path: root/wpa_supplicant/defconfig
Commit message (Collapse)AuthorAgeFilesLines
* Maintain internal entropy pool for augmenting random number generationJouni Malinen2010-11-231-0/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | By default, make hostapd and wpa_supplicant maintain an internal entropy pool that is fed with following information: hostapd: - Probe Request frames (timing, RSSI) - Association events (timing) - SNonce from Supplicants wpa_supplicant: - Scan results (timing, signal/noise) - Association events (timing) The internal pool is used to augment the random numbers generated with the OS mechanism (os_get_random()). While the internal implementation is not expected to be very strong due to limited amount of generic (non-platform specific) information to feed the pool, this may strengthen key derivation on some devices that are not configured to provide strong random numbers through os_get_random() (e.g., /dev/urandom on Linux/BSD). This new mechanism is not supposed to replace proper OS provided random number generation mechanism. The OS mechanism needs to be initialized properly (e.g., hw random number generator, maintaining entropy pool over reboots, etc.) for any of the security assumptions to hold. If the os_get_random() is known to provide strong ramdom data (e.g., on Linux/BSD, the board in question is known to have reliable source of random data from /dev/urandom), the internal hostapd random pool can be disabled. This will save some in binary size and CPU use. However, this should only be considered for builds that are known to be used on devices that meet the requirements described above. The internal pool is disabled by adding CONFIG_NO_RANDOM_POOL=y to the .config file.
* wpa_cli: Add internal line edit implementationJouni Malinen2010-11-141-0/+4
| | | | | | CONFIG_WPA_CLI_EDIT=y can now be used to build wpa_cli with internal implementation of line editing and history support. This can be used as a replacement for CONFIG_READLINE=y.
* WPS 2.0: Make WSC 2.0 support to be build option (CONFIG_WPS2)Jouni Malinen2010-09-091-0/+2
| | | | | For now, the default build will only include WSC 1.0 support. CONFIG_WPS2=y can be used to add support for WSC 2.0.
* Solaris: Add support for wired IEEE 802.1X clientMasashi Honma2010-08-281-0/+4
| | | | | | | | | This patch adds support for wired IEEE 802.1X client on the Solaris. I have tested with these: OS : OpenSolaris 2009.06 EAP : EAP-MD5 Switch : Cisco Catalyst 2950
* bsd: Add support for WPA_TRACE and WPA_TRACE_BFDMasashi Honma2010-01-091-0/+10
| | | | On FreeBSD 8.0, WPA_TRACE and WPA_TRACE_BFD functionality build fails.
* dbus: Get rid of libxml2 dependency with introspectionJouni Malinen2010-01-011-1/+1
| | | | | | The XML used in D-Bus introspection is simple and there is no need to use libxml2 to generate it. This gets rid of the dependency on the large library by using internal XML generation.
* Include BSS table unconditionally in the wpa_supplicant buildJouni Malinen2009-12-271-5/+0
| | | | | | | | | | | | | | This will allow more cleanup to be done for scan results processing since all code can now be made to depend on the BSS table instead of the temporary scan results. Once remaining code has been converted to use the BSS table, the new scan results can be freed immediately after the BSS table has been updated. In addition, filtering of BSS information should be added to better support systems with limited resources. For now, memory use can be limited by defining WPA_BSS_MAX_COUNT to be smaller. Anyway, better filtering of results to only the configured networks should be added to improve this.
* Add BSS table to track scan results without dropping informationJouni Malinen2009-12-271-0/+5
| | | | | | | | | | | Collect information from scan results into a BSS table that will not expire information as quickly as scan results where every new scan, no matter for how limited set of channels/SSIDs, clears all old information. For now, this is only used for D-Bus BSS added/removed notifications, but this will likely be extended to be used internally instead of the scan results to better support partial scans.
* Comment CONFIG_WPA_TRACE_BFD=y out by defaultJouni Malinen2009-12-231-1/+1
* Describe tracing build options for developersJouni Malinen2009-12-201-0/+10
* Remove obsolete Prism54.org driver support (driver_prism54.c)Jouni Malinen2009-12-121-5/+0
| | | | | | | | | | | | | | | | | The Prism54.org project seems have been dead for a while and it does not look like this driver would ever be maintained again. Furthermore, it is difficult to find a version that would work with the driver_prism54.c wrapper and there is another driver for these card in the Linux kernel tree. The hostapd integration in driver_prism54.c is quite different from the other driver wrappers and would require major effort to get it cleaned up. Since there does not seem to be any real users for the cleaned up version, there does not seem to be justification to spend this effort on the wrapper. This old code is making it much more difficult to clean up the driver interface and at this point, the best option seems to be to remove the driver wrappers. Should someone really still need this, the old code will continue to be available in hostapd 0.6.x.
* Add cleared deprecation notes on iwl,ndiswrapper,madwifi(sta) wrappersJouni Malinen2009-11-231-0/+3
| | | | | | | These driver wrappers should not be used anymore; WEXT should be used instead. However, there may still be users stuck on older kernel versions that may require driver specific wrappers, so the source code still remains in the repository.
* Add 'none' driver as an option for wpa_supplicantJouni Malinen2009-11-201-0/+3
| | | | | This can be used, e.g., with WPS ER when no network interface is actually used for IEEE 802.1X or wireless operations.
* wpa_supplicant: new DBus API implementationWitold Sowa2009-11-091-1/+9
| | | | | | | | | | | | | | | | | | | | This patch implements the new DBus API. Both, the new and the previous API may work concurrently and may be turned on or off separately in .config file. Some features of the new API are: - more wpa_supplicant's events are signaled with DBus signals, - introspection data (requires libxml2 and may be disabled), - CurrentBSS and CurrentNetwork properties, - PropertyChanged signal for most of properties, - Relatively easy to extend. .config options for the new API are: CONFIG_CTRL_IFACE_DBUS_NEW=y and CONFIG_CTRL_IFACE_DBUS_INTRO=y for introspection. This commit misses couple of parts from the full implementation (these are still under review): - fetching all configuration parameters for learning WPS information - scan result BSS add/remove notification (register_bss() and unregister_bss() notification callbacks)
* Replace CONFIG_NO_AES_EXTRAS with auto-detection during buildJouni Malinen2009-10-111-5/+0
| | | | | | There is no need to do this manually since it is possible to figure out automatically which AES extra files need to be included in the build.
* Document CONFIG_CLIENT_MLME option as specific to test driverJouni Malinen2009-03-201-7/+5
| | | | | Since user space MLME is not used with nl80211 anymore, this option is only of use with driver_test.
* Add CONFIG_DRIVER_NL80211 and clarify client MLME limitationsJouni Malinen2009-02-041-8/+6
| | | | | | This is based on a patch from Pavel Roskin <proski@gnu.org>, but with the WIRELESS_DEV part removed instead of moved since it does not apply anymore. Additional note on client MLME limitations was also added.
* Use better examples for MadWifi path in defconfig, clarify commentsPavel Roskin2009-02-041-2/+2
| | | | | | | | MadWifi is unlikely to be in ../head relative to hostapd or wpa_supplicant, as it would be inside the hostap git repository. MadWifi sources are more likely to be in a directory called "madwifi" and residing outside the hostap repository. Using "madwifi" also demonstrates that the top-level madwifi directory is needed.
* Add comments on the new Broadcom driver not using driver_broadcom.cJouni Malinen2009-01-301-1/+4
| | | | | | The newer Broadcom driver ("hybrid Linux driver") supports Linux wireless extensions and does not need (or even work) with the old driver wrapper.
* Merged EAP-AKA' into eap_aka.c and added it to defconfig/ChangeLogJouni Malinen2008-12-071-0/+4
* Added preliminary Wi-Fi Protected Setup (WPS) implementationJouni Malinen2008-11-231-0/+3
| | | | | | | | | | | | | This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
* Add RoboSwitch driver interface for wpa_supplicantJouke Witteveen2008-11-181-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | Find attached the patch that creates a new driver: roboswitch. This driver adds support for wired authentication with a Broadcom RoboSwitch chipset. For example it is now possible to do wired authentication with a Linksys WRT54G router running OpenWRT. LIMITATIONS - At the moment the driver does not support the BCM5365 series (though adding it requires just some register tweaks). - The driver is also limited to Linux (this is a far more technical restriction). - In order to compile against a 2.4 series you need to edit include/linux/mii.h and change all references to "u16" in "__u16". I have submitted a patch upstream that will fix this in a future version of the 2.4 kernel. [These modifications (and more) are now included in the kernel source and can be found in versions 2.4.37-rc2 and up.] USAGE - Usage is similar to the wired driver. Choose the interfacename of the vlan that contains your desired authentication port on the router. This name must be formatted as <interface>.<vlan>, which is the default on all systems I know.
* Updated userspace MLME instructions for current mac80211Jouni Malinen2008-11-181-7/+8
| | | | | | | Remove the old code from driver_wext.c since the private ioctl interface is never going to be used with mac80211. driver_nl80211.c has an implementation than can be used with mac80211 (with two external patches to enable userspace MLME configuration are still required, though).
* Added an optional mitigation mechanism for certain attacks against TKIP byJouni Malinen2008-11-081-0/+4
| | | | | | | | | | | | delaying Michael MIC error reports by a random amount of time between 0 and 60 seconds if multiple Michael MIC failures are detected with the same PTK (i.e., the Authenticator does not rekey PTK on first failure report). This is disabled by default and can be enabled with a build option CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config. This may help in making a chopchop attack take much longer time by forcing the attacker to wait 60 seconds before knowing whether a modified frame resulted in a MIC failure.
* Added Milenage USIM emulator for EAP-AKA (can be used to simulate testJouni Malinen2008-11-051-0/+3
| | | | | USIM card with a known private key; enable with CONFIG_USIM_SIMULATOR in .config and password="Ki:OPc:SQN" in network configuration).
* IEEE Std 802.11r-2008 has been released, so update referencesJouni Malinen2008-08-151-4/+1
* Removed the 20% estimate on faster bignum routinesJouni Malinen2008-06-061-2/+1
| | | | | | This was not accurate since this was mostly based on total runtime of an eapol_test run. The real improvement in the bignum routines is much larger (mayby twice as fast as before).
* Combined internal LibTomMath configuration into one optionJouni Malinen2008-06-061-11/+5
| | | | | | CONFIG_INTERNAL_LIBTOMMATH_FAST=y in .config can now be used to enable all optimized routines at a cost of about 4 kB. This is small enough increase in size to justify simplified configuration.
* Added an option to build internal LibTomMath with faster div routineJouni Malinen2008-06-061-0/+4
| | | | | | | At the cost of about 1 kB of additional binary size, the internal LibTomMath can be configured to include faster div routine to speed up DH and RSA. This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_DIV=y in .config.
* Add faster, optional sqr routine for internal LibTomMathJouni Malinen2008-06-051-2/+6
| | | | | | | At the cost of about 0.5 kB of additional binary size, the internal LibTomMath can be configured to include faster sqr routine to speed up DH and RSA. This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_SQR=y in .config.
* Internal LibTomMath: add optional support for Montgomery reductionJouni Malinen2008-06-041-0/+3
| | | | | | | Add a cost of about 2.5 kB of additional cost, the internal LibTomMath can be configured to include fast exptmod routine to speed up DH and RSA. This can be enabled with CONFIG_INTERNAL_LIBTOMMATH_FAST_EXPTMOD=y in .config.
* Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 releaseJouni Malinen2008-02-281-0/+362