aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2011-05-31 17:07:11 (GMT)
committerJouni Malinen <j@w1.fi>2011-05-31 17:07:11 (GMT)
commit38e24575c18b02a2f8bf7ea38b937ad010682872 (patch)
tree46df39222d7603aa5d9c14fea6fe05d8a9c6487a /wpa_supplicant
parentceb34f250af7a7082f18c1e0451dc7fbc0f000f3 (diff)
downloadhostap-38e24575c18b02a2f8bf7ea38b937ad010682872.zip
hostap-38e24575c18b02a2f8bf7ea38b937ad010682872.tar.gz
hostap-38e24575c18b02a2f8bf7ea38b937ad010682872.tar.bz2
random: Add support for maintaining internal entropy store over restarts
This can be used to avoid rejection of first two 4-way handshakes every time hostapd (or wpa_supplicant in AP/IBSS mode) is restarted. A new command line parameter, -e, can now be used to specify an entropy file that will be used to maintain the needed state.
Diffstat (limited to 'wpa_supplicant')
-rw-r--r--wpa_supplicant/defconfig10
-rw-r--r--wpa_supplicant/main.c11
-rw-r--r--wpa_supplicant/wpa_supplicant.c2
-rw-r--r--wpa_supplicant/wpa_supplicant_i.h8
4 files changed, 25 insertions, 6 deletions
diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig
index 0c8e5f2..ea925c4 100644
--- a/wpa_supplicant/defconfig
+++ b/wpa_supplicant/defconfig
@@ -437,10 +437,16 @@ CONFIG_PEERKEY=y
# from the OS. This by itself is not considered to be very strong, but it may
# help in cases where the system pool is not initialized properly. However, it
# is very strongly recommended that the system pool is initialized with enough
-# entropy either by using hardware assisted random number generatior or by
+# entropy either by using hardware assisted random number generator or by
# storing state over device reboots.
#
-# If the os_get_random() is known to provide strong ramdom data (e.g., on
+# wpa_supplicant can be configured to maintain its own entropy store over
+# restarts to enhance random number generation. This is not perfect, but it is
+# much more secure than using the same sequence of random numbers after every
+# reboot. This can be enabled with -e<entropy file> command line option. The
+# specified file needs to be readable and writable by wpa_supplicant.
+#
+# If the os_get_random() is known to provide strong random data (e.g., on
# Linux/BSD, the board in question is known to have reliable source of random
# data from /dev/urandom), the internal wpa_supplicant random pool can be
# disabled. This will save some in binary size and CPU use. However, this
diff --git a/wpa_supplicant/main.c b/wpa_supplicant/main.c
index c0aa59c..e196f3c 100644
--- a/wpa_supplicant/main.c
+++ b/wpa_supplicant/main.c
@@ -33,7 +33,8 @@ static void usage(void)
"[-g<global ctrl>] \\\n"
" -i<ifname> -c<config file> [-C<ctrl>] [-D<driver>] "
"[-p<driver_param>] \\\n"
- " [-b<br_ifname>] [-f<debug file>] \\\n"
+ " [-b<br_ifname>] [-f<debug file>] [-e<entropy file>] "
+ "\\\n"
" [-o<override driver>] [-O<override ctrl>] \\\n"
" [-N -i<ifname> -c<conf> [-C<ctrl>] "
"[-D<driver>] \\\n"
@@ -56,7 +57,8 @@ static void usage(void)
" -C = ctrl_interface parameter (only used if -c is not)\n"
" -i = interface name\n"
" -d = increase debugging verbosity (-dd even more)\n"
- " -D = driver name (can be multiple drivers: nl80211,wext)\n");
+ " -D = driver name (can be multiple drivers: nl80211,wext)\n"
+ " -e = entropy file\n");
#ifdef CONFIG_DEBUG_FILE
printf(" -f = log output to debug file instead of stdout\n");
#endif /* CONFIG_DEBUG_FILE */
@@ -143,7 +145,7 @@ int main(int argc, char *argv[])
wpa_supplicant_fd_workaround();
for (;;) {
- c = getopt(argc, argv, "b:Bc:C:D:df:g:hi:KLNo:O:p:P:qstuvW");
+ c = getopt(argc, argv, "b:Bc:C:D:de:f:g:hi:KLNo:O:p:P:qstuvW");
if (c < 0)
break;
switch (c) {
@@ -172,6 +174,9 @@ int main(int argc, char *argv[])
params.wpa_debug_level--;
break;
#endif /* CONFIG_NO_STDOUT_DEBUG */
+ case 'e':
+ params.entropy_file = optarg;
+ break;
#ifdef CONFIG_DEBUG_FILE
case 'f':
params.wpa_debug_file_path = optarg;
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 9295651..0352c13 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -2544,7 +2544,7 @@ struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
return NULL;
}
- random_init();
+ random_init(params->entropy_file);
global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
if (global->ctrl_iface == NULL) {
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index 8498666..b18d6d9 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -181,6 +181,14 @@ struct wpa_params {
* created.
*/
char *override_ctrl_interface;
+
+ /**
+ * entropy_file - Optional entropy file
+ *
+ * This parameter can be used to configure wpa_supplicant to maintain
+ * its internal entropy store over restarts.
+ */
+ char *entropy_file;
};
struct p2p_srv_bonjour {