path: root/wpa_supplicant
Commit message (Collapse)AuthorAgeFilesLines
* Added configuration of WPS device parameters for wpa_supplicantJouni Malinen2008-12-137-13/+294
* driver_test: Optional support for using UDP socketJouni Malinen2008-12-121-0/+1
| | | | | | | | | driver_test can now be used either over UNIX domain socket or UDP socket. This makes it possible to run the test over network and makes it easier to port driver_test to Windows. hostapd configuration: test_socket=UDP:<listen port> wpa_supplicant configuration: driver_param=test_udp=<dst IP addr>:<port>
* Workaround number of compiler warnings with newer MinGW versionJouni Malinen2008-12-101-1/+2
* SHA256 is needed for EAP-AKA' and WPSJouni Malinen2008-12-101-0/+2
* Renamed the 'alpha2' variable to 'country' to match with config stringJouni Malinen2008-12-093-9/+9
* Added documentation for the new 'country' configuration optionJouni Malinen2008-12-091-0/+5
* wpa_supplicant: Add support for setting of a regulatory domainLuis R. Rodriguez2008-12-094-0/+43
| | | | | | | This adds support for setting of a regulatory domain to wpa_supplicant drivers. It also adds regulatory domain setting for the nl80211 driver. We expect an ISO / IEC 3166 alpha2 in the wpa configuration file as a global.
* wpa_supplicant: print password field only if -K is givenHelmut Schaa2008-12-091-3/+3
| | | | | | | Print the password field only if -K is given by using wpa_hexdump_ascii_key instead of wpa_hexdump_ascii. Additionally mark the password field as key. Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
* Fixed a typo in wpa_supplicant manpageJouni Malinen2008-12-081-1/+1
* WPS: Added [WPS], [WPS-PIN], [WPS-PBC] flags for scan resultsJouni Malinen2008-12-082-0/+43
* Added EAP-FAST interop test results with Radiator 4.3.1Jouni Malinen2008-12-071-7/+7
* Merged EAP-AKA' into eap_aka.c and added it to defconfig/ChangeLogJouni Malinen2008-12-074-5/+7
* Removed mac_addr from eapol_ctx to fix the eapol_test buildJouni Malinen2008-12-031-1/+0
* Add a starting point for EAP-AKA' (draft-arkko-eap-aka-kdf-10)Jouni Malinen2008-12-021-0/+14
| | | | | | | | | | | | | This is just making an as-is copy of EAP-AKA server and peer implementation into a new file and by using the different EAP method type that is allocated for EAP-AKA' (50). None of the other differences between EAP-AKA and EAP-AKA' are not yet included. It is likely that once EAP-AKA' implementation is done and is found to work correctly, large part of the EAP-AKA and EAP-AKA' code will be shared. However, it is not reasonable to destabilize EAP-AKA implementation at this point before it is clearer what the final differences will be.
* WPS: Added note about update_config and added WPS to ChangeLogJouni Malinen2008-11-302-0/+18
* WPS: Added initial documentation on using WPS with wpa_supplicantJouni Malinen2008-11-301-0/+130
* Always clear EAP altAccept and altReject variables on new associationJouni Malinen2008-11-301-4/+3
| | | | | | | | | Previously, this was only done when the new connection is using WPA-Personal. However, it looks like it was possible to trigger an infinite busy loop if altAccept or altReject were left set to true and an EAPOL frame is received (eapolEap is set to true). Clearing altAccept and altReject for each association prevents this loop from happening in the beginning of the next association.
* WPS: Added support for fragmented WPS IE in Beacon and Probe ResponseJouni Malinen2008-11-293-138/+175
| | | | | | | | Fragment WPS IE if needed to fit into the IE length limits in hostapd and Reassemble WPS IE data from multiple IEs in wpa_supplicant. In addition, moved WPS code from events.c into wps_supplicant.c to clean up module interfaces.
* WPS: Added WPS into key_mgmt config write handlerJouni Malinen2008-11-291-0/+6
* WPS: Added wpa_supplicant ctrl_iface commands to start WPS processingJouni Malinen2008-11-294-0/+356
| | | | | | | New control interface commands WPS_PBC, WPS_PIN, and WPS_REG can be used to start WPS processing. These add and select the WPS network block into the configuration temporarily, i.e., there is no need to add the WPS network block manually anymore.
* Fixed wpa_config_parse_string() not to modify const string.Jouni Malinen2008-11-291-4/+9
| | | | This allows wpa_config_set() to be used with const strings as the value.
* WPS: Set Request Type properly into WPS IE in ProbeReq/AssocReqJouni Malinen2008-11-294-9/+20
* WPS: Split wps_common.c into partsJouni Malinen2008-11-291-0/+3
| | | | | To make it easier to find various functions, attribute functions were split into wps_attr_{build,parse,process}.c.
* WPS: Moved RF Bands processing into wps_dev_attr.cJouni Malinen2008-11-291-0/+2
| | | | This allows the RF Bands attribute to be configured and stored.
* WPS: Moved ProbeReq/AssocReq WPS IE building into wps_common.cJouni Malinen2008-11-292-4/+3
| | | | | This code and the related attributes are not specific to Enrollee functionality, so wps_common.c is the correct location for them.
* WPS: Pass device data into wps_enrollee_build_probe_req_ie()Jouni Malinen2008-11-291-0/+1
| | | | | Use configured device data instead of hardcoded values to generate WPS IE for Probe Request.
* WPS: Moved mac_addr and uuid configuration into wps_contextJouni Malinen2008-11-282-2/+2
| | | | | There is no need to complicate EAPOL and EAP interfaces with WPS specific parameters now that wps_context is passed through.
* WPS: Moved wps_context initialization into wps_supplicant.cJouni Malinen2008-11-285-1/+58
| | | | | | | The wps_context data is now managed at wpa_supplicant, not EAP-WSC. This makes wpa_supplicant design for WPS match with hostapd one and also makes it easier configure whatever parameters and callbacks are needed for WPS.
* WPS: Merged two cred_cb variables into the same oneJouni Malinen2008-11-281-1/+2
| | | | | | | Previously, wpa_supplicant as Enrollee case was handled using a different callback function pointer. However, now that the wps_context structure is allocated for all cases, the same variable can be used in all cases.
* WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.cJouni Malinen2008-11-284-147/+217
| | | | | | This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
* WPS: Moved UUID configuration from phase1 into global config areaJouni Malinen2008-11-266-14/+80
* Added preliminary Wi-Fi Protected Setup (WPS) implementationJouni Malinen2008-11-2312-6/+435
| | | | | | | | | | | | | This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
* Preparations for 0.6.6 releasehostap_0_6_6Jouni Malinen2008-11-231-1/+1
* Added an attribution based on the original SSLeay license for OpenSSL.Jouni Malinen2008-11-211-1/+3
* Fixed canceling of PMKSA caching with driver generated RSN IEJouni Malinen2008-11-211-0/+3
| | | | | | | | | | | | | | It looks like some Windows NDIS drivers (e.g., Intel) do not clear the PMKID list even when wpa_supplicant explicitly sets the list to be empty. In such a case, the driver ends up trying to use PMKSA caching with the AP and wpa_supplicant may not have the PMK that would be needed to complete 4-way handshake. RSN processing already had some code for aborting PMKSA caching by sending EAPOL-Start. However, this was not triggered in this particular case where the driver generates the RSN IE. With this change, this case is included, too, and the failed PMKSA caching attempt is cleanly canceled and wpa_supplicant can fall back to full EAP authentication.
* Remove the unwanted Windows console from the Windows binary version of wpa_guiJouni Malinen2008-11-211-1/+1
* Silence printf() calls in wpa_gui to avoid stdout output from a GUI programJouni Malinen2008-11-212-1/+10
* wpa_gui: Add a PNG version of the tray icon for Windows binary buildJouni Malinen2008-11-214-1/+13
| | | | | | | It looks like Qt does not support SVG format by default on Windows and it was not trivial to add the plugin into the build, so for now, build a 16x16 PNG icon file for Windows binary to avoid showing an invisible icon in the tray.
* Changed PEAPv0 cryptobinding to be disabled by defaultJouni Malinen2008-11-201-2/+2
| | | | | There are some interoperability issues with Windows Server 2008 NPS, so better disable cryptobinding use by default for now.
* Separate OpenSSL engine configuration for Phase 2Carolin Latze2008-11-183-0/+11
| | | | | | | | | | | | | | I fixed the engine issue in phase2 of EAP-TTLS. The problem was that you only defined one engine variable, which was read already in phase1. I defined some new variables: engine2 engine2_id pin2 and added support to read those in phase2 wheres all the engine variables without number are only read in phase1. That solved it and I am now able to use an engine also in EAP-TTLS phase2.
* Add RoboSwitch driver interface for wpa_supplicantJouke Witteveen2008-11-188-10/+28
| | | | | | | | | | | | | | | | | | | | | | | | Find attached the patch that creates a new driver: roboswitch. This driver adds support for wired authentication with a Broadcom RoboSwitch chipset. For example it is now possible to do wired authentication with a Linksys WRT54G router running OpenWRT. LIMITATIONS - At the moment the driver does not support the BCM5365 series (though adding it requires just some register tweaks). - The driver is also limited to Linux (this is a far more technical restriction). - In order to compile against a 2.4 series you need to edit include/linux/mii.h and change all references to "u16" in "__u16". I have submitted a patch upstream that will fix this in a future version of the 2.4 kernel. [These modifications (and more) are now included in the kernel source and can be found in versions 2.4.37-rc2 and up.] USAGE - Usage is similar to the wired driver. Choose the interfacename of the vlan that contains your desired authentication port on the router. This name must be formatted as <interface>.<vlan>, which is the default on all systems I know.
* Updated userspace MLME instructions for current mac80211Jouni Malinen2008-11-182-7/+11
| | | | | | | Remove the old code from driver_wext.c since the private ioctl interface is never going to be used with mac80211. driver_nl80211.c has an implementation than can be used with mac80211 (with two external patches to enable userspace MLME configuration are still required, though).
* OpenSSL 0.9.9 API change for EAP-FAST session ticket overriding APIJouni Malinen2008-11-161-0/+4
| | | | | | | Updated OpenSSL code for EAP-FAST to use an updated version of the session ticket overriding API that was included into the upstream OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is needed with that version anymore).
* Updated interop results for ACS 4.2Jouni Malinen2008-11-161-9/+2
* wpa_gui-qt4: tweak icon MakefileKel Modderman2008-11-111-3/+7
| | | | | | Output the xpm icons in more convenient location. Signed-off-by: Kel Modderman <kel@otaku42.de>
* wpa_gui-qt4: FTBFS with GCC 4.4: missing #includeMartin Michlmayr2008-11-113-0/+4
| | | | | | | | | | | | | | | | | | | | GCC 4.4 cleaned up some more C++ headers. You always have to #include headers directly and cannot rely for things to be included indirectly. > g++ -c -pipe -O2 -Wall -W -D_REENTRANT -DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX -DQT_NO_DEBUG -DQT_GUI_LIB -DQT_CORE_LIB -DQT_SHARED -I/usr/share/qt4/mkspecs/linux-g++ -I. -I/usr/include/qt4/QtCore -I/usr/include/qt4/QtCore -I/usr/include/qt4/QtGui -I/usr/include/qt4/QtGui -I/usr/include/qt4 -I. -I.. -I../../src/utils -I../../src/common -I.moc -I.ui -o .obj/wpagui.o wpagui.cpp > wpagui.cpp: In constructor 'WpaGui::WpaGui(QWidget*, const char*, Qt::WFlags)': > wpagui.cpp:98: error: 'printf' was not declared in this scope From: Martin Michlmayr <tbm@cyrius.com> Bug: http://bugs.debian.org/505041 Signed-off-by: Kel Modderman <kel@otaku42.de>
* Added an optional mitigation mechanism for certain attacks against TKIP byJouni Malinen2008-11-086-4/+94
| | | | | | | | | | | | delaying Michael MIC error reports by a random amount of time between 0 and 60 seconds if multiple Michael MIC failures are detected with the same PTK (i.e., the Authenticator does not rekey PTK on first failure report). This is disabled by default and can be enabled with a build option CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config. This may help in making a chopchop attack take much longer time by forcing the attacker to wait 60 seconds before knowing whether a modified frame resulted in a MIC failure.
* Fixed EAP-AKA RES Length field in AT_RES as length in bits, not bytesJouni Malinen2008-11-071-0/+2
* Added support for enforcing frequent PTK rekeyingJouni Malinen2008-11-065-1/+28
| | | | | | | | | | | | Added a new configuration option, wpa_ptk_rekey, that can be used to enforce frequent PTK rekeying, e.g., to mitigate some attacks against TKIP deficiencies. This can be set either by the Authenticator (to initiate periodic 4-way handshake to rekey PTK) or by the Supplicant (to request Authenticator to rekey PTK). With both wpa_ptk_rekey and wpa_group_rekey (in hostapd) set to 600, TKIP keys will not be used for more than 10 minutes which may make some attacks against TKIP more difficult to implement.
* Added Milenage-GSM simulator for EAP-SIMJouni Malinen2008-11-062-4/+13
| | | | | CONFIG_SIM_SIMULATOR=y in .config and password="Ki:OPc" in network config to enable.