIG_EAP=y
|
|
|
|
# EAP-MD5 for the integrated EAP server
|
|
#CONFIG_EAP_MD5=y
|
|
|
|
# EAP-TLS for the integrated EAP server
|
|
#CONFIG_EAP_TLS=y
|
|
|
|
# EAP-MSCHAPv2 for the integrated EAP server
|
|
#CONFIG_EAP_MSCHAPV2=y
|
|
|
|
# EAP-PEAP for the integrated EAP server
|
|
#CONFIG_EAP_PEAP=y
|
|
|
|
# EAP-GTC for the integrated EAP server
|
|
#CONFIG_EAP_GTC=y
|
|
|
|
# EAP-TTLS for the integrated EAP server
|
|
#CONFIG_EAP_TTLS=y
|
|
|
|
# EAP-SIM for the integrated EAP server
|
|
#CONFIG_EAP_SIM=y
|
|
|
|
# EAP-AKA for the integrated EAP server
|
|
#CONFIG_EAP_AKA=y
|
|
|
|
# EAP-AKA' for the integrated EAP server
|
|
# This requires CONFIG_EAP_AKA to be enabled, too.
|
|
#CONFIG_EAP_AKA_PRIME=y
|
|
|
|
# EAP-PAX for the integrated EAP server
|
|
#CONFIG_EAP_PAX=y
|
|
|
|
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
|
|
#CONFIG_EAP_PSK=y
|
|
|
|
# EAP-SAKE for the integrated EAP server
|
|
#CONFIG_EAP_SAKE=y
|
|
|
|
# EAP-GPSK for the integrated EAP server
|
|
#CONFIG_EAP_GPSK=y
|
|
# Include support for optional SHA256 cipher suite in EAP-GPSK
|
|
#CONFIG_EAP_GPSK_SHA256=y
|
|
|
|
# EAP-FAST for the integrated EAP server
|
|
# Note: Default OpenSSL package does not include support for all the
|
|
# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL,
|
|
# the OpenSSL library must be patched (openssl-0.9.9-session-ticket.patch)
|
|
# to add the needed functions.
|
|
#CONFIG_EAP_FAST=y
|
|
|
|
# Wi-Fi Protected Setup (WPS)
|
|
CONFIG_WPS=y
|
|
# Enable UPnP support for external WPS Registrars
|
|
#CONFIG_WPS_UPNP=y
|
|
|
|
# EAP-IKEv2
|
|
#CONFIG_EAP_IKEV2=y
|
|
|
|
# Trusted Network Connect (EAP-TNC)
|
|
#CONFIG_EAP_TNC=y
|
|
|
|
# PKCS#12 (PFX) support (used to read private key and certificate file from
|
|
# a file that usually has extension .p12 or .pfx)
|
|
CONFIG_PKCS12=y
|
|
|
|
# RADIUS authentication server. This provides access to the integrated EAP
|
|
# server from external hosts using RADIUS.
|
|
#CONFIG_RADIUS_SERVER=y
|
|
|
|
# Build IPv6 support for RADIUS operations
|
|
CONFIG_IPV6=y
|
|
|
|
# IEEE Std 802.11r-2008 (Fast BSS Transition)
|
|
#CONFIG_IEEE80211R=y
|
|
|
|
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
|
|
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
|
|
#CONFIG_DRIVER_RADIUS_ACL=y
|
|
|
|
# IEEE 802.11n (High Throughput) support
|
|
CONFIG_IEEE80211N=y
|
|
|
|
# Remove debugging code that is printing out debug messages to stdout.
|
|
# This can be used to reduce the size of the hostapd considerably if debugging
|
|
# code is not needed.
|
|
#CONFIG_NO_STDOUT_DEBUG=y
|
|
|
|
# Add support for writing debug log to Android logcat instead of standard output
|
|
CONFIG_ANDROID_LOG=y
|
|
|
|
# Remove support for RADIUS accounting
|
|
#CONFIG_NO_ACCOUNTING=y
|
|
|
|
# Remove support for RADIUS
|
|
CONFIG_NO_RADIUS=y
|
|
|
|
# Remove support for VLANs
|
|
#CONFIG_NO_VLAN=y
|
|
|
|
# Remove support for dumping internal state through control interface commands
|
|
# This can be used to reduce binary size at the cost of disabling a debugging
|
|
# option.
|
|
#CONFIG_NO_DUMP_STATE=y
|
|
|
|
# Select wrapper for operatins system and C library specific functions
|
|
# unix = UNIX/POSIX like systems (default)
|
|
# win32 = Windows systems
|
|
# none = Empty template
|
|
CONFIG_OS=unix
|
|
|
|
# Enable tracing code for developer debugging
|
|
# This tracks use of memory allocations and other registrations and reports
|
|
# incorrect use with a backtrace of call (or allocation) location.
|
|
#CONFIG_WPA_TRACE=y
|
|
# For BSD, comment out these.
|
|
#LIBS += -lexecinfo
|
|
#LIBS_p += -lexecinfo
|
|
#LIBS_c += -lexecinfo
|
|
|
|
# Use libbfd to get more details for developer debugging
|
|
# This enables use of libbfd to get more detailed symbols for the backtraces
|
|
# generated by CONFIG_WPA_TRACE=y.
|
|
#CONFIG_WPA_TRACE_BFD=y
|
|
# For BSD, comment out these.
|
|
#LIBS += -lbfd -liberty -lz
|
|
#LIBS_p += -lbfd -liberty -lz
|
|
#LIBS_c += -lbfd -liberty -lz
|
|
|
|
# Should we use poll instead of select? Select is used by default.
|
|
#CONFIG_ELOOP_POLL=y
|
|
|
|
# Should we use epoll instead of select? Select is used by default.
|
|
#CONFIG_ELOOP_EPOLL=y
|
|
|
|
# Enable AP
|
|
CONFIG_AP=y
|
|
|
|
# Enable Fast Session Transfer (FST)
|
|
#CONFIG_FST=y
|
|
|
|
# Multiband Operation support
|
|
# These extentions facilitate efficient use of multiple frequency bands
|
|
# available to the AP and the devices that may associate with it.
|
|
#CONFIG_MBO=y
|
|
|
|
# Include internal line edit mode in hostapd_cli.
|
|
CONFIG_WPA_CLI_EDIT=y
|
|
|
|
# Opportunistic Wireless Encryption (OWE)
|
|
# Experimental implementation of draft-harkins-owe-07.txt
|
|
#CONFIG_OWE=y
|