From 12621a4d8db1eb7f8e25384ce28ea4ffb1a2d521 Mon Sep 17 00:00:00 2001 From: Andrew Shadura Date: Fri, 5 Aug 2016 20:45:14 +0200 Subject: Import wpa_2.5-2+v2.4.orig.tar.xz [dgit import orig wpa_2.5-2+v2.4.orig.tar.xz] --- CONTRIBUTIONS | 143 + COPYING | 22 + README | 56 + hostapd/Android.mk | 947 ++ hostapd/ChangeLog | 1035 +++ hostapd/Makefile | 1011 +++ hostapd/README | 366 + hostapd/README-WPS | 352 + hostapd/android.config | 184 + hostapd/config_file.c | 3402 +++++++ hostapd/config_file.h | 17 + hostapd/ctrl_iface.c | 2649 ++++++ hostapd/ctrl_iface.h | 39 + hostapd/defconfig | 316 + hostapd/eap_register.c | 150 + hostapd/eap_register.h | 14 + hostapd/eap_testing.txt | 77 + hostapd/hapd_module_tests.c | 17 + hostapd/hlr_auc_gw.c | 1141 +++ hostapd/hlr_auc_gw.milenage_db | 13 + hostapd/hlr_auc_gw.txt | 104 + hostapd/hostapd.8 | 59 + hostapd/hostapd.accept | 6 + hostapd/hostapd.conf | 1800 ++++ hostapd/hostapd.deny | 5 + hostapd/hostapd.eap_user | 103 + hostapd/hostapd.eap_user_sqlite | 26 + hostapd/hostapd.radius_clients | 4 + hostapd/hostapd.sim_db | 9 + hostapd/hostapd.vlan | 9 + hostapd/hostapd.wpa_psk | 9 + hostapd/hostapd_cli.1 | 89 + hostapd/hostapd_cli.c | 1392 +++ hostapd/logwatch/README | 9 + hostapd/logwatch/hostapd | 65 + hostapd/logwatch/hostapd.conf | 10 + hostapd/main.c | 764 ++ hostapd/nt_password_hash.c | 47 + hostapd/wired.conf | 40 + hostapd/wps-ap-nfc.py | 342 + hs20/client/Android.mk | 81 + hs20/client/Makefile | 94 + hs20/client/devdetail.xml | 47 + hs20/client/devinfo.xml | 7 + hs20/client/est.c | 715 ++ hs20/client/oma_dm_client.c | 1392 +++ hs20/client/osu_client.c | 3227 +++++++ hs20/client/osu_client.h | 118 + hs20/client/spp_client.c | 995 +++ hs20/server/Makefile | 45 + hs20/server/ca/clean.sh | 10 + hs20/server/ca/est-csrattrs.cnf | 17 + hs20/server/ca/est-csrattrs.sh | 4 + hs20/server/ca/hs20.oid | 7 + hs20/server/ca/ocsp-req.sh | 11 + hs20/server/ca/ocsp-responder-ica.sh | 3 + hs20/server/ca/ocsp-responder.sh | 3 + hs20/server/ca/ocsp-update-cache.sh | 10 + hs20/server/ca/openssl-root.cnf | 125 + hs20/server/ca/openssl.cnf | 200 + hs20/server/ca/setup.sh | 125 + hs20/server/ca/w1fi_logo.png | Bin 0 -> 7549 bytes hs20/server/hs20-osu-server.txt | 196 + hs20/server/hs20_spp_server.c | 187 + hs20/server/spp_server.c | 2290 +++++ hs20/server/spp_server.h | 32 + hs20/server/sql-example.txt | 17 + hs20/server/sql.txt | 59 + hs20/server/www/add-free.php | 50 + hs20/server/www/add-mo.php | 56 + hs20/server/www/cert-enroll.php | 39 + hs20/server/www/config.php | 4 + hs20/server/www/est.php | 198 + hs20/server/www/free-remediation.php | 19 + hs20/server/www/free.php | 23 + hs20/server/www/redirect.php | 32 + hs20/server/www/remediation.php | 18 + hs20/server/www/signup.php | 46 + hs20/server/www/spp.php | 127 + hs20/server/www/users.php | 349 + patches/openssl-0.9.8za-tls-extensions.patch | 397 + src/Makefile | 11 + src/ap/Makefile | 8 + src/ap/accounting.c | 484 + src/ap/accounting.h | 44 + src/ap/acs.c | 949 ++ src/ap/acs.h | 27 + src/ap/ap_config.c | 946 ++ src/ap/ap_config.h | 679 ++ src/ap/ap_drv_ops.c | 727 ++ src/ap/ap_drv_ops.h | 339 + src/ap/ap_list.c | 317 + src/ap/ap_list.h | 53 + src/ap/ap_mlme.c | 178 + src/ap/ap_mlme.h | 34 + src/ap/authsrv.c | 226 + src/ap/authsrv.h | 15 + src/ap/beacon.c | 1118 +++ src/ap/beacon.h | 25 + src/ap/bss_load.c | 65 + src/ap/bss_load.h | 17 + src/ap/ctrl_iface_ap.c | 545 ++ src/ap/ctrl_iface_ap.h | 28 + src/ap/dfs.c | 1064 +++ src/ap/dfs.h | 30 + src/ap/dhcp_snoop.c | 178 + src/ap/dhcp_snoop.h | 30 + src/ap/drv_callbacks.c | 1262 +++ src/ap/eap_user_db.c | 274 + src/ap/gas_serv.c | 1282 +++ src/ap/gas_serv.h | 64 + src/ap/hostapd.c | 2725 ++++++ src/ap/hostapd.h | 467 + src/ap/hs20.c | 177 + src/ap/hs20.h | 22 + src/ap/hw_features.c | 943 ++ src/ap/hw_features.h | 71 + src/ap/iapp.c | 533 ++ src/ap/iapp.h | 39 + src/ap/ieee802_11.c | 2752 ++++++ src/ap/ieee802_11.h | 107 + src/ap/ieee802_11_auth.c | 643 ++ src/ap/ieee802_11_auth.h | 28 + src/ap/ieee802_11_ht.c | 487 + src/ap/ieee802_11_shared.c | 508 ++ src/ap/ieee802_11_vht.c | 297 + src/ap/ieee802_1x.c | 2594 ++++++ src/ap/ieee802_1x.h | 62 + src/ap/ndisc_snoop.c | 171 + src/ap/ndisc_snoop.h | 36 + src/ap/p2p_hostapd.c | 113 + src/ap/p2p_hostapd.h | 35 + src/ap/peerkey_auth.c | 396 + src/ap/pmksa_cache_auth.c | 528 ++ src/ap/pmksa_cache_auth.h | 67 + src/ap/preauth_auth.c | 273 + src/ap/preauth_auth.h | 52 + src/ap/sta_info.c | 1138 +++ src/ap/sta_info.h | 241 + src/ap/tkip_countermeasures.c | 105 + src/ap/tkip_countermeasures.h | 15 + src/ap/utils.c | 85 + src/ap/vlan_init.c | 974 ++ src/ap/vlan_init.h | 53 + src/ap/vlan_util.c | 177 + src/ap/vlan_util.h | 15 + src/ap/wmm.c | 324 + src/ap/wmm.h | 23 + src/ap/wnm_ap.c | 596 ++ src/ap/wnm_ap.h | 26 + src/ap/wpa_auth.c | 3400 +++++++ src/ap/wpa_auth.h | 323 + src/ap/wpa_auth_ft.c | 1791 ++++ src/ap/wpa_auth_glue.c | 677 ++ src/ap/wpa_auth_glue.h | 16 + src/ap/wpa_auth_i.h | 257 + src/ap/wpa_auth_ie.c | 919 ++ src/ap/wpa_auth_ie.h | 57 + src/ap/wps_hostapd.c | 1961 +++++ src/ap/wps_hostapd.h | 92 + src/ap/x_snoop.c | 123 + src/ap/x_snoop.h | 56 + src/common/Makefile | 8 + src/common/common_module_tests.c | 172 + src/common/defs.h | 329 + src/common/eapol_common.h | 92 + src/common/gas.c | 273 + src/common/gas.h | 37 + src/common/hw_features_common.c | 438 + src/common/hw_features_common.h | 40 + src/common/ieee802_11_common.c | 923 ++ src/common/ieee802_11_common.h | 116 + src/common/ieee802_11_defs.h | 1357 +++ src/common/ieee802_1x_defs.h | 78 + src/common/privsep_commands.h | 71 + src/common/qca-vendor-attr.h | 28 + src/common/qca-vendor.h | 246 + src/common/sae.c | 1069 +++ src/common/sae.h | 67 + src/common/tnc.h | 121 + src/common/version.h | 10 + src/common/wpa_common.c | 1676 ++++ src/common/wpa_common.h | 461 + src/common/wpa_ctrl.c | 732 ++ src/common/wpa_ctrl.h | 452 + src/common/wpa_helpers.c | 292 + src/common/wpa_helpers.h | 37 + src/crypto/.gitignore | 1 + src/crypto/Makefile | 64 + src/crypto/aes-cbc.c | 80 + src/crypto/aes-ccm.c | 212 + src/crypto/aes-ctr.c | 55 + src/crypto/aes-eax.c | 145 + src/crypto/aes-encblock.c | 32 + src/crypto/aes-gcm.c | 327 + src/crypto/aes-internal-dec.c | 161 + src/crypto/aes-internal-enc.c | 126 + src/crypto/aes-internal.c | 845 ++ src/crypto/aes-omac1.c | 170 + src/crypto/aes-siv.c | 188 + src/crypto/aes-unwrap.c | 80 + src/crypto/aes-wrap.c | 76 + src/crypto/aes.h | 21 + src/crypto/aes_i.h | 125 + src/crypto/aes_siv.h | 19 + src/crypto/aes_wrap.h | 71 + src/crypto/crypto.h | 779 ++ src/crypto/crypto_cryptoapi.c | 783 ++ src/crypto/crypto_gnutls.c | 299 + src/crypto/crypto_internal-cipher.c | 243 + src/crypto/crypto_internal-modexp.c | 49 + src/crypto/crypto_internal-rsa.c | 117 + src/crypto/crypto_internal.c | 275 + src/crypto/crypto_libtomcrypt.c | 726 ++ src/crypto/crypto_module_tests.c | 1679 ++++ src/crypto/crypto_none.c | 23 + src/crypto/crypto_openssl.c | 1279 +++ src/crypto/des-internal.c | 493 ++ src/crypto/des_i.h | 25 + src/crypto/dh_group5.c | 40 + src/crypto/dh_group5.h | 18 + src/crypto/dh_groups.c | 1271 +++ src/crypto/dh_groups.h | 29 + src/crypto/fips_prf_internal.c | 69 + src/crypto/fips_prf_openssl.c | 78 + src/crypto/md4-internal.c | 272 + src/crypto/md5-internal.c | 287 + src/crypto/md5.c | 109 + src/crypto/md5.h | 19 + src/crypto/md5_i.h | 23 + src/crypto/milenage.c | 323 + src/crypto/milenage.h | 27 + src/crypto/ms_funcs.c | 527 ++ src/crypto/ms_funcs.h | 58 + src/crypto/random.c | 438 + src/crypto/random.h | 28 + src/crypto/rc4.c | 54 + src/crypto/sha1-internal.c | 304 + src/crypto/sha1-pbkdf2.c | 92 + src/crypto/sha1-prf.c | 67 + src/crypto/sha1-tlsprf.c | 99 + src/crypto/sha1-tprf.c | 70 + src/crypto/sha1.c | 107 + src/crypto/sha1.h | 27 + src/crypto/sha1_i.h | 23 + src/crypto/sha256-internal.c | 226 + src/crypto/sha256-kdf.c | 76 + src/crypto/sha256-prf.c | 100 + src/crypto/sha256-tlsprf.c | 66 + src/crypto/sha256.c | 104 + src/crypto/sha256.h | 30 + src/crypto/sha256_i.h | 25 + src/crypto/sha384.h | 19 + src/crypto/tls.h | 572 ++ src/crypto/tls_gnutls.c | 1505 ++++ src/crypto/tls_internal.c | 685 ++ src/crypto/tls_none.c | 200 + src/crypto/tls_openssl.c | 3658 ++++++++ src/crypto/tls_schannel.c | 763 ++ src/drivers/.gitignore | 2 + src/drivers/Makefile | 9 + src/drivers/android_drv.h | 56 + src/drivers/driver.h | 4636 ++++++++++ src/drivers/driver_atheros.c | 2154 +++++ src/drivers/driver_bsd.c | 1646 ++++ src/drivers/driver_common.c | 220 + src/drivers/driver_hostap.c | 1201 +++ src/drivers/driver_hostap.h | 210 + src/drivers/driver_macsec_qca.c | 891 ++ src/drivers/driver_ndis.c | 3218 +++++++ src/drivers/driver_ndis.h | 59 + src/drivers/driver_ndis_.c | 99 + src/drivers/driver_nl80211.c | 8540 ++++++++++++++++++ src/drivers/driver_nl80211.h | 274 + src/drivers/driver_nl80211_android.c | 220 + src/drivers/driver_nl80211_capa.c | 1532 ++++ src/drivers/driver_nl80211_event.c | 2029 +++++ src/drivers/driver_nl80211_monitor.c | 491 ++ src/drivers/driver_nl80211_scan.c | 775 ++ src/drivers/driver_none.c | 85 + src/drivers/driver_openbsd.c | 136 + src/drivers/driver_privsep.c | 749 ++ src/drivers/driver_roboswitch.c | 477 + src/drivers/driver_wext.c | 2424 +++++ src/drivers/driver_wext.h | 81 + src/drivers/driver_wired.c | 680 ++ src/drivers/drivers.c | 86 + src/drivers/drivers.mak | 198 + src/drivers/drivers.mk | 189 + src/drivers/linux_defines.h | 46 + src/drivers/linux_ioctl.c | 221 + src/drivers/linux_ioctl.h | 22 + src/drivers/linux_wext.h | 45 + src/drivers/ndis_events.c | 802 ++ src/drivers/netlink.c | 226 + src/drivers/netlink.h | 28 + src/drivers/nl80211_copy.h | 4415 ++++++++++ src/drivers/priv_netlink.h | 109 + src/drivers/rfkill.c | 188 + src/drivers/rfkill.h | 25 + src/eap_common/Makefile | 8 + src/eap_common/chap.c | 28 + src/eap_common/chap.h | 17 + src/eap_common/eap_common.c | 288 + src/eap_common/eap_common.h | 33 + src/eap_common/eap_defs.h | 118 + src/eap_common/eap_eke_common.c | 768 ++ src/eap_common/eap_eke_common.h | 114 + src/eap_common/eap_fast_common.c | 298 + src/eap_common/eap_fast_common.h | 107 + src/eap_common/eap_gpsk_common.c | 549 ++ src/eap_common/eap_gpsk_common.h | 66 + src/eap_common/eap_ikev2_common.c | 116 + src/eap_common/eap_ikev2_common.h | 29 + src/eap_common/eap_pax_common.c | 148 + src/eap_common/eap_pax_common.h | 92 + src/eap_common/eap_peap_common.c | 85 + src/eap_common/eap_peap_common.h | 16 + src/eap_common/eap_psk_common.c | 68 + src/eap_common/eap_psk_common.h | 72 + src/eap_common/eap_pwd_common.c | 346 + src/eap_common/eap_pwd_common.h | 67 + src/eap_common/eap_sake_common.c | 387 + src/eap_common/eap_sake_common.h | 96 + src/eap_common/eap_sim_common.c | 1208 +++ src/eap_common/eap_sim_common.h | 230 + src/eap_common/eap_tlv_common.h | 112 + src/eap_common/eap_ttls.h | 65 + src/eap_common/eap_wsc_common.c | 33 + src/eap_common/eap_wsc_common.h | 27 + src/eap_common/ikev2_common.c | 726 ++ src/eap_common/ikev2_common.h | 334 + src/eap_peer/Makefile | 11 + src/eap_peer/eap.c | 2950 +++++++ src/eap_peer/eap.h | 354 + src/eap_peer/eap_aka.c | 1551 ++++ src/eap_peer/eap_config.h | 774 ++ src/eap_peer/eap_eke.c | 765 ++ src/eap_peer/eap_fast.c | 1769 ++++ src/eap_peer/eap_fast_pac.c | 929 ++ src/eap_peer/eap_fast_pac.h | 50 + src/eap_peer/eap_gpsk.c | 790 ++ src/eap_peer/eap_gtc.c | 145 + src/eap_peer/eap_i.h | 389 + src/eap_peer/eap_ikev2.c | 536 ++ src/eap_peer/eap_leap.c | 413 + src/eap_peer/eap_md5.c | 120 + src/eap_peer/eap_methods.c | 369 + src/eap_peer/eap_methods.h | 111 + src/eap_peer/eap_mschapv2.c | 895 ++ src/eap_peer/eap_otp.c | 101 + src/eap_peer/eap_pax.c | 547 ++ src/eap_peer/eap_peap.c | 1256 +++ src/eap_peer/eap_proxy.h | 49 + src/eap_peer/eap_proxy_dummy.c | 77 + src/eap_peer/eap_psk.c | 502 ++ src/eap_peer/eap_pwd.c | 972 ++ src/eap_peer/eap_sake.c | 517 ++ src/eap_peer/eap_sim.c | 1261 +++ src/eap_peer/eap_tls.c | 451 + src/eap_peer/eap_tls_common.c | 1135 +++ src/eap_peer/eap_tls_common.h | 132 + src/eap_peer/eap_tnc.c | 428 + src/eap_peer/eap_ttls.c | 1698 ++++ src/eap_peer/eap_vendor_test.c | 190 + src/eap_peer/eap_wsc.c | 595 ++ src/eap_peer/ikev2.c | 1241 +++ src/eap_peer/ikev2.h | 59 + src/eap_peer/mschapv2.c | 124 + src/eap_peer/mschapv2.h | 28 + src/eap_peer/tncc.c | 1316 +++ src/eap_peer/tncc.h | 36 + src/eap_server/Makefile | 8 + src/eap_server/eap.h | 153 + src/eap_server/eap_i.h | 225 + src/eap_server/eap_methods.h | 51 + src/eap_server/eap_server.c | 1981 +++++ src/eap_server/eap_server_aka.c | 1376 +++ src/eap_server/eap_server_eke.c | 793 ++ src/eap_server/eap_server_fast.c | 1632 ++++ src/eap_server/eap_server_gpsk.c | 656 ++ src/eap_server/eap_server_gtc.c | 224 + src/eap_server/eap_server_identity.c | 181 + src/eap_server/eap_server_ikev2.c | 576 ++ src/eap_server/eap_server_md5.c | 175 + src/eap_server/eap_server_methods.c | 171 + src/eap_server/eap_server_mschapv2.c | 582 ++ src/eap_server/eap_server_pax.c | 590 ++ src/eap_server/eap_server_peap.c | 1270 +++ src/eap_server/eap_server_psk.c | 535 ++ src/eap_server/eap_server_pwd.c | 1077 +++ src/eap_server/eap_server_sake.c | 545 ++ src/eap_server/eap_server_sim.c | 871 ++ src/eap_server/eap_server_tls.c | 412 + src/eap_server/eap_server_tls_common.c | 495 ++ src/eap_server/eap_server_tnc.c | 576 ++ src/eap_server/eap_server_ttls.c | 1253 +++ src/eap_server/eap_server_vendor_test.c | 192 + src/eap_server/eap_server_wsc.c | 512 ++ src/eap_server/eap_sim_db.c | 1503 ++++ src/eap_server/eap_sim_db.h | 95 + src/eap_server/eap_tls_common.h | 94 + src/eap_server/ikev2.c | 1200 +++ src/eap_server/ikev2.h | 61 + src/eap_server/tncs.c | 1202 +++ src/eap_server/tncs.h | 43 + src/eapol_auth/Makefile | 8 + src/eapol_auth/eapol_auth_dump.c | 289 + src/eapol_auth/eapol_auth_sm.c | 1226 +++ src/eapol_auth/eapol_auth_sm.h | 98 + src/eapol_auth/eapol_auth_sm_i.h | 186 + src/eapol_supp/Makefile | 8 + src/eapol_supp/eapol_supp_sm.c | 2139 +++++ src/eapol_supp/eapol_supp_sm.h | 443 + src/l2_packet/Makefile | 8 + src/l2_packet/l2_packet.h | 154 + src/l2_packet/l2_packet_freebsd.c | 329 + src/l2_packet/l2_packet_linux.c | 447 + src/l2_packet/l2_packet_ndis.c | 535 ++ src/l2_packet/l2_packet_none.c | 137 + src/l2_packet/l2_packet_pcap.c | 388 + src/l2_packet/l2_packet_privsep.c | 283 + src/l2_packet/l2_packet_winpcap.c | 347 + src/lib.rules | 25 + src/p2p/Makefile | 8 + src/p2p/p2p.c | 5336 +++++++++++ src/p2p/p2p.h | 2247 +++++ src/p2p/p2p_build.c | 727 ++ src/p2p/p2p_dev_disc.c | 329 + src/p2p/p2p_go_neg.c | 1305 +++ src/p2p/p2p_group.c | 1073 +++ src/p2p/p2p_i.h | 862 ++ src/p2p/p2p_invitation.c | 698 ++ src/p2p/p2p_parse.c | 877 ++ src/p2p/p2p_pd.c | 1178 +++ src/p2p/p2p_sd.c | 917 ++ src/p2p/p2p_utils.c | 513 ++ src/pae/Makefile | 8 + src/pae/ieee802_1x_cp.c | 744 ++ src/pae/ieee802_1x_cp.h | 50 + src/pae/ieee802_1x_kay.c | 3541 ++++++++ src/pae/ieee802_1x_kay.h | 194 + src/pae/ieee802_1x_kay_i.h | 419 + src/pae/ieee802_1x_key.c | 189 + src/pae/ieee802_1x_key.h | 26 + src/pae/ieee802_1x_secy_ops.c | 492 ++ src/pae/ieee802_1x_secy_ops.h | 62 + src/radius/.gitignore | 1 + src/radius/Makefile | 22 + src/radius/radius.c | 1671 ++++ src/radius/radius.h | 322 + src/radius/radius_client.c | 1624 ++++ src/radius/radius_client.h | 259 + src/radius/radius_das.c | 410 + src/radius/radius_das.h | 57 + src/radius/radius_server.c | 2156 +++++ src/radius/radius_server.h | 246 + src/rsn_supp/Makefile | 8 + src/rsn_supp/peerkey.c | 1155 +++ src/rsn_supp/peerkey.h | 82 + src/rsn_supp/pmksa_cache.c | 537 ++ src/rsn_supp/pmksa_cache.h | 134 + src/rsn_supp/preauth.c | 541 ++ src/rsn_supp/preauth.h | 79 + src/rsn_supp/tdls.c | 3009 +++++++ src/rsn_supp/wpa.c | 2954 +++++++ src/rsn_supp/wpa.h | 421 + src/rsn_supp/wpa_ft.c | 849 ++ src/rsn_supp/wpa_i.h | 371 + src/rsn_supp/wpa_ie.c | 599 ++ src/rsn_supp/wpa_ie.h | 74 + src/tls/.gitignore | 1 + src/tls/Makefile | 39 + src/tls/asn1.c | 233 + src/tls/asn1.h | 70 + src/tls/bignum.c | 224 + src/tls/bignum.h | 32 + src/tls/libtommath.c | 3401 +++++++ src/tls/pkcs1.c | 320 + src/tls/pkcs1.h | 29 + src/tls/pkcs5.c | 232 + src/tls/pkcs5.h | 16 + src/tls/pkcs8.c | 187 + src/tls/pkcs8.h | 16 + src/tls/rsa.c | 375 + src/tls/rsa.h | 26 + src/tls/tlsv1_client.c | 832 ++ src/tls/tlsv1_client.h | 54 + src/tls/tlsv1_client_i.h | 84 + src/tls/tlsv1_client_read.c | 1095 +++ src/tls/tlsv1_client_write.c | 860 ++ src/tls/tlsv1_common.c | 492 ++ src/tls/tlsv1_common.h | 272 + src/tls/tlsv1_cred.c | 506 ++ src/tls/tlsv1_cred.h | 40 + src/tls/tlsv1_record.c | 485 + src/tls/tlsv1_record.h | 71 + src/tls/tlsv1_server.c | 824 ++ src/tls/tlsv1_server.h | 53 + src/tls/tlsv1_server_i.h | 84 + src/tls/tlsv1_server_read.c | 1205 +++ src/tls/tlsv1_server_write.c | 940 ++ src/tls/x509v3.c | 1990 +++++ src/tls/x509v3.h | 123 + src/utils/.gitignore | 1 + src/utils/Makefile | 41 + src/utils/base64.c | 157 + src/utils/base64.h | 17 + src/utils/bitfield.c | 89 + src/utils/bitfield.h | 21 + src/utils/browser-android.c | 128 + src/utils/browser-system.c | 119 + src/utils/browser-wpadebug.c | 136 + src/utils/browser.c | 219 + src/utils/browser.h | 21 + src/utils/build_config.h | 50 + src/utils/common.c | 1064 +++ src/utils/common.h | 576 ++ src/utils/edit.c | 1174 +++ src/utils/edit.h | 21 + src/utils/edit_readline.c | 192 + src/utils/edit_simple.c | 92 + src/utils/eloop.c | 1113 +++ src/utils/eloop.h | 359 + src/utils/eloop_win.c | 694 ++ src/utils/ext_password.c | 116 + src/utils/ext_password.h | 33 + src/utils/ext_password_i.h | 23 + src/utils/ext_password_test.c | 90 + src/utils/http-utils.h | 63 + src/utils/http_curl.c | 1641 ++++ src/utils/includes.h | 50 + src/utils/ip_addr.c | 53 + src/utils/ip_addr.h | 27 + src/utils/list.h | 97 + src/utils/os.h | 649 ++ src/utils/os_internal.c | 564 ++ src/utils/os_none.c | 242 + src/utils/os_unix.c | 704 ++ src/utils/os_win32.c | 267 + src/utils/pcsc_funcs.c | 1434 +++ src/utils/pcsc_funcs.h | 42 + src/utils/platform.h | 21 + src/utils/radiotap.c | 396 + src/utils/radiotap.h | 291 + src/utils/radiotap_iter.h | 96 + src/utils/state_machine.h | 138 + src/utils/trace.c | 369 + src/utils/trace.h | 69 + src/utils/utils_module_tests.c | 423 + src/utils/uuid.c | 71 + src/utils/uuid.h | 18 + src/utils/wpa_debug.c | 794 ++ src/utils/wpa_debug.h | 345 + src/utils/wpabuf.c | 312 + src/utils/wpabuf.h | 163 + src/utils/xml-utils.c | 471 + src/utils/xml-utils.h | 97 + src/utils/xml_libxml2.c | 457 + src/wps/Makefile | 8 + src/wps/http.h | 29 + src/wps/http_client.c | 368 + src/wps/http_client.h | 40 + src/wps/http_server.c | 316 + src/wps/http_server.h | 33 + src/wps/httpread.c | 825 ++ src/wps/httpread.h | 117 + src/wps/ndef.c | 198 + src/wps/upnp_xml.c | 252 + src/wps/upnp_xml.h | 25 + src/wps/wps.c | 661 ++ src/wps/wps.h | 1040 +++ src/wps/wps_attr_build.c | 485 + src/wps/wps_attr_parse.c | 628 ++ src/wps/wps_attr_parse.h | 103 + src/wps/wps_attr_process.c | 272 + src/wps/wps_common.c | 907 ++ src/wps/wps_defs.h | 373 + src/wps/wps_dev_attr.c | 419 + src/wps/wps_dev_attr.h | 39 + src/wps/wps_enrollee.c | 1507 ++++ src/wps/wps_er.c | 2095 +++++ src/wps/wps_er.h | 112 + src/wps/wps_er_ssdp.c | 207 + src/wps/wps_i.h | 218 + src/wps/wps_module_tests.c | 337 + src/wps/wps_registrar.c | 3662 ++++++++ src/wps/wps_upnp.c | 1209 +++ src/wps/wps_upnp.h | 48 + src/wps/wps_upnp_ap.c | 85 + src/wps/wps_upnp_event.c | 423 + src/wps/wps_upnp_i.h | 193 + src/wps/wps_upnp_ssdp.c | 955 ++ src/wps/wps_upnp_web.c | 1341 +++ src/wps/wps_validate.c | 1975 +++++ wpa_supplicant/.gitignore | 1 + wpa_supplicant/Android.mk | 1624 ++++ wpa_supplicant/ChangeLog | 2071 +++++ wpa_supplicant/Makefile | 1770 ++++ wpa_supplicant/README | 1054 +++ wpa_supplicant/README-HS20 | 566 ++ wpa_supplicant/README-P2P | 844 ++ wpa_supplicant/README-WPS | 399 + wpa_supplicant/README-Windows.txt | 299 + wpa_supplicant/android.config | 479 + wpa_supplicant/ap.c | 1339 +++ wpa_supplicant/ap.h | 96 + wpa_supplicant/autoscan.c | 143 + wpa_supplicant/autoscan.h | 49 + wpa_supplicant/autoscan_exponential.c | 104 + wpa_supplicant/autoscan_periodic.c | 85 + wpa_supplicant/bgscan.c | 117 + wpa_supplicant/bgscan.h | 73 + wpa_supplicant/bgscan_learn.c | 617 ++ wpa_supplicant/bgscan_simple.c | 283 + wpa_supplicant/blacklist.c | 141 + wpa_supplicant/blacklist.h | 24 + wpa_supplicant/bss.c | 1242 +++ wpa_supplicant/bss.h | 150 + wpa_supplicant/config.c | 4300 +++++++++ wpa_supplicant/config.h | 1258 +++ wpa_supplicant/config_file.c | 1366 +++ wpa_supplicant/config_none.c | 56 + wpa_supplicant/config_ssid.h | 717 ++ wpa_supplicant/config_winreg.c | 1032 +++ wpa_supplicant/ctrl_iface.c | 8991 +++++++++++++++++++ wpa_supplicant/ctrl_iface.h | 159 + wpa_supplicant/ctrl_iface_named_pipe.c | 829 ++ wpa_supplicant/ctrl_iface_udp.c | 689 ++ wpa_supplicant/ctrl_iface_unix.c | 1120 +++ wpa_supplicant/dbus/.gitignore | 1 + wpa_supplicant/dbus/Makefile | 73 + wpa_supplicant/dbus/dbus-wpa_supplicant.conf | 27 + wpa_supplicant/dbus/dbus_common.c | 380 + wpa_supplicant/dbus/dbus_common.h | 20 + wpa_supplicant/dbus/dbus_common_i.h | 28 + wpa_supplicant/dbus/dbus_dict_helpers.c | 1135 +++ wpa_supplicant/dbus/dbus_dict_helpers.h | 167 + wpa_supplicant/dbus/dbus_new.c | 3825 ++++++++ wpa_supplicant/dbus/dbus_new.h | 524 ++ wpa_supplicant/dbus/dbus_new_handlers.c | 4147 +++++++++ wpa_supplicant/dbus/dbus_new_handlers.h | 329 + wpa_supplicant/dbus/dbus_new_handlers_p2p.c | 2717 ++++++ wpa_supplicant/dbus/dbus_new_handlers_p2p.h | 225 + wpa_supplicant/dbus/dbus_new_handlers_wps.c | 434 + wpa_supplicant/dbus/dbus_new_helpers.c | 1017 +++ wpa_supplicant/dbus/dbus_new_helpers.h | 148 + wpa_supplicant/dbus/dbus_new_introspect.c | 286 + wpa_supplicant/dbus/dbus_old.c | 745 ++ wpa_supplicant/dbus/dbus_old.h | 142 + wpa_supplicant/dbus/dbus_old_handlers.c | 1398 +++ wpa_supplicant/dbus/dbus_old_handlers.h | 101 + wpa_supplicant/dbus/dbus_old_handlers_wps.c | 152 + .../fi.epitest.hostap.WPASupplicant.service.in | 5 + .../dbus/fi.w1.wpa_supplicant1.service.in | 5 + wpa_supplicant/defconfig | 497 ++ wpa_supplicant/doc/docbook/.gitignore | 6 + wpa_supplicant/doc/docbook/Makefile | 28 + wpa_supplicant/doc/docbook/eapol_test.sgml | 205 + wpa_supplicant/doc/docbook/wpa_background.sgml | 101 + wpa_supplicant/doc/docbook/wpa_cli.sgml | 356 + wpa_supplicant/doc/docbook/wpa_gui.sgml | 85 + wpa_supplicant/doc/docbook/wpa_passphrase.sgml | 73 + wpa_supplicant/doc/docbook/wpa_priv.sgml | 148 + .../doc/docbook/wpa_supplicant.conf.sgml | 239 + wpa_supplicant/doc/docbook/wpa_supplicant.sgml | 747 ++ wpa_supplicant/driver_i.h | 893 ++ wpa_supplicant/eap_proxy_dummy.mak | 0 wpa_supplicant/eap_proxy_dummy.mk | 0 wpa_supplicant/eap_register.c | 261 + wpa_supplicant/eap_testing.txt | 392 + wpa_supplicant/eapol_test.c | 1448 +++ wpa_supplicant/events.c | 3664 ++++++++ wpa_supplicant/examples/60_wpa_supplicant | 19 + wpa_supplicant/examples/dbus-listen-preq.py | 62 + wpa_supplicant/examples/ieee8021x.conf | 13 + wpa_supplicant/examples/openCryptoki.conf | 41 + wpa_supplicant/examples/p2p-action-udhcp.sh | 69 + wpa_supplicant/examples/p2p-action.sh | 96 + wpa_supplicant/examples/p2p-nfc.py | 654 ++ wpa_supplicant/examples/p2p/p2p_connect.py | 299 + wpa_supplicant/examples/p2p/p2p_disconnect.py | 169 + wpa_supplicant/examples/p2p/p2p_find.py | 192 + wpa_supplicant/examples/p2p/p2p_flush.py | 168 + wpa_supplicant/examples/p2p/p2p_group_add.py | 222 + wpa_supplicant/examples/p2p/p2p_invite.py | 201 + wpa_supplicant/examples/p2p/p2p_listen.py | 182 + wpa_supplicant/examples/p2p/p2p_stop_find.py | 174 + wpa_supplicant/examples/plaintext.conf | 8 + wpa_supplicant/examples/udhcpd-p2p.conf | 120 + wpa_supplicant/examples/wep.conf | 11 + wpa_supplicant/examples/wpa-psk-tkip.conf | 12 + wpa_supplicant/examples/wpa2-eap-ccmp.conf | 15 + wpa_supplicant/examples/wpas-dbus-new-getall.py | 59 + wpa_supplicant/examples/wpas-dbus-new-signals.py | 203 + wpa_supplicant/examples/wpas-dbus-new-wps.py | 80 + wpa_supplicant/examples/wpas-dbus-new.py | 149 + wpa_supplicant/examples/wpas-test.py | 91 + wpa_supplicant/examples/wps-ap-cli | 81 + wpa_supplicant/examples/wps-nfc.py | 525 ++ wpa_supplicant/gas_query.c | 719 ++ wpa_supplicant/gas_query.h | 59 + wpa_supplicant/hs20_supplicant.c | 1007 +++ wpa_supplicant/hs20_supplicant.h | 41 + wpa_supplicant/ibss_rsn.c | 916 ++ wpa_supplicant/ibss_rsn.h | 64 + wpa_supplicant/interworking.c | 3055 +++++++ wpa_supplicant/interworking.h | 36 + wpa_supplicant/main.c | 345 + wpa_supplicant/main_none.c | 40 + wpa_supplicant/main_winmain.c | 78 + wpa_supplicant/main_winsvc.c | 458 + wpa_supplicant/mesh.c | 540 ++ wpa_supplicant/mesh.h | 44 + wpa_supplicant/mesh_mpm.c | 1059 +++ wpa_supplicant/mesh_mpm.h | 43 + wpa_supplicant/mesh_rsn.c | 574 ++ wpa_supplicant/mesh_rsn.h | 36 + wpa_supplicant/nfc_pw_token.c | 83 + wpa_supplicant/nmake.mak | 240 + wpa_supplicant/notify.c | 785 ++ wpa_supplicant/notify.h | 137 + wpa_supplicant/offchannel.c | 447 + wpa_supplicant/offchannel.h | 35 + wpa_supplicant/p2p_supplicant.c | 9298 ++++++++++++++++++++ wpa_supplicant/p2p_supplicant.h | 316 + wpa_supplicant/preauth_test.c | 360 + wpa_supplicant/scan.c | 2428 +++++ wpa_supplicant/scan.h | 58 + wpa_supplicant/sme.c | 1616 ++++ wpa_supplicant/sme.h | 118 + .../systemd/wpa_supplicant-nl80211.service.arg.in | 13 + .../systemd/wpa_supplicant-wired.service.arg.in | 13 + .../systemd/wpa_supplicant.service.arg.in | 13 + wpa_supplicant/systemd/wpa_supplicant.service.in | 11 + wpa_supplicant/tests/link_test.c | 83 + wpa_supplicant/tests/test_eap_sim_common.c | 47 + wpa_supplicant/tests/test_wpa.c | 369 + wpa_supplicant/todo.txt | 78 + wpa_supplicant/utils/log2pcap.py | 54 + wpa_supplicant/vs2005/eapol_test/eapol_test.vcproj | 473 + .../vs2005/win_if_list/win_if_list.vcproj | 203 + wpa_supplicant/vs2005/wpa_cli/wpa_cli.vcproj | 215 + .../vs2005/wpa_passphrase/wpa_passphrase.vcproj | 236 + wpa_supplicant/vs2005/wpa_supplicant.sln | 52 + .../vs2005/wpa_supplicant/wpa_supplicant.vcproj | 461 + wpa_supplicant/vs2005/wpasvc/wpasvc.vcproj | 461 + wpa_supplicant/wifi_display.c | 418 + wpa_supplicant/wifi_display.h | 24 + wpa_supplicant/win_example.reg | 42 + wpa_supplicant/win_if_list.c | 173 + wpa_supplicant/wmm_ac.c | 995 +++ wpa_supplicant/wmm_ac.h | 176 + wpa_supplicant/wnm_sta.c | 1148 +++ wpa_supplicant/wnm_sta.h | 77 + wpa_supplicant/wpa_cli.c | 4088 +++++++++ wpa_supplicant/wpa_gui-qt4/.gitignore | 4 + wpa_supplicant/wpa_gui-qt4/addinterface.cpp | 239 + wpa_supplicant/wpa_gui-qt4/addinterface.h | 39 + wpa_supplicant/wpa_gui-qt4/eventhistory.cpp | 124 + wpa_supplicant/wpa_gui-qt4/eventhistory.h | 57 + wpa_supplicant/wpa_gui-qt4/eventhistory.ui | 61 + wpa_supplicant/wpa_gui-qt4/icons.qrc | 9 + wpa_supplicant/wpa_gui-qt4/icons/Makefile | 23 + wpa_supplicant/wpa_gui-qt4/icons/README | 74 + wpa_supplicant/wpa_gui-qt4/icons/ap.svg | 832 ++ wpa_supplicant/wpa_gui-qt4/icons/group.svg | 616 ++ wpa_supplicant/wpa_gui-qt4/icons/invitation.svg | 374 + wpa_supplicant/wpa_gui-qt4/icons/laptop.svg | 1568 ++++ wpa_supplicant/wpa_gui-qt4/icons/wpa_gui.svg | 256 + wpa_supplicant/wpa_gui-qt4/icons_png.qrc | 9 + wpa_supplicant/wpa_gui-qt4/lang/.gitignore | 1 + wpa_supplicant/wpa_gui-qt4/lang/wpa_gui_de.ts | 1262 +++ wpa_supplicant/wpa_gui-qt4/main.cpp | 76 + wpa_supplicant/wpa_gui-qt4/networkconfig.cpp | 852 ++ wpa_supplicant/wpa_gui-qt4/networkconfig.h | 55 + wpa_supplicant/wpa_gui-qt4/networkconfig.ui | 435 + wpa_supplicant/wpa_gui-qt4/peers.cpp | 1883 ++++ wpa_supplicant/wpa_gui-qt4/peers.h | 90 + wpa_supplicant/wpa_gui-qt4/peers.ui | 40 + wpa_supplicant/wpa_gui-qt4/scanresults.cpp | 141 + wpa_supplicant/wpa_gui-qt4/scanresults.h | 40 + wpa_supplicant/wpa_gui-qt4/scanresults.ui | 94 + wpa_supplicant/wpa_gui-qt4/scanresultsitem.cpp | 18 + wpa_supplicant/wpa_gui-qt4/scanresultsitem.h | 21 + wpa_supplicant/wpa_gui-qt4/signalbar.cpp | 58 + wpa_supplicant/wpa_gui-qt4/signalbar.h | 28 + wpa_supplicant/wpa_gui-qt4/stringquery.cpp | 31 + wpa_supplicant/wpa_gui-qt4/stringquery.h | 28 + wpa_supplicant/wpa_gui-qt4/userdatarequest.cpp | 94 + wpa_supplicant/wpa_gui-qt4/userdatarequest.h | 40 + wpa_supplicant/wpa_gui-qt4/userdatarequest.ui | 109 + wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop | 10 + wpa_supplicant/wpa_gui-qt4/wpa_gui.pro | 72 + wpa_supplicant/wpa_gui-qt4/wpagui.cpp | 1748 ++++ wpa_supplicant/wpa_gui-qt4/wpagui.h | 146 + wpa_supplicant/wpa_gui-qt4/wpagui.ui | 524 ++ wpa_supplicant/wpa_gui-qt4/wpamsg.h | 35 + wpa_supplicant/wpa_passphrase.c | 67 + wpa_supplicant/wpa_priv.c | 1033 +++ wpa_supplicant/wpa_supplicant.c | 5545 ++++++++++++ wpa_supplicant/wpa_supplicant.conf | 1521 ++++ wpa_supplicant/wpa_supplicant_conf.mk | 34 + wpa_supplicant/wpa_supplicant_conf.sh | 16 + wpa_supplicant/wpa_supplicant_i.h | 1143 +++ wpa_supplicant/wpa_supplicant_template.conf | 6 + wpa_supplicant/wpas_glue.c | 1114 +++ wpa_supplicant/wpas_glue.h | 25 + wpa_supplicant/wpas_kay.c | 378 + wpa_supplicant/wpas_kay.h | 41 + wpa_supplicant/wpas_module_tests.c | 108 + wpa_supplicant/wps_supplicant.c | 2848 ++++++ wpa_supplicant/wps_supplicant.h | 151 + 813 files changed, 417511 insertions(+) create mode 100644 CONTRIBUTIONS create mode 100644 COPYING create mode 100644 README create mode 100644 hostapd/Android.mk create mode 100644 hostapd/ChangeLog create mode 100644 hostapd/Makefile create mode 100644 hostapd/README create mode 100644 hostapd/README-WPS create mode 100644 hostapd/android.config create mode 100644 hostapd/config_file.c create mode 100644 hostapd/config_file.h create mode 100644 hostapd/ctrl_iface.c create mode 100644 hostapd/ctrl_iface.h create mode 100644 hostapd/defconfig create mode 100644 hostapd/eap_register.c create mode 100644 hostapd/eap_register.h create mode 100644 hostapd/eap_testing.txt create mode 100644 hostapd/hapd_module_tests.c create mode 100644 hostapd/hlr_auc_gw.c create mode 100644 hostapd/hlr_auc_gw.milenage_db create mode 100644 hostapd/hlr_auc_gw.txt create mode 100644 hostapd/hostapd.8 create mode 100644 hostapd/hostapd.accept create mode 100644 hostapd/hostapd.conf create mode 100644 hostapd/hostapd.deny create mode 100644 hostapd/hostapd.eap_user create mode 100644 hostapd/hostapd.eap_user_sqlite create mode 100644 hostapd/hostapd.radius_clients create mode 100644 hostapd/hostapd.sim_db create mode 100644 hostapd/hostapd.vlan create mode 100644 hostapd/hostapd.wpa_psk create mode 100644 hostapd/hostapd_cli.1 create mode 100644 hostapd/hostapd_cli.c create mode 100644 hostapd/logwatch/README create mode 100755 hostapd/logwatch/hostapd create mode 100644 hostapd/logwatch/hostapd.conf create mode 100644 hostapd/main.c create mode 100644 hostapd/nt_password_hash.c create mode 100644 hostapd/wired.conf create mode 100755 hostapd/wps-ap-nfc.py create mode 100644 hs20/client/Android.mk create mode 100644 hs20/client/Makefile create mode 100644 hs20/client/devdetail.xml create mode 100644 hs20/client/devinfo.xml create mode 100644 hs20/client/est.c create mode 100644 hs20/client/oma_dm_client.c create mode 100644 hs20/client/osu_client.c create mode 100644 hs20/client/osu_client.h create mode 100644 hs20/client/spp_client.c create mode 100644 hs20/server/Makefile create mode 100755 hs20/server/ca/clean.sh create mode 100644 hs20/server/ca/est-csrattrs.cnf create mode 100755 hs20/server/ca/est-csrattrs.sh create mode 100644 hs20/server/ca/hs20.oid create mode 100755 hs20/server/ca/ocsp-req.sh create mode 100755 hs20/server/ca/ocsp-responder-ica.sh create mode 100755 hs20/server/ca/ocsp-responder.sh create mode 100755 hs20/server/ca/ocsp-update-cache.sh create mode 100644 hs20/server/ca/openssl-root.cnf create mode 100644 hs20/server/ca/openssl.cnf create mode 100755 hs20/server/ca/setup.sh create mode 100644 hs20/server/ca/w1fi_logo.png create mode 100644 hs20/server/hs20-osu-server.txt create mode 100644 hs20/server/hs20_spp_server.c create mode 100644 hs20/server/spp_server.c create mode 100644 hs20/server/spp_server.h create mode 100644 hs20/server/sql-example.txt create mode 100644 hs20/server/sql.txt create mode 100644 hs20/server/www/add-free.php create mode 100644 hs20/server/www/add-mo.php create mode 100644 hs20/server/www/cert-enroll.php create mode 100644 hs20/server/www/config.php create mode 100644 hs20/server/www/est.php create mode 100644 hs20/server/www/free-remediation.php create mode 100644 hs20/server/www/free.php create mode 100644 hs20/server/www/redirect.php create mode 100644 hs20/server/www/remediation.php create mode 100644 hs20/server/www/signup.php create mode 100644 hs20/server/www/spp.php create mode 100644 hs20/server/www/users.php create mode 100644 patches/openssl-0.9.8za-tls-extensions.patch create mode 100644 src/Makefile create mode 100644 src/ap/Makefile create mode 100644 src/ap/accounting.c create mode 100644 src/ap/accounting.h create mode 100644 src/ap/acs.c create mode 100644 src/ap/acs.h create mode 100644 src/ap/ap_config.c create mode 100644 src/ap/ap_config.h create mode 100644 src/ap/ap_drv_ops.c create mode 100644 src/ap/ap_drv_ops.h create mode 100644 src/ap/ap_list.c create mode 100644 src/ap/ap_list.h create mode 100644 src/ap/ap_mlme.c create mode 100644 src/ap/ap_mlme.h create mode 100644 src/ap/authsrv.c create mode 100644 src/ap/authsrv.h create mode 100644 src/ap/beacon.c create mode 100644 src/ap/beacon.h create mode 100644 src/ap/bss_load.c create mode 100644 src/ap/bss_load.h create mode 100644 src/ap/ctrl_iface_ap.c create mode 100644 src/ap/ctrl_iface_ap.h create mode 100644 src/ap/dfs.c create mode 100644 src/ap/dfs.h create mode 100644 src/ap/dhcp_snoop.c create mode 100644 src/ap/dhcp_snoop.h create mode 100644 src/ap/drv_callbacks.c create mode 100644 src/ap/eap_user_db.c create mode 100644 src/ap/gas_serv.c create mode 100644 src/ap/gas_serv.h create mode 100644 src/ap/hostapd.c create mode 100644 src/ap/hostapd.h create mode 100644 src/ap/hs20.c create mode 100644 src/ap/hs20.h create mode 100644 src/ap/hw_features.c create mode 100644 src/ap/hw_features.h create mode 100644 src/ap/iapp.c create mode 100644 src/ap/iapp.h create mode 100644 src/ap/ieee802_11.c create mode 100644 src/ap/ieee802_11.h create mode 100644 src/ap/ieee802_11_auth.c create mode 100644 src/ap/ieee802_11_auth.h create mode 100644 src/ap/ieee802_11_ht.c create mode 100644 src/ap/ieee802_11_shared.c create mode 100644 src/ap/ieee802_11_vht.c create mode 100644 src/ap/ieee802_1x.c create mode 100644 src/ap/ieee802_1x.h create mode 100644 src/ap/ndisc_snoop.c create mode 100644 src/ap/ndisc_snoop.h create mode 100644 src/ap/p2p_hostapd.c create mode 100644 src/ap/p2p_hostapd.h create mode 100644 src/ap/peerkey_auth.c create mode 100644 src/ap/pmksa_cache_auth.c create mode 100644 src/ap/pmksa_cache_auth.h create mode 100644 src/ap/preauth_auth.c create mode 100644 src/ap/preauth_auth.h create mode 100644 src/ap/sta_info.c create mode 100644 src/ap/sta_info.h create mode 100644 src/ap/tkip_countermeasures.c create mode 100644 src/ap/tkip_countermeasures.h create mode 100644 src/ap/utils.c create mode 100644 src/ap/vlan_init.c create mode 100644 src/ap/vlan_init.h create mode 100644 src/ap/vlan_util.c create mode 100644 src/ap/vlan_util.h create mode 100644 src/ap/wmm.c create mode 100644 src/ap/wmm.h create mode 100644 src/ap/wnm_ap.c create mode 100644 src/ap/wnm_ap.h create mode 100644 src/ap/wpa_auth.c create mode 100644 src/ap/wpa_auth.h create mode 100644 src/ap/wpa_auth_ft.c create mode 100644 src/ap/wpa_auth_glue.c create mode 100644 src/ap/wpa_auth_glue.h create mode 100644 src/ap/wpa_auth_i.h create mode 100644 src/ap/wpa_auth_ie.c create mode 100644 src/ap/wpa_auth_ie.h create mode 100644 src/ap/wps_hostapd.c create mode 100644 src/ap/wps_hostapd.h create mode 100644 src/ap/x_snoop.c create mode 100644 src/ap/x_snoop.h create mode 100644 src/common/Makefile create mode 100644 src/common/common_module_tests.c create mode 100644 src/common/defs.h create mode 100644 src/common/eapol_common.h create mode 100644 src/common/gas.c create mode 100644 src/common/gas.h create mode 100644 src/common/hw_features_common.c create mode 100644 src/common/hw_features_common.h create mode 100644 src/common/ieee802_11_common.c create mode 100644 src/common/ieee802_11_common.h create mode 100644 src/common/ieee802_11_defs.h create mode 100644 src/common/ieee802_1x_defs.h create mode 100644 src/common/privsep_commands.h create mode 100644 src/common/qca-vendor-attr.h create mode 100644 src/common/qca-vendor.h create mode 100644 src/common/sae.c create mode 100644 src/common/sae.h create mode 100644 src/common/tnc.h create mode 100644 src/common/version.h create mode 100644 src/common/wpa_common.c create mode 100644 src/common/wpa_common.h create mode 100644 src/common/wpa_ctrl.c create mode 100644 src/common/wpa_ctrl.h create mode 100644 src/common/wpa_helpers.c create mode 100644 src/common/wpa_helpers.h create mode 100644 src/crypto/.gitignore create mode 100644 src/crypto/Makefile create mode 100644 src/crypto/aes-cbc.c create mode 100644 src/crypto/aes-ccm.c create mode 100644 src/crypto/aes-ctr.c create mode 100644 src/crypto/aes-eax.c create mode 100644 src/crypto/aes-encblock.c create mode 100644 src/crypto/aes-gcm.c create mode 100644 src/crypto/aes-internal-dec.c create mode 100644 src/crypto/aes-internal-enc.c create mode 100644 src/crypto/aes-internal.c create mode 100644 src/crypto/aes-omac1.c create mode 100644 src/crypto/aes-siv.c create mode 100644 src/crypto/aes-unwrap.c create mode 100644 src/crypto/aes-wrap.c create mode 100644 src/crypto/aes.h create mode 100644 src/crypto/aes_i.h create mode 100644 src/crypto/aes_siv.h create mode 100644 src/crypto/aes_wrap.h create mode 100644 src/crypto/crypto.h create mode 100644 src/crypto/crypto_cryptoapi.c create mode 100644 src/crypto/crypto_gnutls.c create mode 100644 src/crypto/crypto_internal-cipher.c create mode 100644 src/crypto/crypto_internal-modexp.c create mode 100644 src/crypto/crypto_internal-rsa.c create mode 100644 src/crypto/crypto_internal.c create mode 100644 src/crypto/crypto_libtomcrypt.c create mode 100644 src/crypto/crypto_module_tests.c create mode 100644 src/crypto/crypto_none.c create mode 100644 src/crypto/crypto_openssl.c create mode 100644 src/crypto/des-internal.c create mode 100644 src/crypto/des_i.h create mode 100644 src/crypto/dh_group5.c create mode 100644 src/crypto/dh_group5.h create mode 100644 src/crypto/dh_groups.c create mode 100644 src/crypto/dh_groups.h create mode 100644 src/crypto/fips_prf_internal.c create mode 100644 src/crypto/fips_prf_openssl.c create mode 100644 src/crypto/md4-internal.c create mode 100644 src/crypto/md5-internal.c create mode 100644 src/crypto/md5.c create mode 100644 src/crypto/md5.h create mode 100644 src/crypto/md5_i.h create mode 100644 src/crypto/milenage.c create mode 100644 src/crypto/milenage.h create mode 100644 src/crypto/ms_funcs.c create mode 100644 src/crypto/ms_funcs.h create mode 100644 src/crypto/random.c create mode 100644 src/crypto/random.h create mode 100644 src/crypto/rc4.c create mode 100644 src/crypto/sha1-internal.c create mode 100644 src/crypto/sha1-pbkdf2.c create mode 100644 src/crypto/sha1-prf.c create mode 100644 src/crypto/sha1-tlsprf.c create mode 100644 src/crypto/sha1-tprf.c create mode 100644 src/crypto/sha1.c create mode 100644 src/crypto/sha1.h create mode 100644 src/crypto/sha1_i.h create mode 100644 src/crypto/sha256-internal.c create mode 100644 src/crypto/sha256-kdf.c create mode 100644 src/crypto/sha256-prf.c create mode 100644 src/crypto/sha256-tlsprf.c create mode 100644 src/crypto/sha256.c create mode 100644 src/crypto/sha256.h create mode 100644 src/crypto/sha256_i.h create mode 100644 src/crypto/sha384.h create mode 100644 src/crypto/tls.h create mode 100644 src/crypto/tls_gnutls.c create mode 100644 src/crypto/tls_internal.c create mode 100644 src/crypto/tls_none.c create mode 100644 src/crypto/tls_openssl.c create mode 100644 src/crypto/tls_schannel.c create mode 100644 src/drivers/.gitignore create mode 100644 src/drivers/Makefile create mode 100644 src/drivers/android_drv.h create mode 100644 src/drivers/driver.h create mode 100644 src/drivers/driver_atheros.c create mode 100644 src/drivers/driver_bsd.c create mode 100644 src/drivers/driver_common.c create mode 100644 src/drivers/driver_hostap.c create mode 100644 src/drivers/driver_hostap.h create mode 100644 src/drivers/driver_macsec_qca.c create mode 100644 src/drivers/driver_ndis.c create mode 100644 src/drivers/driver_ndis.h create mode 100644 src/drivers/driver_ndis_.c create mode 100644 src/drivers/driver_nl80211.c create mode 100644 src/drivers/driver_nl80211.h create mode 100644 src/drivers/driver_nl80211_android.c create mode 100644 src/drivers/driver_nl80211_capa.c create mode 100644 src/drivers/driver_nl80211_event.c create mode 100644 src/drivers/driver_nl80211_monitor.c create mode 100644 src/drivers/driver_nl80211_scan.c create mode 100644 src/drivers/driver_none.c create mode 100644 src/drivers/driver_openbsd.c create mode 100644 src/drivers/driver_privsep.c create mode 100644 src/drivers/driver_roboswitch.c create mode 100644 src/drivers/driver_wext.c create mode 100644 src/drivers/driver_wext.h create mode 100644 src/drivers/driver_wired.c create mode 100644 src/drivers/drivers.c create mode 100644 src/drivers/drivers.mak create mode 100644 src/drivers/drivers.mk create mode 100644 src/drivers/linux_defines.h create mode 100644 src/drivers/linux_ioctl.c create mode 100644 src/drivers/linux_ioctl.h create mode 100644 src/drivers/linux_wext.h create mode 100644 src/drivers/ndis_events.c create mode 100644 src/drivers/netlink.c create mode 100644 src/drivers/netlink.h create mode 100644 src/drivers/nl80211_copy.h create mode 100644 src/drivers/priv_netlink.h create mode 100644 src/drivers/rfkill.c create mode 100644 src/drivers/rfkill.h create mode 100644 src/eap_common/Makefile create mode 100644 src/eap_common/chap.c create mode 100644 src/eap_common/chap.h create mode 100644 src/eap_common/eap_common.c create mode 100644 src/eap_common/eap_common.h create mode 100644 src/eap_common/eap_defs.h create mode 100644 src/eap_common/eap_eke_common.c create mode 100644 src/eap_common/eap_eke_common.h create mode 100644 src/eap_common/eap_fast_common.c create mode 100644 src/eap_common/eap_fast_common.h create mode 100644 src/eap_common/eap_gpsk_common.c create mode 100644 src/eap_common/eap_gpsk_common.h create mode 100644 src/eap_common/eap_ikev2_common.c create mode 100644 src/eap_common/eap_ikev2_common.h create mode 100644 src/eap_common/eap_pax_common.c create mode 100644 src/eap_common/eap_pax_common.h create mode 100644 src/eap_common/eap_peap_common.c create mode 100644 src/eap_common/eap_peap_common.h create mode 100644 src/eap_common/eap_psk_common.c create mode 100644 src/eap_common/eap_psk_common.h create mode 100644 src/eap_common/eap_pwd_common.c create mode 100644 src/eap_common/eap_pwd_common.h create mode 100644 src/eap_common/eap_sake_common.c create mode 100644 src/eap_common/eap_sake_common.h create mode 100644 src/eap_common/eap_sim_common.c create mode 100644 src/eap_common/eap_sim_common.h create mode 100644 src/eap_common/eap_tlv_common.h create mode 100644 src/eap_common/eap_ttls.h create mode 100644 src/eap_common/eap_wsc_common.c create mode 100644 src/eap_common/eap_wsc_common.h create mode 100644 src/eap_common/ikev2_common.c create mode 100644 src/eap_common/ikev2_common.h create mode 100644 src/eap_peer/Makefile create mode 100644 src/eap_peer/eap.c create mode 100644 src/eap_peer/eap.h create mode 100644 src/eap_peer/eap_aka.c create mode 100644 src/eap_peer/eap_config.h create mode 100644 src/eap_peer/eap_eke.c create mode 100644 src/eap_peer/eap_fast.c create mode 100644 src/eap_peer/eap_fast_pac.c create mode 100644 src/eap_peer/eap_fast_pac.h create mode 100644 src/eap_peer/eap_gpsk.c create mode 100644 src/eap_peer/eap_gtc.c create mode 100644 src/eap_peer/eap_i.h create mode 100644 src/eap_peer/eap_ikev2.c create mode 100644 src/eap_peer/eap_leap.c create mode 100644 src/eap_peer/eap_md5.c create mode 100644 src/eap_peer/eap_methods.c create mode 100644 src/eap_peer/eap_methods.h create mode 100644 src/eap_peer/eap_mschapv2.c create mode 100644 src/eap_peer/eap_otp.c create mode 100644 src/eap_peer/eap_pax.c create mode 100644 src/eap_peer/eap_peap.c create mode 100644 src/eap_peer/eap_proxy.h create mode 100644 src/eap_peer/eap_proxy_dummy.c create mode 100644 src/eap_peer/eap_psk.c create mode 100644 src/eap_peer/eap_pwd.c create mode 100644 src/eap_peer/eap_sake.c create mode 100644 src/eap_peer/eap_sim.c create mode 100644 src/eap_peer/eap_tls.c create mode 100644 src/eap_peer/eap_tls_common.c create mode 100644 src/eap_peer/eap_tls_common.h create mode 100644 src/eap_peer/eap_tnc.c create mode 100644 src/eap_peer/eap_ttls.c create mode 100644 src/eap_peer/eap_vendor_test.c create mode 100644 src/eap_peer/eap_wsc.c create mode 100644 src/eap_peer/ikev2.c create mode 100644 src/eap_peer/ikev2.h create mode 100644 src/eap_peer/mschapv2.c create mode 100644 src/eap_peer/mschapv2.h create mode 100644 src/eap_peer/tncc.c create mode 100644 src/eap_peer/tncc.h create mode 100644 src/eap_server/Makefile create mode 100644 src/eap_server/eap.h create mode 100644 src/eap_server/eap_i.h create mode 100644 src/eap_server/eap_methods.h create mode 100644 src/eap_server/eap_server.c create mode 100644 src/eap_server/eap_server_aka.c create mode 100644 src/eap_server/eap_server_eke.c create mode 100644 src/eap_server/eap_server_fast.c create mode 100644 src/eap_server/eap_server_gpsk.c create mode 100644 src/eap_server/eap_server_gtc.c create mode 100644 src/eap_server/eap_server_identity.c create mode 100644 src/eap_server/eap_server_ikev2.c create mode 100644 src/eap_server/eap_server_md5.c create mode 100644 src/eap_server/eap_server_methods.c create mode 100644 src/eap_server/eap_server_mschapv2.c create mode 100644 src/eap_server/eap_server_pax.c create mode 100644 src/eap_server/eap_server_peap.c create mode 100644 src/eap_server/eap_server_psk.c create mode 100644 src/eap_server/eap_server_pwd.c create mode 100644 src/eap_server/eap_server_sake.c create mode 100644 src/eap_server/eap_server_sim.c create mode 100644 src/eap_server/eap_server_tls.c create mode 100644 src/eap_server/eap_server_tls_common.c create mode 100644 src/eap_server/eap_server_tnc.c create mode 100644 src/eap_server/eap_server_ttls.c create mode 100644 src/eap_server/eap_server_vendor_test.c create mode 100644 src/eap_server/eap_server_wsc.c create mode 100644 src/eap_server/eap_sim_db.c create mode 100644 src/eap_server/eap_sim_db.h create mode 100644 src/eap_server/eap_tls_common.h create mode 100644 src/eap_server/ikev2.c create mode 100644 src/eap_server/ikev2.h create mode 100644 src/eap_server/tncs.c create mode 100644 src/eap_server/tncs.h create mode 100644 src/eapol_auth/Makefile create mode 100644 src/eapol_auth/eapol_auth_dump.c create mode 100644 src/eapol_auth/eapol_auth_sm.c create mode 100644 src/eapol_auth/eapol_auth_sm.h create mode 100644 src/eapol_auth/eapol_auth_sm_i.h create mode 100644 src/eapol_supp/Makefile create mode 100644 src/eapol_supp/eapol_supp_sm.c create mode 100644 src/eapol_supp/eapol_supp_sm.h create mode 100644 src/l2_packet/Makefile create mode 100644 src/l2_packet/l2_packet.h create mode 100644 src/l2_packet/l2_packet_freebsd.c create mode 100644 src/l2_packet/l2_packet_linux.c create mode 100644 src/l2_packet/l2_packet_ndis.c create mode 100644 src/l2_packet/l2_packet_none.c create mode 100644 src/l2_packet/l2_packet_pcap.c create mode 100644 src/l2_packet/l2_packet_privsep.c create mode 100644 src/l2_packet/l2_packet_winpcap.c create mode 100644 src/lib.rules create mode 100644 src/p2p/Makefile create mode 100644 src/p2p/p2p.c create mode 100644 src/p2p/p2p.h create mode 100644 src/p2p/p2p_build.c create mode 100644 src/p2p/p2p_dev_disc.c create mode 100644 src/p2p/p2p_go_neg.c create mode 100644 src/p2p/p2p_group.c create mode 100644 src/p2p/p2p_i.h create mode 100644 src/p2p/p2p_invitation.c create mode 100644 src/p2p/p2p_parse.c create mode 100644 src/p2p/p2p_pd.c create mode 100644 src/p2p/p2p_sd.c create mode 100644 src/p2p/p2p_utils.c create mode 100644 src/pae/Makefile create mode 100644 src/pae/ieee802_1x_cp.c create mode 100644 src/pae/ieee802_1x_cp.h create mode 100644 src/pae/ieee802_1x_kay.c create mode 100644 src/pae/ieee802_1x_kay.h create mode 100644 src/pae/ieee802_1x_kay_i.h create mode 100644 src/pae/ieee802_1x_key.c create mode 100644 src/pae/ieee802_1x_key.h create mode 100644 src/pae/ieee802_1x_secy_ops.c create mode 100644 src/pae/ieee802_1x_secy_ops.h create mode 100644 src/radius/.gitignore create mode 100644 src/radius/Makefile create mode 100644 src/radius/radius.c create mode 100644 src/radius/radius.h create mode 100644 src/radius/radius_client.c create mode 100644 src/radius/radius_client.h create mode 100644 src/radius/radius_das.c create mode 100644 src/radius/radius_das.h create mode 100644 src/radius/radius_server.c create mode 100644 src/radius/radius_server.h create mode 100644 src/rsn_supp/Makefile create mode 100644 src/rsn_supp/peerkey.c create mode 100644 src/rsn_supp/peerkey.h create mode 100644 src/rsn_supp/pmksa_cache.c create mode 100644 src/rsn_supp/pmksa_cache.h create mode 100644 src/rsn_supp/preauth.c create mode 100644 src/rsn_supp/preauth.h create mode 100644 src/rsn_supp/tdls.c create mode 100644 src/rsn_supp/wpa.c create mode 100644 src/rsn_supp/wpa.h create mode 100644 src/rsn_supp/wpa_ft.c create mode 100644 src/rsn_supp/wpa_i.h create mode 100644 src/rsn_supp/wpa_ie.c create mode 100644 src/rsn_supp/wpa_ie.h create mode 100644 src/tls/.gitignore create mode 100644 src/tls/Makefile create mode 100644 src/tls/asn1.c create mode 100644 src/tls/asn1.h create mode 100644 src/tls/bignum.c create mode 100644 src/tls/bignum.h create mode 100644 src/tls/libtommath.c create mode 100644 src/tls/pkcs1.c create mode 100644 src/tls/pkcs1.h create mode 100644 src/tls/pkcs5.c create mode 100644 src/tls/pkcs5.h create mode 100644 src/tls/pkcs8.c create mode 100644 src/tls/pkcs8.h create mode 100644 src/tls/rsa.c create mode 100644 src/tls/rsa.h create mode 100644 src/tls/tlsv1_client.c create mode 100644 src/tls/tlsv1_client.h create mode 100644 src/tls/tlsv1_client_i.h create mode 100644 src/tls/tlsv1_client_read.c create mode 100644 src/tls/tlsv1_client_write.c create mode 100644 src/tls/tlsv1_common.c create mode 100644 src/tls/tlsv1_common.h create mode 100644 src/tls/tlsv1_cred.c create mode 100644 src/tls/tlsv1_cred.h create mode 100644 src/tls/tlsv1_record.c create mode 100644 src/tls/tlsv1_record.h create mode 100644 src/tls/tlsv1_server.c create mode 100644 src/tls/tlsv1_server.h create mode 100644 src/tls/tlsv1_server_i.h create mode 100644 src/tls/tlsv1_server_read.c create mode 100644 src/tls/tlsv1_server_write.c create mode 100644 src/tls/x509v3.c create mode 100644 src/tls/x509v3.h create mode 100644 src/utils/.gitignore create mode 100644 src/utils/Makefile create mode 100644 src/utils/base64.c create mode 100644 src/utils/base64.h create mode 100644 src/utils/bitfield.c create mode 100644 src/utils/bitfield.h create mode 100644 src/utils/browser-android.c create mode 100644 src/utils/browser-system.c create mode 100644 src/utils/browser-wpadebug.c create mode 100644 src/utils/browser.c create mode 100644 src/utils/browser.h create mode 100644 src/utils/build_config.h create mode 100644 src/utils/common.c create mode 100644 src/utils/common.h create mode 100644 src/utils/edit.c create mode 100644 src/utils/edit.h create mode 100644 src/utils/edit_readline.c create mode 100644 src/utils/edit_simple.c create mode 100644 src/utils/eloop.c create mode 100644 src/utils/eloop.h create mode 100644 src/utils/eloop_win.c create mode 100644 src/utils/ext_password.c create mode 100644 src/utils/ext_password.h create mode 100644 src/utils/ext_password_i.h create mode 100644 src/utils/ext_password_test.c create mode 100644 src/utils/http-utils.h create mode 100644 src/utils/http_curl.c create mode 100644 src/utils/includes.h create mode 100644 src/utils/ip_addr.c create mode 100644 src/utils/ip_addr.h create mode 100644 src/utils/list.h create mode 100644 src/utils/os.h create mode 100644 src/utils/os_internal.c create mode 100644 src/utils/os_none.c create mode 100644 src/utils/os_unix.c create mode 100644 src/utils/os_win32.c create mode 100644 src/utils/pcsc_funcs.c create mode 100644 src/utils/pcsc_funcs.h create mode 100644 src/utils/platform.h create mode 100644 src/utils/radiotap.c create mode 100644 src/utils/radiotap.h create mode 100644 src/utils/radiotap_iter.h create mode 100644 src/utils/state_machine.h create mode 100644 src/utils/trace.c create mode 100644 src/utils/trace.h create mode 100644 src/utils/utils_module_tests.c create mode 100644 src/utils/uuid.c create mode 100644 src/utils/uuid.h create mode 100644 src/utils/wpa_debug.c create mode 100644 src/utils/wpa_debug.h create mode 100644 src/utils/wpabuf.c create mode 100644 src/utils/wpabuf.h create mode 100644 src/utils/xml-utils.c create mode 100644 src/utils/xml-utils.h create mode 100644 src/utils/xml_libxml2.c create mode 100644 src/wps/Makefile create mode 100644 src/wps/http.h create mode 100644 src/wps/http_client.c create mode 100644 src/wps/http_client.h create mode 100644 src/wps/http_server.c create mode 100644 src/wps/http_server.h create mode 100644 src/wps/httpread.c create mode 100644 src/wps/httpread.h create mode 100644 src/wps/ndef.c create mode 100644 src/wps/upnp_xml.c create mode 100644 src/wps/upnp_xml.h create mode 100644 src/wps/wps.c create mode 100644 src/wps/wps.h create mode 100644 src/wps/wps_attr_build.c create mode 100644 src/wps/wps_attr_parse.c create mode 100644 src/wps/wps_attr_parse.h create mode 100644 src/wps/wps_attr_process.c create mode 100644 src/wps/wps_common.c create mode 100644 src/wps/wps_defs.h create mode 100644 src/wps/wps_dev_attr.c create mode 100644 src/wps/wps_dev_attr.h create mode 100644 src/wps/wps_enrollee.c create mode 100644 src/wps/wps_er.c create mode 100644 src/wps/wps_er.h create mode 100644 src/wps/wps_er_ssdp.c create mode 100644 src/wps/wps_i.h create mode 100644 src/wps/wps_module_tests.c create mode 100644 src/wps/wps_registrar.c create mode 100644 src/wps/wps_upnp.c create mode 100644 src/wps/wps_upnp.h create mode 100644 src/wps/wps_upnp_ap.c create mode 100644 src/wps/wps_upnp_event.c create mode 100644 src/wps/wps_upnp_i.h create mode 100644 src/wps/wps_upnp_ssdp.c create mode 100644 src/wps/wps_upnp_web.c create mode 100644 src/wps/wps_validate.c create mode 100644 wpa_supplicant/.gitignore create mode 100644 wpa_supplicant/Android.mk create mode 100644 wpa_supplicant/ChangeLog create mode 100644 wpa_supplicant/Makefile create mode 100644 wpa_supplicant/README create mode 100644 wpa_supplicant/README-HS20 create mode 100644 wpa_supplicant/README-P2P create mode 100644 wpa_supplicant/README-WPS create mode 100644 wpa_supplicant/README-Windows.txt create mode 100644 wpa_supplicant/android.config create mode 100644 wpa_supplicant/ap.c create mode 100644 wpa_supplicant/ap.h create mode 100644 wpa_supplicant/autoscan.c create mode 100644 wpa_supplicant/autoscan.h create mode 100644 wpa_supplicant/autoscan_exponential.c create mode 100644 wpa_supplicant/autoscan_periodic.c create mode 100644 wpa_supplicant/bgscan.c create mode 100644 wpa_supplicant/bgscan.h create mode 100644 wpa_supplicant/bgscan_learn.c create mode 100644 wpa_supplicant/bgscan_simple.c create mode 100644 wpa_supplicant/blacklist.c create mode 100644 wpa_supplicant/blacklist.h create mode 100644 wpa_supplicant/bss.c create mode 100644 wpa_supplicant/bss.h create mode 100644 wpa_supplicant/config.c create mode 100644 wpa_supplicant/config.h create mode 100644 wpa_supplicant/config_file.c create mode 100644 wpa_supplicant/config_none.c create mode 100644 wpa_supplicant/config_ssid.h create mode 100644 wpa_supplicant/config_winreg.c create mode 100644 wpa_supplicant/ctrl_iface.c create mode 100644 wpa_supplicant/ctrl_iface.h create mode 100644 wpa_supplicant/ctrl_iface_named_pipe.c create mode 100644 wpa_supplicant/ctrl_iface_udp.c create mode 100644 wpa_supplicant/ctrl_iface_unix.c create mode 100644 wpa_supplicant/dbus/.gitignore create mode 100644 wpa_supplicant/dbus/Makefile create mode 100644 wpa_supplicant/dbus/dbus-wpa_supplicant.conf create mode 100644 wpa_supplicant/dbus/dbus_common.c create mode 100644 wpa_supplicant/dbus/dbus_common.h create mode 100644 wpa_supplicant/dbus/dbus_common_i.h create mode 100644 wpa_supplicant/dbus/dbus_dict_helpers.c create mode 100644 wpa_supplicant/dbus/dbus_dict_helpers.h create mode 100644 wpa_supplicant/dbus/dbus_new.c create mode 100644 wpa_supplicant/dbus/dbus_new.h create mode 100644 wpa_supplicant/dbus/dbus_new_handlers.c create mode 100644 wpa_supplicant/dbus/dbus_new_handlers.h create mode 100644 wpa_supplicant/dbus/dbus_new_handlers_p2p.c create mode 100644 wpa_supplicant/dbus/dbus_new_handlers_p2p.h create mode 100644 wpa_supplicant/dbus/dbus_new_handlers_wps.c create mode 100644 wpa_supplicant/dbus/dbus_new_helpers.c create mode 100644 wpa_supplicant/dbus/dbus_new_helpers.h create mode 100644 wpa_supplicant/dbus/dbus_new_introspect.c create mode 100644 wpa_supplicant/dbus/dbus_old.c create mode 100644 wpa_supplicant/dbus/dbus_old.h create mode 100644 wpa_supplicant/dbus/dbus_old_handlers.c create mode 100644 wpa_supplicant/dbus/dbus_old_handlers.h create mode 100644 wpa_supplicant/dbus/dbus_old_handlers_wps.c create mode 100644 wpa_supplicant/dbus/fi.epitest.hostap.WPASupplicant.service.in create mode 100644 wpa_supplicant/dbus/fi.w1.wpa_supplicant1.service.in create mode 100644 wpa_supplicant/defconfig create mode 100644 wpa_supplicant/doc/docbook/.gitignore create mode 100644 wpa_supplicant/doc/docbook/Makefile create mode 100644 wpa_supplicant/doc/docbook/eapol_test.sgml create mode 100644 wpa_supplicant/doc/docbook/wpa_background.sgml create mode 100644 wpa_supplicant/doc/docbook/wpa_cli.sgml create mode 100644 wpa_supplicant/doc/docbook/wpa_gui.sgml create mode 100644 wpa_supplicant/doc/docbook/wpa_passphrase.sgml create mode 100644 wpa_supplicant/doc/docbook/wpa_priv.sgml create mode 100644 wpa_supplicant/doc/docbook/wpa_supplicant.conf.sgml create mode 100644 wpa_supplicant/doc/docbook/wpa_supplicant.sgml create mode 100644 wpa_supplicant/driver_i.h create mode 100644 wpa_supplicant/eap_proxy_dummy.mak create mode 100644 wpa_supplicant/eap_proxy_dummy.mk create mode 100644 wpa_supplicant/eap_register.c create mode 100644 wpa_supplicant/eap_testing.txt create mode 100644 wpa_supplicant/eapol_test.c create mode 100644 wpa_supplicant/events.c create mode 100755 wpa_supplicant/examples/60_wpa_supplicant create mode 100755 wpa_supplicant/examples/dbus-listen-preq.py create mode 100644 wpa_supplicant/examples/ieee8021x.conf create mode 100644 wpa_supplicant/examples/openCryptoki.conf create mode 100755 wpa_supplicant/examples/p2p-action-udhcp.sh create mode 100755 wpa_supplicant/examples/p2p-action.sh create mode 100755 wpa_supplicant/examples/p2p-nfc.py create mode 100644 wpa_supplicant/examples/p2p/p2p_connect.py create mode 100644 wpa_supplicant/examples/p2p/p2p_disconnect.py create mode 100644 wpa_supplicant/examples/p2p/p2p_find.py create mode 100644 wpa_supplicant/examples/p2p/p2p_flush.py create mode 100644 wpa_supplicant/examples/p2p/p2p_group_add.py create mode 100644 wpa_supplicant/examples/p2p/p2p_invite.py create mode 100644 wpa_supplicant/examples/p2p/p2p_listen.py create mode 100644 wpa_supplicant/examples/p2p/p2p_stop_find.py create mode 100644 wpa_supplicant/examples/plaintext.conf create mode 100644 wpa_supplicant/examples/udhcpd-p2p.conf create mode 100644 wpa_supplicant/examples/wep.conf create mode 100644 wpa_supplicant/examples/wpa-psk-tkip.conf create mode 100644 wpa_supplicant/examples/wpa2-eap-ccmp.conf create mode 100755 wpa_supplicant/examples/wpas-dbus-new-getall.py create mode 100755 wpa_supplicant/examples/wpas-dbus-new-signals.py create mode 100755 wpa_supplicant/examples/wpas-dbus-new-wps.py create mode 100755 wpa_supplicant/examples/wpas-dbus-new.py create mode 100755 wpa_supplicant/examples/wpas-test.py create mode 100755 wpa_supplicant/examples/wps-ap-cli create mode 100755 wpa_supplicant/examples/wps-nfc.py create mode 100644 wpa_supplicant/gas_query.c create mode 100644 wpa_supplicant/gas_query.h create mode 100644 wpa_supplicant/hs20_supplicant.c create mode 100644 wpa_supplicant/hs20_supplicant.h create mode 100644 wpa_supplicant/ibss_rsn.c create mode 100644 wpa_supplicant/ibss_rsn.h create mode 100644 wpa_supplicant/interworking.c create mode 100644 wpa_supplicant/interworking.h create mode 100644 wpa_supplicant/main.c create mode 100644 wpa_supplicant/main_none.c create mode 100644 wpa_supplicant/main_winmain.c create mode 100644 wpa_supplicant/main_winsvc.c create mode 100644 wpa_supplicant/mesh.c create mode 100644 wpa_supplicant/mesh.h create mode 100644 wpa_supplicant/mesh_mpm.c create mode 100644 wpa_supplicant/mesh_mpm.h create mode 100644 wpa_supplicant/mesh_rsn.c create mode 100644 wpa_supplicant/mesh_rsn.h create mode 100644 wpa_supplicant/nfc_pw_token.c create mode 100644 wpa_supplicant/nmake.mak create mode 100644 wpa_supplicant/notify.c create mode 100644 wpa_supplicant/notify.h create mode 100644 wpa_supplicant/offchannel.c create mode 100644 wpa_supplicant/offchannel.h create mode 100644 wpa_supplicant/p2p_supplicant.c create mode 100644 wpa_supplicant/p2p_supplicant.h create mode 100644 wpa_supplicant/preauth_test.c create mode 100644 wpa_supplicant/scan.c create mode 100644 wpa_supplicant/scan.h create mode 100644 wpa_supplicant/sme.c create mode 100644 wpa_supplicant/sme.h create mode 100644 wpa_supplicant/systemd/wpa_supplicant-nl80211.service.arg.in create mode 100644 wpa_supplicant/systemd/wpa_supplicant-wired.service.arg.in create mode 100644 wpa_supplicant/systemd/wpa_supplicant.service.arg.in create mode 100644 wpa_supplicant/systemd/wpa_supplicant.service.in create mode 100644 wpa_supplicant/tests/link_test.c create mode 100644 wpa_supplicant/tests/test_eap_sim_common.c create mode 100644 wpa_supplicant/tests/test_wpa.c create mode 100644 wpa_supplicant/todo.txt create mode 100755 wpa_supplicant/utils/log2pcap.py create mode 100755 wpa_supplicant/vs2005/eapol_test/eapol_test.vcproj create mode 100755 wpa_supplicant/vs2005/win_if_list/win_if_list.vcproj create mode 100755 wpa_supplicant/vs2005/wpa_cli/wpa_cli.vcproj create mode 100755 wpa_supplicant/vs2005/wpa_passphrase/wpa_passphrase.vcproj create mode 100755 wpa_supplicant/vs2005/wpa_supplicant.sln create mode 100755 wpa_supplicant/vs2005/wpa_supplicant/wpa_supplicant.vcproj create mode 100755 wpa_supplicant/vs2005/wpasvc/wpasvc.vcproj create mode 100644 wpa_supplicant/wifi_display.c create mode 100644 wpa_supplicant/wifi_display.h create mode 100755 wpa_supplicant/win_example.reg create mode 100644 wpa_supplicant/win_if_list.c create mode 100644 wpa_supplicant/wmm_ac.c create mode 100644 wpa_supplicant/wmm_ac.h create mode 100644 wpa_supplicant/wnm_sta.c create mode 100644 wpa_supplicant/wnm_sta.h create mode 100644 wpa_supplicant/wpa_cli.c create mode 100644 wpa_supplicant/wpa_gui-qt4/.gitignore create mode 100644 wpa_supplicant/wpa_gui-qt4/addinterface.cpp create mode 100644 wpa_supplicant/wpa_gui-qt4/addinterface.h create mode 100644 wpa_supplicant/wpa_gui-qt4/eventhistory.cpp create mode 100644 wpa_supplicant/wpa_gui-qt4/eventhistory.h create mode 100644 wpa_supplicant/wpa_gui-qt4/eventhistory.ui create mode 100644 wpa_supplicant/wpa_gui-qt4/icons.qrc create mode 100644 wpa_supplicant/wpa_gui-qt4/icons/Makefile create mode 100644 wpa_supplicant/wpa_gui-qt4/icons/README create mode 100644 wpa_supplicant/wpa_gui-qt4/icons/ap.svg create mode 100644 wpa_supplicant/wpa_gui-qt4/icons/group.svg create mode 100644 wpa_supplicant/wpa_gui-qt4/icons/invitation.svg create mode 100644 wpa_supplicant/wpa_gui-qt4/icons/laptop.svg create mode 100644 wpa_supplicant/wpa_gui-qt4/icons/wpa_gui.svg create mode 100644 wpa_supplicant/wpa_gui-qt4/icons_png.qrc create mode 100644 wpa_supplicant/wpa_gui-qt4/lang/.gitignore create mode 100644 wpa_supplicant/wpa_gui-qt4/lang/wpa_gui_de.ts create mode 100644 wpa_supplicant/wpa_gui-qt4/main.cpp create mode 100644 wpa_supplicant/wpa_gui-qt4/networkconfig.cpp create mode 100644 wpa_supplicant/wpa_gui-qt4/networkconfig.h create mode 100644 wpa_supplicant/wpa_gui-qt4/networkconfig.ui create mode 100644 wpa_supplicant/wpa_gui-qt4/peers.cpp create mode 100644 wpa_supplicant/wpa_gui-qt4/peers.h create mode 100644 wpa_supplicant/wpa_gui-qt4/peers.ui create mode 100644 wpa_supplicant/wpa_gui-qt4/scanresults.cpp create mode 100644 wpa_supplicant/wpa_gui-qt4/scanresults.h create mode 100644 wpa_supplicant/wpa_gui-qt4/scanresults.ui create mode 100644 wpa_supplicant/wpa_gui-qt4/scanresultsitem.cpp create mode 100644 wpa_supplicant/wpa_gui-qt4/scanresultsitem.h create mode 100644 wpa_supplicant/wpa_gui-qt4/signalbar.cpp create mode 100644 wpa_supplicant/wpa_gui-qt4/signalbar.h create mode 100644 wpa_supplicant/wpa_gui-qt4/stringquery.cpp create mode 100644 wpa_supplicant/wpa_gui-qt4/stringquery.h create mode 100644 wpa_supplicant/wpa_gui-qt4/userdatarequest.cpp create mode 100644 wpa_supplicant/wpa_gui-qt4/userdatarequest.h create mode 100644 wpa_supplicant/wpa_gui-qt4/userdatarequest.ui create mode 100644 wpa_supplicant/wpa_gui-qt4/wpa_gui.desktop create mode 100644 wpa_supplicant/wpa_gui-qt4/wpa_gui.pro create mode 100644 wpa_supplicant/wpa_gui-qt4/wpagui.cpp create mode 100644 wpa_supplicant/wpa_gui-qt4/wpagui.h create mode 100644 wpa_supplicant/wpa_gui-qt4/wpagui.ui create mode 100644 wpa_supplicant/wpa_gui-qt4/wpamsg.h create mode 100644 wpa_supplicant/wpa_passphrase.c create mode 100644 wpa_supplicant/wpa_priv.c create mode 100644 wpa_supplicant/wpa_supplicant.c create mode 100644 wpa_supplicant/wpa_supplicant.conf create mode 100644 wpa_supplicant/wpa_supplicant_conf.mk create mode 100755 wpa_supplicant/wpa_supplicant_conf.sh create mode 100644 wpa_supplicant/wpa_supplicant_i.h create mode 100644 wpa_supplicant/wpa_supplicant_template.conf create mode 100644 wpa_supplicant/wpas_glue.c create mode 100644 wpa_supplicant/wpas_glue.h create mode 100644 wpa_supplicant/wpas_kay.c create mode 100644 wpa_supplicant/wpas_kay.h create mode 100644 wpa_supplicant/wpas_module_tests.c create mode 100644 wpa_supplicant/wps_supplicant.c create mode 100644 wpa_supplicant/wps_supplicant.h diff --git a/CONTRIBUTIONS b/CONTRIBUTIONS new file mode 100644 index 0000000..ca09bae --- /dev/null +++ b/CONTRIBUTIONS @@ -0,0 +1,143 @@ +Contributions to hostap.git +--------------------------- + +This software is distributed under a permissive open source license to +allow it to be used in any projects, whether open source or proprietary. +Contributions to the project are welcome and it is important to maintain +clear record of contributions and terms under which they are licensed. +To help with this, following procedure is used to allow acceptance and +recording of the terms. + +All contributions are expected to be licensed under the modified BSD +license (see below). Acknowledgment of the terms is tracked through +inclusion of Signed-off-by tag in the contributions at the end of the +commit log message. This tag indicates that the contributor agrees with +the Developer Certificate of Origin (DCO) version 1.1 terms (see below; +also available from http://developercertificate.org/). + + +The current requirements for contributions to hostap.git +-------------------------------------------------------- + +To indicate your acceptance of Developer's Certificate of Origin 1.1 +terms, please add the following line to the end of the commit message +for each contribution you make to the project: + +Signed-off-by: Your Name + +using your real name. Pseudonyms or anonymous contributions cannot +unfortunately be accepted. + + +History of license and contributions terms +------------------------------------------ + +Until February 11, 2012, in case of most files in hostap.git, "under the +open source license indicated in the file" means that the contribution +is licensed both under GPL v2 and modified BSD license (see below) and +the choice between these licenses is given to anyone who redistributes +or uses the software. As such, the contribution has to be licensed under +both options to allow this choice. + +As of February 11, 2012, the project has chosen to use only the BSD +license option for future distribution. As such, the GPL v2 license +option is no longer used and the contributions are not required to be +licensed until GPL v2. In case of most files in hostap.git, "under the +open source license indicated in the file" means that the contribution +is licensed under the modified BSD license (see below). + +Until February 13, 2014, the project used an extended version of the DCO +that included the identical items (a) through (d) from DCO 1.1 and an +additional item (e): + +(e) The contribution can be licensed under the modified BSD license + as shown below even in case of files that are currently licensed + under other terms. + +This was used during the period when some of the files included the old +license terms. Acceptance of this extended DCO version was indicated +with a Signed-hostap tag in the commit message. This additional item (e) +was used to collect explicit approval to license the contribution with +only the modified BSD license (see below), i.e., without the GPL v2 +option. This was done to allow simpler licensing terms to be used in the +future. It should be noted that the modified BSD license is compatible +with GNU GPL and as such, this possible move to simpler licensing option +does not prevent use of this software in GPL projects. + + +===[ start quote from http://developercertificate.org/ ]======================= + +Developer Certificate of Origin +Version 1.1 + +Copyright (C) 2004, 2006 The Linux Foundation and its contributors. +660 York Street, Suite 102, +San Francisco, CA 94110 USA + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. + + +Developer's Certificate of Origin 1.1 + +By making a contribution to this project, I certify that: + +(a) The contribution was created in whole or in part by me and I + have the right to submit it under the open source license + indicated in the file; or + +(b) The contribution is based upon previous work that, to the best + of my knowledge, is covered under an appropriate open source + license and I have the right under that license to submit that + work with modifications, whether created in whole or in part + by me, under the same open source license (unless I am + permitted to submit under a different license), as indicated + in the file; or + +(c) The contribution was provided directly to me by some other + person who certified (a), (b) or (c) and I have not modified + it. + +(d) I understand and agree that this project and the contribution + are public and that a record of the contribution (including all + personal information I submit with it, including my sign-off) is + maintained indefinitely and may be redistributed consistent with + this project or the open source license(s) involved. + +===[ end quote from http://developercertificate.org/ ]========================= + + +The license terms used for hostap.git files +------------------------------------------- + +Modified BSD license (no advertisement clause): + +Copyright (c) 2002-2015, Jouni Malinen and contributors +All Rights Reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name(s) of the above-listed copyright holder(s) nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..5962e2f --- /dev/null +++ b/COPYING @@ -0,0 +1,22 @@ +wpa_supplicant and hostapd +-------------------------- + +Copyright (c) 2002-2015, Jouni Malinen and contributors +All Rights Reserved. + + +See the README file for the current license terms. + +This software was previously distributed under BSD/GPL v2 dual license +terms that allowed either of those license alternatives to be +selected. As of February 11, 2012, the project has chosen to use only +the BSD license option for future distribution. As such, the GPL v2 +license option is no longer used. It should be noted that the BSD +license option (the one with advertisement clause removed) is compatible +with GPL and as such, does not prevent use of this software in projects +that use GPL. + +Some of the files may still include pointers to GPL version 2 license +terms. However, such copyright and license notifications are maintained +only for attribution purposes and any distribution of this software +after February 11, 2012 is no longer under the GPL v2 option. diff --git a/README b/README new file mode 100644 index 0000000..07d1d25 --- /dev/null +++ b/README @@ -0,0 +1,56 @@ +wpa_supplicant and hostapd +-------------------------- + +Copyright (c) 2002-2015, Jouni Malinen and contributors +All Rights Reserved. + +These programs are licensed under the BSD license (the one with +advertisement clause removed). + +If you are submitting changes to the project, please see CONTRIBUTIONS +file for more instructions. + + +This package may include either wpa_supplicant, hostapd, or both. See +README file respective subdirectories (wpa_supplicant/README or +hostapd/README) for more details. + +Source code files were moved around in v0.6.x releases and compared to +earlier releases, the programs are now built by first going to a +subdirectory (wpa_supplicant or hostapd) and creating build +configuration (.config) and running 'make' there (for Linux/BSD/cygwin +builds). + + +License +------- + +This software may be distributed, used, and modified under the terms of +BSD license: + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name(s) of the above-listed copyright holder(s) nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/hostapd/Android.mk b/hostapd/Android.mk new file mode 100644 index 0000000..6fcefdd --- /dev/null +++ b/hostapd/Android.mk @@ -0,0 +1,947 @@ +# Copyright (C) 2008 The Android Open Source Project +# +# This software may be distributed under the terms of the BSD license. +# See README for more details. +# + +LOCAL_PATH := $(call my-dir) + +WPA_BUILD_HOSTAPD := false +ifneq ($(BOARD_HOSTAPD_DRIVER),) + WPA_BUILD_HOSTAPD := true + CONFIG_DRIVER_$(BOARD_HOSTAPD_DRIVER) := y +endif + +ifeq ($(WPA_BUILD_HOSTAPD),true) + +include $(LOCAL_PATH)/android.config + +# To ignore possible wrong network configurations +L_CFLAGS = -DWPA_IGNORE_CONFIG_ERRORS + +L_CFLAGS += -DVERSION_STR_POSTFIX=\"-$(PLATFORM_VERSION)\" + +# Set Android log name +L_CFLAGS += -DANDROID_LOG_NAME=\"hostapd\" + +# Disable unused parameter warnings +L_CFLAGS += -Wno-unused-parameter + +# Set Android extended P2P functionality +L_CFLAGS += -DANDROID_P2P +ifeq ($(BOARD_HOSTAPD_PRIVATE_LIB),) +L_CFLAGS += -DANDROID_P2P_STUB +endif + +# Use Android specific directory for control interface sockets +L_CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_DIR=\"/data/misc/wifi/sockets\" +L_CFLAGS += -DCONFIG_CTRL_IFACE_DIR=\"/data/system/hostapd\" + +# To force sizeof(enum) = 4 +ifeq ($(TARGET_ARCH),arm) +L_CFLAGS += -mabi=aapcs-linux +endif + +INCLUDES = $(LOCAL_PATH) +INCLUDES += $(LOCAL_PATH)/src +INCLUDES += $(LOCAL_PATH)/src/utils +INCLUDES += external/openssl/include +INCLUDES += system/security/keystore/include +ifdef CONFIG_DRIVER_NL80211 +ifneq ($(wildcard external/libnl),) +INCLUDES += external/libnl/include +else +INCLUDES += external/libnl-headers +endif +endif + + +ifndef CONFIG_OS +ifdef CONFIG_NATIVE_WINDOWS +CONFIG_OS=win32 +else +CONFIG_OS=unix +endif +endif + +ifeq ($(CONFIG_OS), internal) +L_CFLAGS += -DOS_NO_C_LIB_DEFINES +endif + +ifdef CONFIG_NATIVE_WINDOWS +L_CFLAGS += -DCONFIG_NATIVE_WINDOWS +LIBS += -lws2_32 +endif + +OBJS = main.c +OBJS += config_file.c + +OBJS += src/ap/hostapd.c +OBJS += src/ap/wpa_auth_glue.c +OBJS += src/ap/drv_callbacks.c +OBJS += src/ap/ap_drv_ops.c +OBJS += src/ap/utils.c +OBJS += src/ap/authsrv.c +OBJS += src/ap/ieee802_1x.c +OBJS += src/ap/ap_config.c +OBJS += src/ap/eap_user_db.c +OBJS += src/ap/ieee802_11_auth.c +OBJS += src/ap/sta_info.c +OBJS += src/ap/wpa_auth.c +OBJS += src/ap/tkip_countermeasures.c +OBJS += src/ap/ap_mlme.c +OBJS += src/ap/wpa_auth_ie.c +OBJS += src/ap/preauth_auth.c +OBJS += src/ap/pmksa_cache_auth.c +OBJS += src/ap/ieee802_11_shared.c +OBJS += src/ap/beacon.c +OBJS += src/ap/bss_load.c +OBJS_d = +OBJS_p = +LIBS = +LIBS_c = +HOBJS = +LIBS_h = + +NEED_RC4=y +NEED_AES=y +NEED_MD5=y +NEED_SHA1=y + +OBJS += src/drivers/drivers.c +L_CFLAGS += -DHOSTAPD + +ifdef CONFIG_WPA_TRACE +L_CFLAGS += -DWPA_TRACE +OBJS += src/utils/trace.c +HOBJS += src/utils/trace.c +LDFLAGS += -rdynamic +L_CFLAGS += -funwind-tables +ifdef CONFIG_WPA_TRACE_BFD +L_CFLAGS += -DWPA_TRACE_BFD +LIBS += -lbfd +LIBS_c += -lbfd +LIBS_h += -lbfd +endif +endif + +OBJS += src/utils/eloop.c +OBJS += src/utils/common.c +OBJS += src/utils/wpa_debug.c +OBJS += src/utils/wpabuf.c +OBJS += src/utils/os_$(CONFIG_OS).c +OBJS += src/utils/ip_addr.c + +OBJS += src/common/ieee802_11_common.c +OBJS += src/common/wpa_common.c +OBJS += src/common/hw_features_common.c + +OBJS += src/eapol_auth/eapol_auth_sm.c + + +ifndef CONFIG_NO_DUMP_STATE +# define HOSTAPD_DUMP_STATE to include support for dumping internal state +# through control interface commands (undefine it, if you want to save in +# binary size) +L_CFLAGS += -DHOSTAPD_DUMP_STATE +OBJS += src/eapol_auth/eapol_auth_dump.c +endif + +ifdef CONFIG_NO_RADIUS +L_CFLAGS += -DCONFIG_NO_RADIUS +CONFIG_NO_ACCOUNTING=y +else +OBJS += src/radius/radius.c +OBJS += src/radius/radius_client.c +OBJS += src/radius/radius_das.c +endif + +ifdef CONFIG_NO_ACCOUNTING +L_CFLAGS += -DCONFIG_NO_ACCOUNTING +else +OBJS += src/ap/accounting.c +endif + +ifdef CONFIG_NO_VLAN +L_CFLAGS += -DCONFIG_NO_VLAN +else +OBJS += src/ap/vlan_init.c +ifdef CONFIG_VLAN_NETLINK +ifdef CONFIG_FULL_DYNAMIC_VLAN +OBJS += src/ap/vlan_util.c +endif +L_CFLAGS += -DCONFIG_VLAN_NETLINK +endif +endif + +ifdef CONFIG_NO_CTRL_IFACE +L_CFLAGS += -DCONFIG_NO_CTRL_IFACE +else +OBJS += ctrl_iface.c +OBJS += src/ap/ctrl_iface_ap.c +endif + +L_CFLAGS += -DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX + +ifdef CONFIG_IAPP +L_CFLAGS += -DCONFIG_IAPP +OBJS += src/ap/iapp.c +endif + +ifdef CONFIG_RSN_PREAUTH +L_CFLAGS += -DCONFIG_RSN_PREAUTH +CONFIG_L2_PACKET=y +endif + +ifdef CONFIG_PEERKEY +L_CFLAGS += -DCONFIG_PEERKEY +OBJS += src/ap/peerkey_auth.c +endif + +ifdef CONFIG_HS20 +NEED_AES_OMAC1=y +CONFIG_PROXYARP=y +endif + +ifdef CONFIG_PROXYARP +CONFIG_L2_PACKET=y +endif + +ifdef CONFIG_SUITEB +L_CFLAGS += -DCONFIG_SUITEB +NEED_SHA256=y +NEED_AES_OMAC1=y +endif + +ifdef CONFIG_SUITEB192 +L_CFLAGS += -DCONFIG_SUITEB192 +NEED_SHA384=y +endif + +ifdef CONFIG_IEEE80211W +L_CFLAGS += -DCONFIG_IEEE80211W +NEED_SHA256=y +NEED_AES_OMAC1=y +endif + +ifdef CONFIG_IEEE80211R +L_CFLAGS += -DCONFIG_IEEE80211R +OBJS += src/ap/wpa_auth_ft.c +NEED_SHA256=y +NEED_AES_OMAC1=y +NEED_AES_UNWRAP=y +endif + +ifdef CONFIG_SAE +L_CFLAGS += -DCONFIG_SAE +OBJS += src/common/sae.c +NEED_ECC=y +NEED_DH_GROUPS=y +endif + +ifdef CONFIG_WNM +L_CFLAGS += -DCONFIG_WNM +OBJS += src/ap/wnm_ap.c +endif + +ifdef CONFIG_IEEE80211N +L_CFLAGS += -DCONFIG_IEEE80211N +endif + +ifdef CONFIG_IEEE80211AC +L_CFLAGS += -DCONFIG_IEEE80211AC +endif + +include $(LOCAL_PATH)/src/drivers/drivers.mk + +OBJS += $(DRV_AP_OBJS) +L_CFLAGS += $(DRV_AP_CFLAGS) +LDFLAGS += $(DRV_AP_LDFLAGS) +LIBS += $(DRV_AP_LIBS) + +ifdef CONFIG_L2_PACKET +ifdef CONFIG_DNET_PCAP +ifdef CONFIG_L2_FREEBSD +LIBS += -lpcap +OBJS += src/l2_packet/l2_packet_freebsd.c +else +LIBS += -ldnet -lpcap +OBJS += src/l2_packet/l2_packet_pcap.c +endif +else +OBJS += src/l2_packet/l2_packet_linux.c +endif +else +OBJS += src/l2_packet/l2_packet_none.c +endif + + +ifdef CONFIG_EAP_MD5 +L_CFLAGS += -DEAP_SERVER_MD5 +OBJS += src/eap_server/eap_server_md5.c +CHAP=y +endif + +ifdef CONFIG_EAP_TLS +L_CFLAGS += -DEAP_SERVER_TLS +OBJS += src/eap_server/eap_server_tls.c +TLS_FUNCS=y +endif + +ifdef CONFIG_EAP_UNAUTH_TLS +L_CFLAGS += -DEAP_SERVER_UNAUTH_TLS +ifndef CONFIG_EAP_TLS +OBJS += src/eap_server/eap_server_tls.c +TLS_FUNCS=y +endif +endif + +ifdef CONFIG_EAP_PEAP +L_CFLAGS += -DEAP_SERVER_PEAP +OBJS += src/eap_server/eap_server_peap.c +OBJS += src/eap_common/eap_peap_common.c +TLS_FUNCS=y +CONFIG_EAP_MSCHAPV2=y +endif + +ifdef CONFIG_EAP_TTLS +L_CFLAGS += -DEAP_SERVER_TTLS +OBJS += src/eap_server/eap_server_ttls.c +TLS_FUNCS=y +CHAP=y +endif + +ifdef CONFIG_EAP_MSCHAPV2 +L_CFLAGS += -DEAP_SERVER_MSCHAPV2 +OBJS += src/eap_server/eap_server_mschapv2.c +MS_FUNCS=y +endif + +ifdef CONFIG_EAP_GTC +L_CFLAGS += -DEAP_SERVER_GTC +OBJS += src/eap_server/eap_server_gtc.c +endif + +ifdef CONFIG_EAP_SIM +L_CFLAGS += -DEAP_SERVER_SIM +OBJS += src/eap_server/eap_server_sim.c +CONFIG_EAP_SIM_COMMON=y +NEED_AES_CBC=y +endif + +ifdef CONFIG_EAP_AKA +L_CFLAGS += -DEAP_SERVER_AKA +OBJS += src/eap_server/eap_server_aka.c +CONFIG_EAP_SIM_COMMON=y +NEED_SHA256=y +NEED_AES_CBC=y +endif + +ifdef CONFIG_EAP_AKA_PRIME +L_CFLAGS += -DEAP_SERVER_AKA_PRIME +endif + +ifdef CONFIG_EAP_SIM_COMMON +OBJS += src/eap_common/eap_sim_common.c +# Example EAP-SIM/AKA interface for GSM/UMTS authentication. This can be +# replaced with another file implementating the interface specified in +# eap_sim_db.h. +OBJS += src/eap_server/eap_sim_db.c +NEED_FIPS186_2_PRF=y +endif + +ifdef CONFIG_EAP_PAX +L_CFLAGS += -DEAP_SERVER_PAX +OBJS += src/eap_server/eap_server_pax.c src/eap_common/eap_pax_common.c +endif + +ifdef CONFIG_EAP_PSK +L_CFLAGS += -DEAP_SERVER_PSK +OBJS += src/eap_server/eap_server_psk.c src/eap_common/eap_psk_common.c +NEED_AES_OMAC1=y +NEED_AES_ENCBLOCK=y +NEED_AES_EAX=y +endif + +ifdef CONFIG_EAP_SAKE +L_CFLAGS += -DEAP_SERVER_SAKE +OBJS += src/eap_server/eap_server_sake.c src/eap_common/eap_sake_common.c +endif + +ifdef CONFIG_EAP_GPSK +L_CFLAGS += -DEAP_SERVER_GPSK +OBJS += src/eap_server/eap_server_gpsk.c src/eap_common/eap_gpsk_common.c +ifdef CONFIG_EAP_GPSK_SHA256 +L_CFLAGS += -DEAP_GPSK_SHA256 +endif +NEED_SHA256=y +NEED_AES_OMAC1=y +endif + +ifdef CONFIG_EAP_PWD +L_CFLAGS += -DEAP_SERVER_PWD +OBJS += src/eap_server/eap_server_pwd.c src/eap_common/eap_pwd_common.c +NEED_SHA256=y +endif + +ifdef CONFIG_EAP_EKE +L_CFLAGS += -DEAP_SERVER_EKE +OBJS += src/eap_server/eap_server_eke.c src/eap_common/eap_eke_common.c +NEED_DH_GROUPS=y +NEED_DH_GROUPS_ALL=y +endif + +ifdef CONFIG_EAP_VENDOR_TEST +L_CFLAGS += -DEAP_SERVER_VENDOR_TEST +OBJS += src/eap_server/eap_server_vendor_test.c +endif + +ifdef CONFIG_EAP_FAST +L_CFLAGS += -DEAP_SERVER_FAST +OBJS += src/eap_server/eap_server_fast.c +OBJS += src/eap_common/eap_fast_common.c +TLS_FUNCS=y +NEED_T_PRF=y +NEED_AES_UNWRAP=y +endif + +ifdef CONFIG_WPS +L_CFLAGS += -DCONFIG_WPS -DEAP_SERVER_WSC +OBJS += src/utils/uuid.c +OBJS += src/ap/wps_hostapd.c +OBJS += src/eap_server/eap_server_wsc.c src/eap_common/eap_wsc_common.c +OBJS += src/wps/wps.c +OBJS += src/wps/wps_common.c +OBJS += src/wps/wps_attr_parse.c +OBJS += src/wps/wps_attr_build.c +OBJS += src/wps/wps_attr_process.c +OBJS += src/wps/wps_dev_attr.c +OBJS += src/wps/wps_enrollee.c +OBJS += src/wps/wps_registrar.c +NEED_DH_GROUPS=y +NEED_SHA256=y +NEED_BASE64=y +NEED_AES_CBC=y +NEED_MODEXP=y +CONFIG_EAP=y + +ifdef CONFIG_WPS_NFC +L_CFLAGS += -DCONFIG_WPS_NFC +OBJS += src/wps/ndef.c +NEED_WPS_OOB=y +endif + +ifdef NEED_WPS_OOB +L_CFLAGS += -DCONFIG_WPS_OOB +endif + +ifdef CONFIG_WPS_UPNP +L_CFLAGS += -DCONFIG_WPS_UPNP +OBJS += src/wps/wps_upnp.c +OBJS += src/wps/wps_upnp_ssdp.c +OBJS += src/wps/wps_upnp_web.c +OBJS += src/wps/wps_upnp_event.c +OBJS += src/wps/wps_upnp_ap.c +OBJS += src/wps/upnp_xml.c +OBJS += src/wps/httpread.c +OBJS += src/wps/http_client.c +OBJS += src/wps/http_server.c +endif + +ifdef CONFIG_WPS_STRICT +L_CFLAGS += -DCONFIG_WPS_STRICT +OBJS += src/wps/wps_validate.c +endif + +ifdef CONFIG_WPS_TESTING +L_CFLAGS += -DCONFIG_WPS_TESTING +endif + +endif + +ifdef CONFIG_EAP_IKEV2 +L_CFLAGS += -DEAP_SERVER_IKEV2 +OBJS += src/eap_server/eap_server_ikev2.c src/eap_server/ikev2.c +OBJS += src/eap_common/eap_ikev2_common.c src/eap_common/ikev2_common.c +NEED_DH_GROUPS=y +NEED_DH_GROUPS_ALL=y +NEED_MODEXP=y +NEED_CIPHER=y +endif + +ifdef CONFIG_EAP_TNC +L_CFLAGS += -DEAP_SERVER_TNC +OBJS += src/eap_server/eap_server_tnc.c +OBJS += src/eap_server/tncs.c +NEED_BASE64=y +ifndef CONFIG_DRIVER_BSD +LIBS += -ldl +endif +endif + +# Basic EAP functionality is needed for EAPOL +OBJS += eap_register.c +OBJS += src/eap_server/eap_server.c +OBJS += src/eap_common/eap_common.c +OBJS += src/eap_server/eap_server_methods.c +OBJS += src/eap_server/eap_server_identity.c +L_CFLAGS += -DEAP_SERVER_IDENTITY + +ifdef CONFIG_EAP +L_CFLAGS += -DEAP_SERVER +endif + +ifdef CONFIG_PKCS12 +L_CFLAGS += -DPKCS12_FUNCS +endif + +ifdef MS_FUNCS +OBJS += src/crypto/ms_funcs.c +NEED_DES=y +NEED_MD4=y +endif + +ifdef CHAP +OBJS += src/eap_common/chap.c +endif + +ifdef TLS_FUNCS +NEED_DES=y +# Shared TLS functions (needed for EAP_TLS, EAP_PEAP, and EAP_TTLS) +L_CFLAGS += -DEAP_TLS_FUNCS +OBJS += src/eap_server/eap_server_tls_common.c +NEED_TLS_PRF=y +endif + +ifndef CONFIG_TLS +CONFIG_TLS=openssl +endif + +ifdef CONFIG_TLSV11 +L_CFLAGS += -DCONFIG_TLSV11 +endif + +ifdef CONFIG_TLSV12 +L_CFLAGS += -DCONFIG_TLSV12 +NEED_SHA256=y +endif + +ifeq ($(CONFIG_TLS), openssl) +ifdef TLS_FUNCS +OBJS += src/crypto/tls_openssl.c +LIBS += -lssl +endif +OBJS += src/crypto/crypto_openssl.c +HOBJS += src/crypto/crypto_openssl.c +ifdef NEED_FIPS186_2_PRF +OBJS += src/crypto/fips_prf_openssl.c +endif +LIBS += -lcrypto +LIBS_h += -lcrypto +endif + +ifeq ($(CONFIG_TLS), gnutls) +ifdef TLS_FUNCS +OBJS += src/crypto/tls_gnutls.c +LIBS += -lgnutls -lgpg-error +endif +OBJS += src/crypto/crypto_gnutls.c +HOBJS += src/crypto/crypto_gnutls.c +ifdef NEED_FIPS186_2_PRF +OBJS += src/crypto/fips_prf_internal.c +OBJS += src/crypto/sha1-internal.c +endif +LIBS += -lgcrypt +LIBS_h += -lgcrypt +CONFIG_INTERNAL_SHA256=y +CONFIG_INTERNAL_RC4=y +CONFIG_INTERNAL_DH_GROUP5=y +endif + +ifeq ($(CONFIG_TLS), schannel) +ifdef TLS_FUNCS +OBJS += src/crypto/tls_schannel.c +endif +OBJS += src/crypto/crypto_cryptoapi.c +OBJS_p += src/crypto/crypto_cryptoapi.c +CONFIG_INTERNAL_SHA256=y +CONFIG_INTERNAL_RC4=y +CONFIG_INTERNAL_DH_GROUP5=y +endif + +ifeq ($(CONFIG_TLS), internal) +ifndef CONFIG_CRYPTO +CONFIG_CRYPTO=internal +endif +ifdef TLS_FUNCS +OBJS += src/crypto/crypto_internal-rsa.c +OBJS += src/crypto/tls_internal.c +OBJS += src/tls/tlsv1_common.c +OBJS += src/tls/tlsv1_record.c +OBJS += src/tls/tlsv1_cred.c +OBJS += src/tls/tlsv1_server.c +OBJS += src/tls/tlsv1_server_write.c +OBJS += src/tls/tlsv1_server_read.c +OBJS += src/tls/asn1.c +OBJS += src/tls/rsa.c +OBJS += src/tls/x509v3.c +OBJS += src/tls/pkcs1.c +OBJS += src/tls/pkcs5.c +OBJS += src/tls/pkcs8.c +NEED_SHA256=y +NEED_BASE64=y +NEED_TLS_PRF=y +ifdef CONFIG_TLSV12 +NEED_TLS_PRF_SHA256=y +endif +NEED_MODEXP=y +NEED_CIPHER=y +L_CFLAGS += -DCONFIG_TLS_INTERNAL +L_CFLAGS += -DCONFIG_TLS_INTERNAL_SERVER +endif +ifdef NEED_CIPHER +NEED_DES=y +OBJS += src/crypto/crypto_internal-cipher.c +endif +ifdef NEED_MODEXP +OBJS += src/crypto/crypto_internal-modexp.c +OBJS += src/tls/bignum.c +endif +ifeq ($(CONFIG_CRYPTO), libtomcrypt) +OBJS += src/crypto/crypto_libtomcrypt.c +LIBS += -ltomcrypt -ltfm +LIBS_h += -ltomcrypt -ltfm +CONFIG_INTERNAL_SHA256=y +CONFIG_INTERNAL_RC4=y +CONFIG_INTERNAL_DH_GROUP5=y +endif +ifeq ($(CONFIG_CRYPTO), internal) +OBJS += src/crypto/crypto_internal.c +NEED_AES_DEC=y +L_CFLAGS += -DCONFIG_CRYPTO_INTERNAL +ifdef CONFIG_INTERNAL_LIBTOMMATH +L_CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH +ifdef CONFIG_INTERNAL_LIBTOMMATH_FAST +L_CFLAGS += -DLTM_FAST +endif +else +LIBS += -ltommath +LIBS_h += -ltommath +endif +CONFIG_INTERNAL_AES=y +CONFIG_INTERNAL_DES=y +CONFIG_INTERNAL_SHA1=y +CONFIG_INTERNAL_MD4=y +CONFIG_INTERNAL_MD5=y +CONFIG_INTERNAL_SHA256=y +CONFIG_INTERNAL_RC4=y +CONFIG_INTERNAL_DH_GROUP5=y +endif +ifeq ($(CONFIG_CRYPTO), cryptoapi) +OBJS += src/crypto/crypto_cryptoapi.c +OBJS_p += src/crypto/crypto_cryptoapi.c +L_CFLAGS += -DCONFIG_CRYPTO_CRYPTOAPI +CONFIG_INTERNAL_SHA256=y +CONFIG_INTERNAL_RC4=y +endif +endif + +ifeq ($(CONFIG_TLS), none) +ifdef TLS_FUNCS +OBJS += src/crypto/tls_none.c +L_CFLAGS += -DEAP_TLS_NONE +CONFIG_INTERNAL_AES=y +CONFIG_INTERNAL_SHA1=y +CONFIG_INTERNAL_MD5=y +endif +OBJS += src/crypto/crypto_none.c +OBJS_p += src/crypto/crypto_none.c +CONFIG_INTERNAL_SHA256=y +CONFIG_INTERNAL_RC4=y +endif + +ifndef TLS_FUNCS +OBJS += src/crypto/tls_none.c +ifeq ($(CONFIG_TLS), internal) +CONFIG_INTERNAL_AES=y +CONFIG_INTERNAL_SHA1=y +CONFIG_INTERNAL_MD5=y +CONFIG_INTERNAL_RC4=y +endif +endif + +AESOBJS = # none so far +ifdef CONFIG_INTERNAL_AES +AESOBJS += src/crypto/aes-internal.c src/crypto/aes-internal-enc.c +endif + +ifneq ($(CONFIG_TLS), openssl) +AESOBJS += src/crypto/aes-wrap.c +endif +ifdef NEED_AES_EAX +AESOBJS += src/crypto/aes-eax.c +NEED_AES_CTR=y +endif +ifdef NEED_AES_CTR +AESOBJS += src/crypto/aes-ctr.c +endif +ifdef NEED_AES_ENCBLOCK +AESOBJS += src/crypto/aes-encblock.c +endif +ifdef NEED_AES_OMAC1 +AESOBJS += src/crypto/aes-omac1.c +endif +ifdef NEED_AES_UNWRAP +ifneq ($(CONFIG_TLS), openssl) +NEED_AES_DEC=y +AESOBJS += src/crypto/aes-unwrap.c +endif +endif +ifdef NEED_AES_CBC +NEED_AES_DEC=y +AESOBJS += src/crypto/aes-cbc.c +endif +ifdef NEED_AES_DEC +ifdef CONFIG_INTERNAL_AES +AESOBJS += src/crypto/aes-internal-dec.c +endif +endif +ifdef NEED_AES +OBJS += $(AESOBJS) +endif + +SHA1OBJS = +ifdef NEED_SHA1 +ifneq ($(CONFIG_TLS), openssl) +SHA1OBJS += src/crypto/sha1.c +endif +SHA1OBJS += src/crypto/sha1-prf.c +ifdef CONFIG_INTERNAL_SHA1 +SHA1OBJS += src/crypto/sha1-internal.c +ifdef NEED_FIPS186_2_PRF +SHA1OBJS += src/crypto/fips_prf_internal.c +endif +endif +ifneq ($(CONFIG_TLS), openssl) +SHA1OBJS += src/crypto/sha1-pbkdf2.c +endif +ifdef NEED_T_PRF +SHA1OBJS += src/crypto/sha1-tprf.c +endif +ifdef NEED_TLS_PRF +SHA1OBJS += src/crypto/sha1-tlsprf.c +endif +endif + +ifdef NEED_SHA1 +OBJS += $(SHA1OBJS) +endif + +ifneq ($(CONFIG_TLS), openssl) +OBJS += src/crypto/md5.c +endif + +ifdef NEED_MD5 +ifdef CONFIG_INTERNAL_MD5 +OBJS += src/crypto/md5-internal.c +HOBJS += src/crypto/md5-internal.c +endif +endif + +ifdef NEED_MD4 +ifdef CONFIG_INTERNAL_MD4 +OBJS += src/crypto/md4-internal.c +endif +endif + +ifdef NEED_DES +ifdef CONFIG_INTERNAL_DES +OBJS += src/crypto/des-internal.c +endif +endif + +ifdef NEED_RC4 +ifdef CONFIG_INTERNAL_RC4 +OBJS += src/crypto/rc4.c +endif +endif + +ifdef NEED_SHA256 +L_CFLAGS += -DCONFIG_SHA256 +ifneq ($(CONFIG_TLS), openssl) +OBJS += src/crypto/sha256.c +endif +OBJS += src/crypto/sha256-prf.c +ifdef CONFIG_INTERNAL_SHA256 +OBJS += src/crypto/sha256-internal.c +endif +ifdef NEED_TLS_PRF_SHA256 +OBJS += src/crypto/sha256-tlsprf.c +endif +endif +ifdef NEED_SHA384 +L_CFLAGS += -DCONFIG_SHA384 +endif + +ifdef NEED_DH_GROUPS +OBJS += src/crypto/dh_groups.c +endif +ifdef NEED_DH_GROUPS_ALL +L_CFLAGS += -DALL_DH_GROUPS +endif +ifdef CONFIG_INTERNAL_DH_GROUP5 +ifdef NEED_DH_GROUPS +OBJS += src/crypto/dh_group5.c +endif +endif + +ifdef NEED_ECC +L_CFLAGS += -DCONFIG_ECC +endif + +ifdef CONFIG_NO_RANDOM_POOL +L_CFLAGS += -DCONFIG_NO_RANDOM_POOL +else +OBJS += src/crypto/random.c +HOBJS += src/crypto/random.c +HOBJS += src/utils/eloop.c +HOBJS += $(SHA1OBJS) +HOBJS += src/crypto/md5.c +endif + +ifdef CONFIG_RADIUS_SERVER +L_CFLAGS += -DRADIUS_SERVER +OBJS += src/radius/radius_server.c +endif + +ifdef CONFIG_IPV6 +L_CFLAGS += -DCONFIG_IPV6 +endif + +ifdef CONFIG_DRIVER_RADIUS_ACL +L_CFLAGS += -DCONFIG_DRIVER_RADIUS_ACL +endif + +ifdef CONFIG_FULL_DYNAMIC_VLAN +# define CONFIG_FULL_DYNAMIC_VLAN to have hostapd manipulate bridges +# and vlan interfaces for the vlan feature. +L_CFLAGS += -DCONFIG_FULL_DYNAMIC_VLAN +endif + +ifdef NEED_BASE64 +OBJS += src/utils/base64.c +endif + +ifdef NEED_AP_MLME +OBJS += src/ap/wmm.c +OBJS += src/ap/ap_list.c +OBJS += src/ap/ieee802_11.c +OBJS += src/ap/hw_features.c +OBJS += src/ap/dfs.c +L_CFLAGS += -DNEED_AP_MLME +endif +ifdef CONFIG_IEEE80211N +OBJS += src/ap/ieee802_11_ht.c +endif + +ifdef CONFIG_IEEE80211AC +OBJS += src/ap/ieee802_11_vht.c +endif + +ifdef CONFIG_P2P_MANAGER +L_CFLAGS += -DCONFIG_P2P_MANAGER +OBJS += src/ap/p2p_hostapd.c +endif + +ifdef CONFIG_HS20 +L_CFLAGS += -DCONFIG_HS20 +OBJS += src/ap/hs20.c +CONFIG_INTERWORKING=y +endif + +ifdef CONFIG_INTERWORKING +L_CFLAGS += -DCONFIG_INTERWORKING +OBJS += src/common/gas.c +OBJS += src/ap/gas_serv.c +endif + +ifdef CONFIG_PROXYARP +L_CFLAGS += -DCONFIG_PROXYARP +OBJS += src/ap/x_snoop.c +OBJS += src/ap/dhcp_snoop.c +ifdef CONFIG_IPV6 +OBJS += src/ap/ndisc_snoop.c +endif +endif + +OBJS += src/drivers/driver_common.c + +ifdef CONFIG_ACS +L_CFLAGS += -DCONFIG_ACS +OBJS += src/ap/acs.c +LIBS += -lm +endif + +ifdef CONFIG_NO_STDOUT_DEBUG +L_CFLAGS += -DCONFIG_NO_STDOUT_DEBUG +endif + +ifdef CONFIG_DEBUG_LINUX_TRACING +L_CFLAGS += -DCONFIG_DEBUG_LINUX_TRACING +endif + +ifdef CONFIG_DEBUG_FILE +L_CFLAGS += -DCONFIG_DEBUG_FILE +endif + +ifdef CONFIG_ANDROID_LOG +L_CFLAGS += -DCONFIG_ANDROID_LOG +endif + +OBJS_c = hostapd_cli.c src/common/wpa_ctrl.c src/utils/os_$(CONFIG_OS).c +OBJS_c += src/utils/eloop.c +ifdef CONFIG_WPA_TRACE +OBJS_c += src/utils/trace.c +endif +OBJS_c += src/utils/wpa_debug.c +ifdef CONFIG_WPA_CLI_EDIT +OBJS_c += src/utils/edit.c +else +OBJS_c += src/utils/edit_simple.c +endif + +######################## + +include $(CLEAR_VARS) +LOCAL_MODULE := hostapd_cli +LOCAL_MODULE_TAGS := debug +LOCAL_SHARED_LIBRARIES := libc libcutils liblog +LOCAL_CFLAGS := $(L_CFLAGS) +LOCAL_SRC_FILES := $(OBJS_c) +LOCAL_C_INCLUDES := $(INCLUDES) +include $(BUILD_EXECUTABLE) + +######################## +include $(CLEAR_VARS) +LOCAL_MODULE := hostapd +LOCAL_MODULE_TAGS := optional +ifdef CONFIG_DRIVER_CUSTOM +LOCAL_STATIC_LIBRARIES := libCustomWifi +endif +ifneq ($(BOARD_HOSTAPD_PRIVATE_LIB),) +LOCAL_STATIC_LIBRARIES += $(BOARD_HOSTAPD_PRIVATE_LIB) +endif +LOCAL_SHARED_LIBRARIES := libc libcutils liblog libcrypto libssl +ifdef CONFIG_DRIVER_NL80211 +ifneq ($(wildcard external/libnl),) +LOCAL_SHARED_LIBRARIES += libnl +else +LOCAL_STATIC_LIBRARIES += libnl_2 +endif +endif +LOCAL_CFLAGS := $(L_CFLAGS) +LOCAL_SRC_FILES := $(OBJS) +LOCAL_C_INCLUDES := $(INCLUDES) +include $(BUILD_EXECUTABLE) + +endif # ifeq ($(WPA_BUILD_HOSTAPD),true) diff --git a/hostapd/ChangeLog b/hostapd/ChangeLog new file mode 100644 index 0000000..e6f8c6a --- /dev/null +++ b/hostapd/ChangeLog @@ -0,0 +1,1035 @@ +ChangeLog for hostapd + +2015-03-15 - v2.4 + * allow OpenSSL cipher configuration to be set for internal EAP server + (openssl_ciphers parameter) + * fixed number of small issues based on hwsim test case failures and + static analyzer reports + * fixed Accounting-Request to not include duplicated Acct-Session-Id + * add support for Acct-Multi-Session-Id in RADIUS Accounting messages + * add support for PMKSA caching with SAE + * add support for generating BSS Load element (bss_load_update_period) + * fixed channel switch from VHT to HT + * add INTERFACE-ENABLED and INTERFACE-DISABLED ctrl_iface events + * add support for learning STA IPv4/IPv6 addresses and configuring + ProxyARP support + * dropped support for the madwifi driver interface + * add support for Suite B (128-bit and 192-bit level) key management and + cipher suites + * fixed a regression with driver=wired + * extend EAPOL-Key msg 1/4 retry workaround for changing SNonce + * add BSS_TM_REQ ctrl_iface command to send BSS Transition Management + Request frames and BSS-TM-RESP event to indicate response to such + frame + * add support for EAP Re-Authentication Protocol (ERP) + * fixed AP IE in EAPOL-Key 3/4 when both WPA and FT was enabled + * fixed a regression in HT 20/40 coex Action frame parsing + * set stdout to be line-buffered + * add support for vendor specific VHT extension to enable 256 QAM rates + (VHT-MCS 8 and 9) on 2.4 GHz band + * RADIUS DAS: + - extend Disconnect-Request processing to allow matching of multiple + sessions + - support Acct-Multi-Session-Id as an identifier + - allow PMKSA cache entry to be removed without association + * expire hostapd STA entry if kernel does not have a matching entry + * allow chanlist to be used to specify a subset of channels for ACS + * improve ACS behavior on 2.4 GHz band and allow channel bias to be + configured with acs_chan_bias parameter + * do not reply to a Probe Request frame that includes DSS Parameter Set + element in which the channel does not match the current operating + channel + * add UPDATE_BEACON ctrl_iface command; this can be used to force Beacon + frame contents to be updated and to start beaconing on an interface + that used start_disabled=1 + * fixed some RADIUS server failover cases + +2014-10-09 - v2.3 + * fixed number of minor issues identified in static analyzer warnings + * fixed DFS and channel switch operation for multi-BSS cases + * started to use constant time comparison for various password and hash + values to reduce possibility of any externally measurable timing + differences + * extended explicit clearing of freed memory and expired keys to avoid + keeping private data in memory longer than necessary + * added support for number of new RADIUS attributes from RFC 7268 + (Mobility-Domain-Id, WLAN-HESSID, WLAN-Pairwise-Cipher, + WLAN-Group-Cipher, WLAN-AKM-Suite, WLAN-Group-Mgmt-Pairwise-Cipher) + * fixed GET_CONFIG wpa_pairwise_cipher value + * added code to clear bridge FDB entry on station disconnection + * fixed PMKSA cache timeout from Session-Timeout for WPA/WPA2 cases + * fixed OKC PMKSA cache entry fetch to avoid a possible infinite loop + in case the first entry does not match + * fixed hostapd_cli action script execution to use more robust mechanism + (CVE-2014-3686) + +2014-06-04 - v2.2 + * fixed SAE confirm-before-commit validation to avoid a potential + segmentation fault in an unexpected message sequence that could be + triggered remotely + * extended VHT support + - Operating Mode Notification + - Power Constraint element (local_pwr_constraint) + - Spectrum management capability (spectrum_mgmt_required=1) + - fix VHT80 segment picking in ACS + - fix vht_capab 'Maximum A-MPDU Length Exponent' handling + - fix VHT20 + * fixed HT40 co-ex scan for some pri/sec channel switches + * extended HT40 co-ex support to allow dynamic channel width changes + during the lifetime of the BSS + * fixed HT40 co-ex support to check for overlapping 20 MHz BSS + * fixed MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding; + this fixes password with include UTF-8 characters that use + three-byte encoding EAP methods that use NtPasswordHash + * reverted TLS certificate validation step change in v2.1 that rejected + any AAA server certificate with id-kp-clientAuth even if + id-kp-serverAuth EKU was included + * fixed STA validation step for WPS ER commands to prevent a potential + crash if an ER sends an unexpected PutWLANResponse to a station that + is disassociated, but not fully removed + * enforce full EAP authentication after RADIUS Disconnect-Request by + removing the PMKSA cache entry + * added support for NAS-IP-Address, NAS-identifier, and NAS-IPv6-Address + in RADIUS Disconnect-Request + * added mechanism for removing addresses for MAC ACLs by prefixing an + entry with "-" + * Interworking/Hotspot 2.0 enhancements + - support Hotspot 2.0 Release 2 + * OSEN network for online signup connection + * subscription remediation (based on RADIUS server request or + control interface HS20_WNM_NOTIF for testing purposes) + * Hotspot 2.0 release number indication in WFA RADIUS VSA + * deauthentication request (based on RADIUS server request or + control interface WNM_DEAUTH_REQ for testing purposes) + * Session Info URL RADIUS AVP to trigger ESS Disassociation Imminent + * hs20_icon config parameter to configure icon files for OSU + * osu_* config parameters for OSU Providers list + - do not use Interworking filtering rules on Probe Request if + Interworking is disabled to avoid interop issues + * added/fixed nl80211 functionality + - AP interface teardown optimization + - support vendor specific driver command + (VENDOR []) + * fixed PMF protection of Deauthentication frame when this is triggered + by session timeout + * internal TLS implementation enhancements/fixes + - add SHA256-based cipher suites + - add DHE-RSA cipher suites + - fix X.509 validation of PKCS#1 signature to check for extra data + * RADIUS server functionality + - add minimal RADIUS accounting server support (hostapd-as-server); + this is mainly to enable testing coverage with hwsim scripts + - allow authentication log to be written into SQLite databse + - added option for TLS protocol testing of an EAP peer by simulating + various misbehaviors/known attacks + - MAC ACL support for testing purposes + * fixed PTK derivation for CCMP-256 and GCMP-256 + * extended WPS per-station PSK to support ER case + * added option to configure the management group cipher + (group_mgmt_cipher=AES-128-CMAC (default), BIP-GMAC-128, BIP-GMAC-256, + BIP-CMAC-256) + * fixed AP mode default TXOP Limit values for AC_VI and AC_VO (these + were rounded incorrectly) + * added support for postponing FT response in case PMK-R1 needs to be + pulled from R0KH + * added option to advertise 40 MHz intolerant HT capability with + ht_capab=[40-INTOLERANT] + * remove WPS 1.0 only support, i.e., WSC 2.0 support is now enabled + whenever CONFIG_WPS=y is set + * EAP-pwd fixes + - fix possible segmentation fault on EAP method deinit if an invalid + group is negotiated + * fixed RADIUS client retransmit/failover behavior + - there was a potential ctash due to freed memory being accessed + - failover to a backup server mechanism did not work properly + * fixed a possible crash on double DISABLE command when multiple BSSes + are enabled + * fixed a memory leak in SAE random number generation + * fixed GTK rekeying when the station uses FT protocol + * fixed off-by-one bounds checking in printf_encode() + - this could result in deinial of service in some EAP server cases + * various bug fixes + +2014-02-04 - v2.1 + * added support for simultaneous authentication of equals (SAE) for + stronger password-based authentication with WPA2-Personal + * added nl80211 functionality + - VHT configuration for nl80211 + - support split wiphy dump + - driver-based MAC ACL + - QoS Mapping configuration + * added fully automated regression testing with mac80211_hwsim + * allow ctrl_iface group to be specified on command line (-G) + * allow single hostapd process to control independent WPS interfaces + (wps_independent=1) instead of synchronized operations through all + configured interfaces within a process + * avoid processing received management frames multiple times when using + nl80211 with multiple BSSes + * added support for DFS (processing radar detection events, CAC, channel + re-selection) + * added EAP-EKE server + * added automatic channel selection (ACS) + * added option for using per-BSS (vif) configuration files with + -b: + * extended global control interface ADD/REMOVE commands to allow BSSes + of a radio to be removed individually without having to add/remove all + other BSSes of the radio at the same time + * added support for sending debug info to Linux tracing (-T on command + line) + * replace dump_file functionality with same information being available + through the hostapd control interface + * added support for using Protected Dual of Public Action frames for + GAS/ANQP exchanges when PMF is enabled + * added support for WPS+NFC updates + - improved protocol + - option to fetch and report alternative carrier records for external + NFC operations + * various bug fixes + +2013-01-12 - v2.0 + * added AP-STA-DISCONNECTED ctrl_iface event + * improved debug logging (human readable event names, interface name + included in more entries) + * added number of small changes to make it easier for static analyzers + to understand the implementation + * added a workaround for Windows 7 Michael MIC failure reporting and + use of the Secure bit in EAPOL-Key msg 3/4 + * fixed number of small bugs (see git logs for more details) + * changed OpenSSL to read full certificate chain from server_cert file + * nl80211: number of updates to use new cfg80211/nl80211 functionality + - replace monitor interface with nl80211 commands + - additional information for driver-based AP SME + * EAP-pwd: + - fix KDF for group 21 and zero-padding + - added support for fragmentation + - increased maximum number of hunting-and-pecking iterations + * avoid excessive Probe Response retries for broadcast Probe Request + frames (only with drivers using hostapd SME/MLME) + * added preliminary support for using TLS v1.2 (CONFIG_TLSV12=y) + * fixed WPS operation stopping on dual concurrent AP + * added wps_rf_bands configuration parameter for overriding RF Bands + value for WPS + * added support for getting per-device PSK from RADIUS Tunnel-Password + * added support for libnl 3.2 and newer + * increased initial group key handshake retransmit timeout to 500 ms + * added a workaround for 4-way handshake to update SNonce even after + having sent EAPOL-Key 3/4 to avoid issues with some supplicant + implementations that can change SNonce for each EAP-Key 2/4 + * added a workaround for EAPOL-Key 4/4 using incorrect type value in + WPA2 mode (some deployed stations use WPA type in that message) + * added a WPS workaround for mixed mode AP Settings with Windows 7 + * changed WPS AP PIN disabling mechanism to disable the PIN after 10 + consecutive failures in addition to using the exponential lockout + period + * added support for WFA Hotspot 2.0 + - GAS/ANQP advertisement of network information + - disable_dgaf parameter to disable downstream group-addressed + forwarding + * simplified licensing terms by selecting the BSD license as the only + alternative + * EAP-SIM: fixed re-authentication not to update pseudonym + * EAP-SIM: use Notification round before EAP-Failure + * EAP-AKA: added support for AT_COUNTER_TOO_SMALL + * EAP-AKA: skip AKA/Identity exchange if EAP identity is recognized + * EAP-AKA': fixed identity for MK derivation + * EAP-AKA': updated to RFC 5448 (username prefixes changed); note: this + breaks interoperability with older versions + * EAP-SIM/AKA: allow pseudonym to be used after unknown reauth id + * changed ANonce to be a random number instead of Counter-based + * added support for canceling WPS operations with hostapd_cli wps_cancel + * fixed EAP/WPS to PSK transition on reassociation in cases where + deauthentication is missed + * hlr_auc_gw enhancements: + - a new command line parameter -u can be used to enable updating of + SQN in Milenage file + - use 5 bit IND for SQN updates + - SQLite database can now be used to store Milenage information + * EAP-SIM/AKA DB: added optional use of SQLite database for pseudonyms + and reauth data + * added support for Chargeable-User-Identity (RFC 4372) + * added radius_auth_req_attr and radius_acct_req_attr configuration + parameters to allow adding/overriding of RADIUS attributes in + Access-Request and Accounting-Request packets + * added support for RADIUS dynamic authorization server (RFC 5176) + * added initial support for WNM operations + - BSS max idle period + - WNM-Sleep Mode + * added new WPS NFC ctrl_iface mechanism + - removed obsoleted WPS_OOB command (including support for deprecated + UFD config_method) + * added FT support for drivers that implement MLME internally + * added SA Query support for drivers that implement MLME internally + * removed default ACM=1 from AC_VO and AC_VI + * changed VENDOR-TEST EAP method to use proper private enterprise number + (this will not interoperate with older versions) + * added hostapd.conf parameter vendor_elements to allow arbitrary vendor + specific elements to be added to the Beacon and Probe Response frames + * added support for configuring GCMP cipher for IEEE 802.11ad + * added support for 256-bit AES with internal TLS implementation + * changed EAPOL transmission to use AC_VO if WMM is active + * fixed EAP-TLS/PEAP/TTLS/FAST server to validate TLS Message Length + correctly; invalid messages could have caused the hostapd process to + terminate before this fix [CVE-2012-4445] + * limit number of active wildcard PINs for WPS Registrar to one to avoid + confusing behavior with multiple wildcard PINs + * added a workaround for WPS PBC session overlap detection to avoid + interop issues with deployed station implementations that do not + remove active PBC indication from Probe Request frames properly + * added support for using SQLite for the eap_user database + * added Acct-Session-Id attribute into Access-Request messages + * fixed EAPOL frame transmission to non-QoS STAs with nl80211 + (do not send QoS frames if the STA did not negotiate use of QoS for + this association) + +2012-05-10 - v1.0 + * Add channel selection support in hostapd. See hostapd.conf. + * Add support for IEEE 802.11v Time Advertisement mechanism with UTC + TSF offset. See hostapd.conf for config info. + * Delay STA entry removal until Deauth/Disassoc TX status in AP mode. + This allows the driver to use PS buffering of Deauthentication and + Disassociation frames when the STA is in power save sleep. Only + available with drivers that provide TX status events for Deauth/ + Disassoc frames (nl80211). + * Allow PMKSA caching to be disabled on the Authenticator. See + hostap.conf config parameter disable_pmksa_caching. + * atheros: Add support for IEEE 802.11w configuration. + * bsd: Add support for setting HT values in IFM_MMASK. + * Allow client isolation to be configured with ap_isolate. Client + isolation can be used to prevent low-level bridging of frames + between associated stations in the BSS. By default, this bridging + is allowed. + * Allow coexistance of HT BSSes with WEP/TKIP BSSes. + * Add require_ht config parameter, which can be used to configure + hostapd to reject association with any station that does not support + HT PHY. + * Add support for writing debug log to a file using "-f" option. Also + add relog CLI command to re-open the log file. + * Add bridge handling for WDS STA interfaces. By default they are + added to the configured bridge of the AP interface (if present), + but the user can also specify a separate bridge using cli command + wds_bridge. + * hostapd_cli: + - Add wds_bridge command for specifying bridge for WDS STA + interfaces. + - Add relog command for reopening log file. + - Send AP-STA-DISCONNECTED event when an AP disconnects a station + due to inactivity. + - Add wps_config ctrl_interface command for configuring AP. This + command can be used to configure the AP using the internal WPS + registrar. It works in the same way as new AP settings received + from an ER. + - Many WPS/WPS ER commands - see WPS/WPS ER sections for details. + - Add command get version, that returns hostapd version string. + * WNM: Add BSS Transition Management Request for ESS Disassoc Imminent. + Use hostapd_cli ess_disassoc (STA addr) (URL) to send the + notification to the STA. + * Allow AP mode to disconnect STAs based on low ACK condition (when + the data connection is not working properly, e.g., due to the STA + going outside the range of the AP). Disabled by default, enable by + config option disassoc_low_ack. + * Add WPA_IGNORE_CONFIG_ERRORS build option to continue in case of bad + config file. + * WPS: + - Send AP Settings as a wrapped Credential attribute to ctrl_iface + in WPS-NEW-AP-SETTINGS. + - Dispatch more WPS events through hostapd ctrl_iface. + - Add mechanism for indicating non-standard WPS errors. + - Change concurrent radio AP to use only one WPS UPnP instance. + - Add wps_check_pin command for processing PIN from user input. + UIs can use this command to process a PIN entered by a user and to + validate the checksum digit (if present). + - Add hostap_cli get_config command to display current AP config. + - Add new hostapd_cli command, wps_ap_pin, to manage AP PIN at + runtime and support dynamic AP PIN management. + - Disable AP PIN after 10 consecutive failures. Slow down attacks + on failures up to 10. + - Allow AP to start in Enrollee mode without AP PIN for probing, + to be compatible with Windows 7. + - Add Config Error into WPS-FAIL events to provide more info + to the user on how to resolve the issue. + - When controlling multiple interfaces: + - apply WPS commands to all interfaces configured to use WPS + - apply WPS config changes to all interfaces that use WPS + - when an attack is detected on any interface, disable AP PIN on + all interfaces + * WPS ER: + - Show SetSelectedRegistrar events as ctrl_iface events. + - Add special AP Setup Locked mode to allow read only ER. + ap_setup_locked=2 can now be used to enable a special mode where + WPS ER can learn the current AP settings, but cannot change them. + * WPS 2.0: Add support for WPS 2.0 (CONFIG_WPS2) + - Add build option CONFIG_WPS_EXTENSIBILITY_TESTING to enable tool + for testing protocol extensibility. + - Add build option CONFIG_WPS_STRICT to allow disabling of WPS + workarounds. + - Add support for AuthorizedMACs attribute. + * TDLS: + - Allow TDLS use or TDLS channel switching in the BSS to be + prohibited in the BSS, using config params tdls_prohibit and + tdls_prohibit_chan_switch. + * EAP server: Add support for configuring fragment size (see + fragment_size in hostapd.conf). + * wlantest: Add a tool wlantest for IEEE802.11 protocol testing. + wlantest can be used to capture frames from a monitor interface + for realtime capturing or from pcap files for offline analysis. + * Interworking: Support added for 802.11u. Enable in .config with + CONFIG_INTERWORKING. See hostapd.conf for config parameters for + interworking. + * Android: Add build and runtime support for Android hostapd. + * Add a new debug message level for excessive information. Use + -ddd to enable. + * TLS: Add support for tls_disable_time_checks=1 in client mode. + * Internal TLS: + - Add support for TLS v1.1 (RFC 4346). Enable with build parameter + CONFIG_TLSV11. + - Add domainComponent parser for X.509 names + * Reorder some IEs to get closer to IEEE 802.11 standard. Move + WMM into end of Beacon, Probe Resp and (Re)Assoc Resp frames. + Move HT IEs to be later in (Re)Assoc Resp. + * Many bugfixes. + +2010-04-18 - v0.7.2 + * fix WPS internal Registrar use when an external Registrar is also + active + * bsd: Cleaned up driver wrapper and added various low-level + configuration options + * TNC: fixed issues with fragmentation + * EAP-TNC: add Flags field into fragment acknowledgement (needed to + interoperate with other implementations; may potentially breaks + compatibility with older wpa_supplicant/hostapd versions) + * cleaned up driver wrapper API for multi-BSS operations + * nl80211: fix multi-BSS and VLAN operations + * fix number of issues with IEEE 802.11r/FT; this version is not + backwards compatible with old versions + * add SA Query Request processing in AP mode (IEEE 802.11w) + * fix IGTK PN in group rekeying (IEEE 802.11w) + * fix WPS PBC session overlap detection to use correct attribute + * hostapd_notif_Assoc() can now be called with all IEs to simplify + driver wrappers + * work around interoperability issue with some WPS External Registrar + implementations + * nl80211: fix WPS IE update + * hostapd_cli: add support for action script operations (run a script + on hostapd events) + * fix DH padding with internal crypto code (mainly, for WPS) + * fix WPS association with both WPS IE and WPA/RSN IE present with + driver wrappers that use hostapd MLME (e.g., nl80211) + +2010-01-16 - v0.7.1 + * cleaned up driver wrapper API (struct wpa_driver_ops); the new API + is not fully backwards compatible, so out-of-tree driver wrappers + will need modifications + * cleaned up various module interfaces + * merge hostapd and wpa_supplicant developers' documentation into a + single document + * fixed HT Capabilities IE with nl80211 drivers + * moved generic AP functionality code into src/ap + * WPS: handle Selected Registrar as union of info from all Registrars + * remove obsolte Prism54.org driver wrapper + * added internal debugging mechanism with backtrace support and memory + allocation/freeing validation, etc. tests (CONFIG_WPA_TRACE=y) + * EAP-FAST server: piggyback Phase 2 start with the end of Phase 1 + * WPS: add support for dynamically selecting whether to provision the + PSK as an ASCII passphrase or PSK + * added support for WDS (4-address frame) mode with per-station virtual + interfaces (wds_sta=1 in config file; only supported with + driver=nl80211 for now) + * fixed WPS Probe Request processing to handle missing required + attribute + * fixed PKCS#12 use with OpenSSL 1.0.0 + * detect bridge interface automatically so that bridge parameter in + hostapd.conf becomes optional (though, it may now be used to + automatically add then WLAN interface into a bridge with + driver=nl80211) + +2009-11-21 - v0.7.0 + * increased hostapd_cli ping interval to 5 seconds and made this + configurable with a new command line options (-G) + * driver_nl80211: use Linux socket filter to improve performance + * added support for external Registrars with WPS (UPnP transport) + * 802.11n: scan for overlapping BSSes before starting 20/40 MHz channel + * driver_nl80211: fixed STA accounting data collection (TX/RX bytes + reported correctly; TX/RX packets not yet available from kernel) + * added support for WPS USBA out-of-band mechanism with USB Flash + Drives (UFD) (CONFIG_WPS_UFD=y) + * fixed EAPOL/EAP reauthentication when using an external RADIUS + authentication server + * fixed TNC with EAP-TTLS + * fixed IEEE 802.11r key derivation function to match with the standard + (note: this breaks interoperability with previous version) [Bug 303] + * fixed SHA-256 based key derivation function to match with the + standard when using CCMP (for IEEE 802.11r and IEEE 802.11w) + (note: this breaks interoperability with previous version) [Bug 307] + * added number of code size optimizations to remove unnecessary + functionality from the program binary based on build configuration + (part of this automatic; part configurable with CONFIG_NO_* build + options) + * use shared driver wrapper files with wpa_supplicant + * driver_nl80211: multiple updates to provide support for new Linux + nl80211/mac80211 functionality + * updated management frame protection to use IEEE Std 802.11w-2009 + * fixed number of small WPS issues and added workarounds to + interoperate with common deployed broken implementations + * added some IEEE 802.11n co-existence rules to disable 40 MHz channels + or modify primary/secondary channels if needed based on neighboring + networks + * added support for NFC out-of-band mechanism with WPS + * added preliminary support for IEEE 802.11r RIC processing + +2009-01-06 - v0.6.7 + * added support for Wi-Fi Protected Setup (WPS) + (hostapd can now be configured to act as an integrated WPS Registrar + and provision credentials for WPS Enrollees using PIN and PBC + methods; external wireless Registrar can configure the AP, but + external WLAN Manager Registrars are not supported); WPS support can + be enabled by adding CONFIG_WPS=y into .config and setting the + runtime configuration variables in hostapd.conf (see WPS section in + the example configuration file); new hostapd_cli commands wps_pin and + wps_pbc are used to configure WPS negotiation; see README-WPS for + more details + * added IEEE 802.11n HT capability configuration (ht_capab) + * added support for generating Country IE based on nl80211 regulatory + information (added if ieee80211d=1 in configuration) + * fixed WEP authentication (both Open System and Shared Key) with + mac80211 + * added support for EAP-AKA' (draft-arkko-eap-aka-kdf) + * added support for using driver_test over UDP socket + * changed EAP-GPSK to use the IANA assigned EAP method type 51 + * updated management frame protection to use IEEE 802.11w/D7.0 + * fixed retransmission of EAP requests if no response is received + +2008-11-23 - v0.6.6 + * added a new configuration option, wpa_ptk_rekey, that can be used to + enforce frequent PTK rekeying, e.g., to mitigate some attacks against + TKIP deficiencies + * updated OpenSSL code for EAP-FAST to use an updated version of the + session ticket overriding API that was included into the upstream + OpenSSL 0.9.9 tree on 2008-11-15 (no additional OpenSSL patch is + needed with that version anymore) + * changed channel flags configuration to read the information from + the driver (e.g., via driver_nl80211 when using mac80211) instead of + using hostapd as the source of the regulatory information (i.e., + information from CRDA is now used with mac80211); this allows 5 GHz + channels to be used with hostapd (if allowed in the current + regulatory domain) + * fixed EAP-TLS message processing for the last TLS message if it is + large enough to require fragmentation (e.g., if a large Session + Ticket data is included) + * fixed listen interval configuration for nl80211 drivers + +2008-11-01 - v0.6.5 + * added support for SHA-256 as X.509 certificate digest when using the + internal X.509/TLSv1 implementation + * fixed EAP-FAST PAC-Opaque padding (0.6.4 broke this for some peer + identity lengths) + * fixed internal TLSv1 implementation for abbreviated handshake (used + by EAP-FAST server) + * added support for setting VLAN ID for STAs based on local MAC ACL + (accept_mac_file) as an alternative for RADIUS server-based + configuration + * updated management frame protection to use IEEE 802.11w/D6.0 + (adds a new association ping to protect against unauthenticated + authenticate or (re)associate request frames dropping association) + * added support for using SHA256-based stronger key derivation for WPA2 + (IEEE 802.11w) + * added new "driver wrapper" for RADIUS-only configuration + (driver=none in hostapd.conf; CONFIG_DRIVER_NONE=y in .config) + * fixed WPA/RSN IE validation to verify that the proto (WPA vs. WPA2) + is enabled in configuration + * changed EAP-FAST configuration to use separate fields for A-ID and + A-ID-Info (eap_fast_a_id_info) to allow A-ID to be set to a fixed + 16-octet len binary value for better interoperability with some peer + implementations; eap_fast_a_id is now configured as a hex string + * driver_nl80211: Updated to match the current Linux mac80211 AP mode + configuration (wireless-testing.git and Linux kernel releases + starting from 2.6.29) + +2008-08-10 - v0.6.4 + * added peer identity into EAP-FAST PAC-Opaque and skip Phase 2 + Identity Request if identity is already known + * added support for EAP Sequences in EAP-FAST Phase 2 + * added support for EAP-TNC (Trusted Network Connect) + (this version implements the EAP-TNC method and EAP-TTLS/EAP-FAST + changes needed to run two methods in sequence (IF-T) and the IF-IMV + and IF-TNCCS interfaces from TNCS) + * added support for optional cryptobinding with PEAPv0 + * added fragmentation support for EAP-TNC + * added support for fragmenting EAP-TTLS/PEAP/FAST Phase 2 (tunneled) + data + * added support for opportunistic key caching (OKC) + +2008-02-22 - v0.6.3 + * fixed Reassociation Response callback processing when using internal + MLME (driver_{hostap,nl80211,test}.c) + * updated FT support to use the latest draft, IEEE 802.11r/D9.0 + * copy optional Proxy-State attributes into RADIUS response when acting + as a RADIUS authentication server + * fixed EAPOL state machine to handle a case in which no response is + received from the RADIUS authentication server; previous version + could have triggered a crash in some cases after a timeout + * fixed EAP-SIM/AKA realm processing to allow decorated usernames to + be used + * added a workaround for EAP-SIM/AKA peers that include incorrect null + termination in the username + * fixed EAP-SIM/AKA protected result indication to include AT_COUNTER + attribute in notification messages only when using fast + reauthentication + * fixed EAP-SIM Start response processing for fast reauthentication + case + * added support for pending EAP processing in EAP-{PEAP,TTLS,FAST} + phase 2 to allow EAP-SIM and EAP-AKA to be used as the Phase 2 method + +2008-01-01 - v0.6.2 + * fixed EAP-SIM and EAP-AKA message parser to validate attribute + lengths properly to avoid potential crash caused by invalid messages + * added data structure for storing allocated buffers (struct wpabuf); + this does not affect hostapd usage, but many of the APIs changed + and various interfaces (e.g., EAP) is not compatible with old + versions + * added support for protecting EAP-AKA/Identity messages with + AT_CHECKCODE (optional feature in RFC 4187) + * added support for protected result indication with AT_RESULT_IND for + EAP-SIM and EAP-AKA (eap_sim_aka_result_ind=1) + * added support for configuring EAP-TTLS phase 2 non-EAP methods in + EAP server configuration; previously all four were enabled for every + phase 2 user, now all four are disabled by default and need to be + enabled with new method names TTLS-PAP, TTLS-CHAP, TTLS-MSCHAP, + TTLS-MSCHAPV2 + * removed old debug printing mechanism and the related 'debug' + parameter in the configuration file; debug verbosity is now set with + -d (or -dd) command line arguments + * added support for EAP-IKEv2 (draft-tschofenig-eap-ikev2-15.txt); + only shared key/password authentication is supported in this version + +2007-11-24 - v0.6.1 + * added experimental, integrated TLSv1 server implementation with the + needed X.509/ASN.1/RSA/bignum processing (this can be enabled by + setting CONFIG_TLS=internal and CONFIG_INTERNAL_LIBTOMMATH=y in + .config); this can be useful, e.g., if the target system does not + have a suitable TLS library and a minimal code size is required + * added support for EAP-FAST server method to the integrated EAP + server + * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest + draft (draft-ietf-emu-eap-gpsk-07.txt) + * added a new configuration parameter, rsn_pairwise, to allow different + pairwise cipher suites to be enabled for WPA and RSN/WPA2 + (note: if wpa_pairwise differs from rsn_pairwise, the driver will + either need to support this or will have to use the WPA/RSN IEs from + hostapd; currently, the included madwifi and bsd driver interfaces do + not have support for this) + * updated FT support to use the latest draft, IEEE 802.11r/D8.0 + +2007-05-28 - v0.6.0 + * added experimental IEEE 802.11r/D6.0 support + * updated EAP-SAKE to RFC 4763 and the IANA-allocated EAP type 48 + * updated EAP-PSK to use the IANA-allocated EAP type 47 + * fixed EAP-PSK bit ordering of the Flags field + * fixed configuration reloading (SIGHUP) to re-initialize WPA PSKs + by reading wpa_psk_file [Bug 181] + * fixed EAP-TTLS AVP parser processing for too short AVP lengths + * fixed IPv6 connection to RADIUS accounting server + * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest + draft (draft-ietf-emu-eap-gpsk-04.txt) + * hlr_auc_gw: read GSM triplet file into memory and rotate through the + entries instead of only using the same three triplets every time + (this does not work properly with tests using multiple clients, but + provides bit better triplet data for testing a single client; anyway, + if a better quality triplets are needed, GSM-Milenage should be used + instead of hardcoded triplet file) + * fixed EAP-MSCHAPv2 server to use a space between S and M parameters + in Success Request [Bug 203] + * added support for sending EAP-AKA Notifications in error cases + * updated to use IEEE 802.11w/D2.0 for management frame protection + (still experimental) + * RADIUS server: added support for processing duplicate messages + (retransmissions from RADIUS client) by replying with the previous + reply + +2006-11-24 - v0.5.6 + * added support for configuring and controlling multiple BSSes per + radio interface (bss= in hostapd.conf); this is only + available with Devicescape and test driver interfaces + * fixed PMKSA cache update in the end of successful RSN + pre-authentication + * added support for dynamic VLAN configuration (i.e., selecting VLAN-ID + for each STA based on RADIUS Access-Accept attributes); this requires + VLAN support from the kernel driver/802.11 stack and this is + currently only available with Devicescape and test driver interfaces + * driver_madwifi: fixed configuration of unencrypted modes (plaintext + and IEEE 802.1X without WEP) + * removed STAKey handshake since PeerKey handshake has replaced it in + IEEE 802.11ma and there are no known deployments of STAKey + * updated EAP Generalized Pre-Shared Key (EAP-GPSK) to use the latest + draft (draft-ietf-emu-eap-gpsk-01.txt) + * added preliminary implementation of IEEE 802.11w/D1.0 (management + frame protection) + (Note: this requires driver support to work properly.) + (Note2: IEEE 802.11w is an unapproved draft and subject to change.) + * hlr_auc_gw: added support for GSM-Milenage (for EAP-SIM) + * hlr_auc_gw: added support for reading per-IMSI Milenage keys and + parameters from a text file to make it possible to implement proper + GSM/UMTS authentication server for multiple SIM/USIM cards using + EAP-SIM/EAP-AKA + * fixed session timeout processing with drivers that do not use + ieee802_11.c (e.g., madwifi) + +2006-08-27 - v0.5.5 + * added 'hostapd_cli new_sta ' command for adding a new STA into + hostapd (e.g., to initialize wired network authentication based on an + external signal) + * fixed hostapd to add PMKID KDE into 4-Way Handshake Message 1 when + using WPA2 even if PMKSA caching is not used + * added -P argument for hostapd to write the current process + id into a file + * added support for RADIUS Authentication Server MIB (RFC 2619) + +2006-06-20 - v0.5.4 + * fixed nt_password_hash build [Bug 144] + * added PeerKey handshake implementation for IEEE 802.11e + direct link setup (DLS) to replace STAKey handshake + * added support for EAP Generalized Pre-Shared Key (EAP-GPSK, + draft-clancy-emu-eap-shared-secret-00.txt) + * fixed a segmentation fault when RSN pre-authentication was completed + successfully [Bug 152] + +2006-04-27 - v0.5.3 + * do not build nt_password_hash and hlr_auc_gw by default to avoid + requiring a TLS library for a successful build; these programs can be + build with 'make nt_password_hash' and 'make hlr_auc_gw' + * added a new configuration option, eapol_version, that can be used to + set EAPOL version to 1 (default is 2) to work around broken client + implementations that drop EAPOL frames which use version number 2 + [Bug 89] + * added support for EAP-SAKE (no EAP method number allocated yet, so + this is using the same experimental type 255 as EAP-PSK) + * fixed EAP-MSCHAPv2 message length validation + +2006-03-19 - v0.5.2 + * fixed stdarg use in hostapd_logger(): if both stdout and syslog + logging was enabled, hostapd could trigger a segmentation fault in + vsyslog on some CPU -- C library combinations + * moved HLR/AuC gateway implementation for EAP-SIM/AKA into an external + program to make it easier to use for implementing real SS7 gateway; + eap_sim_db is not anymore used as a file name for GSM authentication + triplets; instead, it is path to UNIX domain socket that will be used + to communicate with the external gateway program (e.g., hlr_auc_gw) + * added example HLR/AuC gateway implementation, hlr_auc_gw, that uses + local information (GSM authentication triplets from a text file and + hardcoded AKA authentication data); this can be used to test EAP-SIM + and EAP-AKA + * added Milenage algorithm (example 3GPP AKA algorithm) to hlr_auc_gw + to make it possible to test EAP-AKA with real USIM cards (this is + disabled by default; define AKA_USE_MILENAGE when building hlr_auc_gw + to enable this) + * driver_madwifi: added support for getting station RSN IE from + madwifi-ng svn r1453 and newer; this fixes RSN that was apparently + broken with earlier change (r1357) in the driver + * changed EAP method registration to use a dynamic list of methods + instead of a static list generated at build time + * fixed WPA message 3/4 not to encrypt Key Data field (WPA IE) + [Bug 125] + * added ap_max_inactivity configuration parameter + +2006-01-29 - v0.5.1 + * driver_test: added better support for multiple APs and STAs by using + a directory with sockets that include MAC address for each device in + the name (test_socket=DIR:/tmp/test) + * added support for EAP expanded type (vendor specific EAP methods) + +2005-12-18 - v0.5.0 (beginning of 0.5.x development releases) + * added experimental STAKey handshake implementation for IEEE 802.11e + direct link setup (DLS); note: this is disabled by default in both + build and runtime configuration (can be enabled with CONFIG_STAKEY=y + and stakey=1) + * added support for EAP methods to use callbacks to external programs + by buffering a pending request and processing it after the EAP method + is ready to continue + * improved EAP-SIM database interface to allow external request to GSM + HLR/AuC without blocking hostapd process + * added support for using EAP-SIM pseudonyms and fast re-authentication + * added support for EAP-AKA in the integrated EAP authenticator + * added support for matching EAP identity prefixes (e.g., "1"*) in EAP + user database to allow EAP-SIM/AKA selection without extra roundtrip + for EAP-Nak negotiation + * added support for storing EAP user password as NtPasswordHash instead + of plaintext password when using MSCHAP or MSCHAPv2 for + authentication (hash:<16-octet hex value>); added nt_password_hash + tool for hashing password to generate NtPasswordHash + +2005-11-20 - v0.4.7 (beginning of 0.4.x stable releases) + * driver_wired: fixed EAPOL sending to optionally use PAE group address + as the destination instead of supplicant MAC address; this is + disabled by default, but should be enabled with use_pae_group_addr=1 + in configuration file if the wired interface is used by only one + device at the time (common switch configuration) + * driver_madwifi: configure driver to use TKIP countermeasures in order + to get correct behavior (IEEE 802.11 association failing; previously, + association succeeded, but hostpad forced disassociation immediately) + * driver_madwifi: added support for madwifi-ng + +2005-10-27 - v0.4.6 + * added support for replacing user identity from EAP with RADIUS + User-Name attribute from Access-Accept message, if that is included, + for the RADIUS accounting messages (e.g., for EAP-PEAP/TTLS to get + tunneled identity into accounting messages when the RADIUS server + does not support better way of doing this with Class attribute) + * driver_madwifi: fixed EAPOL packet receive for configuration where + ath# is part of a bridge interface + * added a configuration file and log analyzer script for logwatch + * fixed EAPOL state machine step function to process all state + transitions before processing new events; this resolves a race + condition in which EAPOL-Start message could trigger hostapd to send + two EAP-Response/Identity frames to the authentication server + +2005-09-25 - v0.4.5 + * added client CA list to the TLS certificate request in order to make + it easier for the client to select which certificate to use + * added experimental support for EAP-PSK + * added support for WE-19 (hostap, madwifi) + +2005-08-21 - v0.4.4 + * fixed build without CONFIG_RSN_PREAUTH + * fixed FreeBSD build + +2005-06-26 - v0.4.3 + * fixed PMKSA caching to copy User-Name and Class attributes so that + RADIUS accounting gets correct information + * start RADIUS accounting only after successful completion of WPA + 4-Way Handshake if WPA-PSK is used + * fixed PMKSA caching for the case where STA (re)associates without + first disassociating + +2005-06-12 - v0.4.2 + * EAP-PAX is now registered as EAP type 46 + * fixed EAP-PAX MAC calculation + * fixed EAP-PAX CK and ICK key derivation + * renamed eap_authenticator configuration variable to eap_server to + better match with RFC 3748 (EAP) terminology + * driver_test: added support for testing hostapd with wpa_supplicant + by using test driver interface without any kernel drivers or network + cards + +2005-05-22 - v0.4.1 + * fixed RADIUS server initialization when only auth or acct server + is configured and the other one is left empty + * driver_madwifi: added support for RADIUS accounting + * driver_madwifi: added preliminary support for compiling against 'BSD' + branch of madwifi CVS tree + * driver_madwifi: fixed pairwise key removal to allow WPA reauth + without disassociation + * added support for reading additional certificates from PKCS#12 files + and adding them to the certificate chain + * fixed RADIUS Class attribute processing to only use Access-Accept + packets to update Class; previously, other RADIUS authentication + packets could have cleared Class attribute + * added support for more than one Class attribute in RADIUS packets + * added support for verifying certificate revocation list (CRL) when + using integrated EAP authenticator for EAP-TLS; new hostapd.conf + options 'check_crl'; CRL must be included in the ca_cert file for now + +2005-04-25 - v0.4.0 (beginning of 0.4.x development releases) + * added support for including network information into + EAP-Request/Identity message (ASCII-0 (nul) in eap_message) + (e.g., to implement draft-adrange-eap-network-discovery-07.txt) + * fixed a bug which caused some RSN pre-authentication cases to use + freed memory and potentially crash hostapd + * fixed private key loading for cases where passphrase is not set + * added support for sending TLS alerts and aborting authentication + when receiving a TLS alert + * fixed WPA2 to add PMKSA cache entry when using integrated EAP + authenticator + * fixed PMKSA caching (EAP authentication was not skipped correctly + with the new state machine changes from IEEE 802.1X draft) + * added support for RADIUS over IPv6; own_ip_addr, auth_server_addr, + and acct_server_addr can now be IPv6 addresses (CONFIG_IPV6=y needs + to be added to .config to include IPv6 support); for RADIUS server, + radius_server_ipv6=1 needs to be set in hostapd.conf and addresses + in RADIUS clients file can then use IPv6 format + * added experimental support for EAP-PAX + * replaced hostapd control interface library (hostapd_ctrl.[ch]) with + the same implementation that wpa_supplicant is using (wpa_ctrl.[ch]) + +2005-02-12 - v0.3.7 (beginning of 0.3.x stable releases) + +2005-01-23 - v0.3.5 + * added support for configuring a forced PEAP version based on the + Phase 1 identity + * fixed PEAPv1 to use tunneled EAP-Success/Failure instead of EAP-TLV + to terminate authentication + * fixed EAP identifier duplicate processing with the new IEEE 802.1X + draft + * clear accounting data in the driver when starting a new accounting + session + * driver_madwifi: filter wireless events based on ifindex to allow more + than one network interface to be used + * fixed WPA message 2/4 processing not to cancel timeout for TimeoutEvt + setting if the packet does not pass MIC verification (e.g., due to + incorrect PSK); previously, message 1/4 was not tried again if an + invalid message 2/4 was received + * fixed reconfiguration of RADIUS client retransmission timer when + adding a new message to the pending list; previously, timer was not + updated at this point and if there was a pending message with long + time for the next retry, the new message needed to wait that long for + its first retry, too + +2005-01-09 - v0.3.4 + * added support for configuring multiple allowed EAP types for Phase 2 + authentication (EAP-PEAP, EAP-TTLS) + * fixed EAPOL-Start processing to trigger WPA reauthentication + (previously, only EAPOL authentication was done) + +2005-01-02 - v0.3.3 + * added support for EAP-PEAP in the integrated EAP authenticator + * added support for EAP-GTC in the integrated EAP authenticator + * added support for configuring list of EAP methods for Phase 1 so that + the integrated EAP authenticator can, e.g., use the wildcard entry + for EAP-TLS and EAP-PEAP + * added support for EAP-TTLS in the integrated EAP authenticator + * added support for EAP-SIM in the integrated EAP authenticator + * added support for using hostapd as a RADIUS authentication server + with the integrated EAP authenticator taking care of EAP + authentication (new hostapd.conf options: radius_server_clients and + radius_server_auth_port); this is not included in default build; use + CONFIG_RADIUS_SERVER=y in .config to include + +2004-12-19 - v0.3.2 + * removed 'daemonize' configuration file option since it has not really + been used at all for more than year + * driver_madwifi: fixed group key setup and added get_ssid method + * added support for EAP-MSCHAPv2 in the integrated EAP authenticator + +2004-12-12 - v0.3.1 + * added support for integrated EAP-TLS authentication (new hostapd.conf + variables: ca_cert, server_cert, private_key, private_key_passwd); + this enabled dynamic keying (WPA2/WPA/IEEE 802.1X/WEP) without + external RADIUS server + * added support for reading PKCS#12 (PFX) files (as a replacement for + PEM/DER) to get certificate and private key (CONFIG_PKCS12) + +2004-12-05 - v0.3.0 (beginning of 0.3.x development releases) + * added support for Acct-{Input,Output}-Gigawords + * added support for Event-Timestamp (in RADIUS Accounting-Requests) + * added support for RADIUS Authentication Client MIB (RFC2618) + * added support for RADIUS Accounting Client MIB (RFC2620) + * made EAP re-authentication period configurable (eap_reauth_period) + * fixed EAPOL reauthentication to trigger WPA/WPA2 reauthentication + * fixed EAPOL state machine to stop if STA is removed during + eapol_sm_step(); this fixes at least one segfault triggering bug with + IEEE 802.11i pre-authentication + * added support for multiple WPA pre-shared keys (e.g., one for each + client MAC address or keys shared by a group of clients); + new hostapd.conf field wpa_psk_file for setting path to a text file + containing PSKs, see hostapd.wpa_psk for an example + * added support for multiple driver interfaces to allow hostapd to be + used with other drivers + * added wired authenticator driver interface (driver=wired in + hostapd.conf, see wired.conf for example configuration) + * added madwifi driver interface (driver=madwifi in hostapd.conf, see + madwifi.conf for example configuration; Note: include files from + madwifi project is needed for building and a configuration file, + .config, needs to be created in hostapd directory with + CONFIG_DRIVER_MADWIFI=y to include this driver interface in hostapd + build) + * fixed an alignment issue that could cause SHA-1 to fail on some + platforms (e.g., Intel ixp425 with a compiler that does not 32-bit + align variables) + * fixed RADIUS reconnection after an error in sending interim + accounting packets + * added hostapd control interface for external programs and an example + CLI, hostapd_cli (like wpa_cli for wpa_supplicant) + * started adding dot11, dot1x, radius MIBs ('hostapd_cli mib', + 'hostapd_cli sta ') + * finished update from IEEE 802.1X-2001 to IEEE 802.1X-REV (now d11) + * added support for strict GTK rekeying (wpa_strict_rekey in + hostapd.conf) + * updated IAPP to use UDP port 3517 and multicast address 224.0.1.178 + (instead of broadcast) for IAPP ADD-notify (moved from draft 3 to + IEEE 802.11F-2003) + * added Prism54 driver interface (driver=prism54 in hostapd.conf; + note: .config needs to be created in hostapd directory with + CONFIG_DRIVER_PRISM54=y to include this driver interface in hostapd + build) + * dual-licensed hostapd (GPLv2 and BSD licenses) + * fixed RADIUS accounting to generate a new session id for cases where + a station reassociates without first being complete deauthenticated + * fixed STA disassociation handler to mark next timeout state to + deauthenticate the station, i.e., skip long wait for inactivity poll + and extra disassociation, if the STA disassociates without + deauthenticating + * added integrated EAP authenticator that can be used instead of + external RADIUS authentication server; currently, only EAP-MD5 is + supported, so this cannot yet be used for key distribution; the EAP + method interface is generic, though, so adding new EAP methods should + be straightforward; new hostapd.conf variables: 'eap_authenticator' + and 'eap_user_file'; this obsoletes "minimal authentication server" + ('minimal_eap' in hostapd.conf) which is now removed + * added support for FreeBSD and driver interface for the BSD net80211 + layer (driver=bsd in hostapd.conf and CONFIG_DRIVER_BSD=y in + .config); please note that some of the required kernel mods have not + yet been committed + +2004-07-17 - v0.2.4 (beginning of 0.2.x stable releases) + * fixed some accounting cases where Accounting-Start was sent when + IEEE 802.1X port was being deauthorized + +2004-06-20 - v0.2.3 + * modified RADIUS client to re-connect the socket in case of certain + error codes that are generated when a network interface state is + changes (e.g., when IP address changes or the interface is set UP) + * fixed couple of cases where EAPOL state for a station was freed + twice causing a segfault for hostapd + * fixed couple of bugs in processing WPA deauthentication (freed data + was used) + +2004-05-31 - v0.2.2 + * fixed WPA/WPA2 group rekeying to use key index correctly (GN/GM) + * fixed group rekeying to send zero TSC in EAPOL-Key messages to fix + cases where STAs dropped multicast frames as replay attacks + * added support for copying RADIUS Attribute 'Class' from + authentication messages into accounting messages + * send canned EAP failure if RADIUS server sends Access-Reject without + EAP message (previously, Supplicant was not notified in this case) + * fixed mixed WPA-PSK and WPA-EAP mode to work with WPA-PSK (i.e., do + not start EAPOL state machines if the STA selected to use WPA-PSK) + +2004-05-06 - v0.2.1 + * added WPA and IEEE 802.11i/RSN (WPA2) Authenticator functionality + - based on IEEE 802.11i/D10.0 but modified to interoperate with WPA + (i.e., IEEE 802.11i/D3.0) + - supports WPA-only, RSN-only, and mixed WPA/RSN mode + - both WPA-PSK and WPA-RADIUS/EAP are supported + - PMKSA caching and pre-authentication + - new hostapd.conf variables: wpa, wpa_psk, wpa_passphrase, + wpa_key_mgmt, wpa_pairwise, wpa_group_rekey, wpa_gmk_rekey, + rsn_preauth, rsn_preauth_interfaces + * fixed interim accounting to remove any pending accounting messages + to the STA before sending a new one + +2004-02-15 - v0.2.0 + * added support for Acct-Interim-Interval: + - draft-ietf-radius-acct-interim-01.txt + - use Acct-Interim-Interval attribute from Access-Accept if local + 'radius_acct_interim_interval' is not set + - allow different update intervals for each STA + * fixed event loop to call signal handlers only after returning from + the real signal handler + * reset sta->timeout_next after successful association to make sure + that the previously registered inactivity timer will not remove the + STA immediately (e.g., if STA deauthenticates and re-associates + before the timer is triggered). + * added new hostapd.conf variable, nas_identifier, that can be used to + add an optional RADIUS Attribute, NAS-Identifier, into authentication + and accounting messages + * added support for Accounting-On and Accounting-Off messages + * fixed accounting session handling to send Accounting-Start only once + per session and not to send Accounting-Stop if the session was not + initialized properly + * fixed Accounting-Stop statistics in cases where the message was + previously sent after the kernel entry for the STA (and/or IEEE + 802.1X data) was removed + + +Note: + +Older changes up to and including v0.1.0 are included in the ChangeLog +of the Host AP driver. diff --git a/hostapd/Makefile b/hostapd/Makefile new file mode 100644 index 0000000..eace68c --- /dev/null +++ b/hostapd/Makefile @@ -0,0 +1,1011 @@ +ifndef CC +CC=gcc +endif + +ifndef CFLAGS +CFLAGS = -MMD -O2 -Wall -g +endif + +CFLAGS += $(EXTRA_CFLAGS) +CFLAGS += -I$(abspath ../src) +CFLAGS += -I$(abspath ../src/utils) + +export BINDIR ?= /usr/local/bin/ + +# Uncomment following line and set the path to your kernel tree include +# directory if your C library does not include all header files. +# CFLAGS += -DUSE_KERNEL_HEADERS -I/usr/src/linux/include + +-include .config + +ifdef CONFIG_TESTING_OPTIONS +CFLAGS += -DCONFIG_TESTING_OPTIONS +CONFIG_WPS_TESTING=y +endif + +ifndef CONFIG_OS +ifdef CONFIG_NATIVE_WINDOWS +CONFIG_OS=win32 +else +CONFIG_OS=unix +endif +endif + +ifeq ($(CONFIG_OS), internal) +CFLAGS += -DOS_NO_C_LIB_DEFINES +endif + +ifdef CONFIG_NATIVE_WINDOWS +CFLAGS += -DCONFIG_NATIVE_WINDOWS +LIBS += -lws2_32 +endif + +OBJS += main.o +OBJS += config_file.o + +OBJS += ../src/ap/hostapd.o +OBJS += ../src/ap/wpa_auth_glue.o +OBJS += ../src/ap/drv_callbacks.o +OBJS += ../src/ap/ap_drv_ops.o +OBJS += ../src/ap/utils.o +OBJS += ../src/ap/authsrv.o +OBJS += ../src/ap/ieee802_1x.o +OBJS += ../src/ap/ap_config.o +OBJS += ../src/ap/eap_user_db.o +OBJS += ../src/ap/ieee802_11_auth.o +OBJS += ../src/ap/sta_info.o +OBJS += ../src/ap/wpa_auth.o +OBJS += ../src/ap/tkip_countermeasures.o +OBJS += ../src/ap/ap_mlme.o +OBJS += ../src/ap/wpa_auth_ie.o +OBJS += ../src/ap/preauth_auth.o +OBJS += ../src/ap/pmksa_cache_auth.o +OBJS += ../src/ap/ieee802_11_shared.o +OBJS += ../src/ap/beacon.o +OBJS += ../src/ap/bss_load.o + +OBJS_c = hostapd_cli.o ../src/common/wpa_ctrl.o ../src/utils/os_$(CONFIG_OS).o + +NEED_RC4=y +NEED_AES=y +NEED_MD5=y +NEED_SHA1=y + +OBJS += ../src/drivers/drivers.o +CFLAGS += -DHOSTAPD + +ifdef CONFIG_MODULE_TESTS +CFLAGS += -DCONFIG_MODULE_TESTS +OBJS += hapd_module_tests.o +endif + +ifdef CONFIG_WPA_TRACE +CFLAGS += -DWPA_TRACE +OBJS += ../src/utils/trace.o +HOBJS += ../src/utils/trace.o +LDFLAGS += -rdynamic +CFLAGS += -funwind-tables +ifdef CONFIG_WPA_TRACE_BFD +CFLAGS += -DPACKAGE="hostapd" -DWPA_TRACE_BFD +LIBS += -lbfd -ldl -liberty -lz +LIBS_c += -lbfd -ldl -liberty -lz +LIBS_h += -lbfd -ldl -liberty -lz +endif +endif + +ifndef CONFIG_ELOOP +CONFIG_ELOOP=eloop +endif +OBJS += ../src/utils/$(CONFIG_ELOOP).o +OBJS_c += ../src/utils/$(CONFIG_ELOOP).o + +ifeq ($(CONFIG_ELOOP), eloop) +# Using glibc < 2.17 requires -lrt for clock_gettime() +LIBS += -lrt +LIBS_c += -lrt +LIBS_h += -lrt +LIBS_n += -lrt +endif + +OBJS += ../src/utils/common.o +OBJS += ../src/utils/wpa_debug.o +OBJS_c += ../src/utils/wpa_debug.o +OBJS += ../src/utils/wpabuf.o +OBJS += ../src/utils/os_$(CONFIG_OS).o +OBJS += ../src/utils/ip_addr.o + +OBJS += ../src/common/ieee802_11_common.o +OBJS += ../src/common/wpa_common.o +OBJS += ../src/common/hw_features_common.o + +OBJS += ../src/eapol_auth/eapol_auth_sm.o + + +ifdef CONFIG_CODE_COVERAGE +CFLAGS += -O0 -fprofile-arcs -ftest-coverage +LIBS += -lgcov +LIBS_c += -lgcov +LIBS_h += -lgcov +LIBS_n += -lgcov +endif + +ifndef CONFIG_NO_DUMP_STATE +# define HOSTAPD_DUMP_STATE to include support for dumping internal state +# through control interface commands (undefine it, if you want to save in +# binary size) +CFLAGS += -DHOSTAPD_DUMP_STATE +OBJS += ../src/eapol_auth/eapol_auth_dump.o +endif + +ifdef CONFIG_NO_RADIUS +CFLAGS += -DCONFIG_NO_RADIUS +CONFIG_NO_ACCOUNTING=y +else +OBJS += ../src/radius/radius.o +OBJS += ../src/radius/radius_client.o +OBJS += ../src/radius/radius_das.o +endif + +ifdef CONFIG_NO_ACCOUNTING +CFLAGS += -DCONFIG_NO_ACCOUNTING +else +OBJS += ../src/ap/accounting.o +endif + +ifdef CONFIG_NO_VLAN +CFLAGS += -DCONFIG_NO_VLAN +else +OBJS += ../src/ap/vlan_init.o +ifdef CONFIG_VLAN_NETLINK +ifdef CONFIG_FULL_DYNAMIC_VLAN +OBJS += ../src/ap/vlan_util.o +endif +CFLAGS += -DCONFIG_VLAN_NETLINK +endif +endif + +ifdef CONFIG_NO_CTRL_IFACE +CFLAGS += -DCONFIG_NO_CTRL_IFACE +else +OBJS += ctrl_iface.o +OBJS += ../src/ap/ctrl_iface_ap.o +endif + +CFLAGS += -DCONFIG_CTRL_IFACE -DCONFIG_CTRL_IFACE_UNIX + +ifdef CONFIG_IAPP +CFLAGS += -DCONFIG_IAPP +OBJS += ../src/ap/iapp.o +endif + +ifdef CONFIG_RSN_PREAUTH +CFLAGS += -DCONFIG_RSN_PREAUTH +CONFIG_L2_PACKET=y +endif + +ifdef CONFIG_PEERKEY +CFLAGS += -DCONFIG_PEERKEY +OBJS += ../src/ap/peerkey_auth.o +endif + +ifdef CONFIG_HS20 +NEED_AES_OMAC1=y +CONFIG_PROXYARP=y +endif + +ifdef CONFIG_PROXYARP +CONFIG_L2_PACKET=y +endif + +ifdef CONFIG_SUITEB +CFLAGS += -DCONFIG_SUITEB +NEED_SHA256=y +NEED_AES_OMAC1=y +endif + +ifdef CONFIG_SUITEB192 +CFLAGS += -DCONFIG_SUITEB192 +NEED_SHA384=y +endif + +ifdef CONFIG_IEEE80211W +CFLAGS += -DCONFIG_IEEE80211W +NEED_SHA256=y +NEED_AES_OMAC1=y +endif + +ifdef CONFIG_IEEE80211R +CFLAGS += -DCONFIG_IEEE80211R +OBJS += ../src/ap/wpa_auth_ft.o +NEED_SHA256=y +NEED_AES_OMAC1=y +NEED_AES_UNWRAP=y +endif + +ifdef CONFIG_SAE +CFLAGS += -DCONFIG_SAE +OBJS += ../src/common/sae.o +NEED_ECC=y +NEED_DH_GROUPS=y +endif + +ifdef CONFIG_WNM +CFLAGS += -DCONFIG_WNM +OBJS += ../src/ap/wnm_ap.o +endif + +ifdef CONFIG_IEEE80211N +CFLAGS += -DCONFIG_IEEE80211N +endif + +ifdef CONFIG_IEEE80211AC +CFLAGS += -DCONFIG_IEEE80211AC +endif + +include ../src/drivers/drivers.mak +OBJS += $(DRV_AP_OBJS) +CFLAGS += $(DRV_AP_CFLAGS) +LDFLAGS += $(DRV_AP_LDFLAGS) +LIBS += $(DRV_AP_LIBS) + +ifdef CONFIG_L2_PACKET +ifdef CONFIG_DNET_PCAP +ifdef CONFIG_L2_FREEBSD +LIBS += -lpcap +OBJS += ../src/l2_packet/l2_packet_freebsd.o +else +LIBS += -ldnet -lpcap +OBJS += ../src/l2_packet/l2_packet_pcap.o +endif +else +OBJS += ../src/l2_packet/l2_packet_linux.o +endif +else +OBJS += ../src/l2_packet/l2_packet_none.o +endif + + +ifdef CONFIG_ERP +CFLAGS += -DCONFIG_ERP +NEED_SHA256=y +NEED_HMAC_SHA256_KDF=y +endif + +ifdef CONFIG_EAP_MD5 +CFLAGS += -DEAP_SERVER_MD5 +OBJS += ../src/eap_server/eap_server_md5.o +CHAP=y +endif + +ifdef CONFIG_EAP_TLS +CFLAGS += -DEAP_SERVER_TLS +OBJS += ../src/eap_server/eap_server_tls.o +TLS_FUNCS=y +endif + +ifdef CONFIG_EAP_UNAUTH_TLS +CFLAGS += -DEAP_SERVER_UNAUTH_TLS +ifndef CONFIG_EAP_TLS +OBJS += ../src/eap_server/eap_server_tls.o +TLS_FUNCS=y +endif +endif + +ifdef CONFIG_EAP_PEAP +CFLAGS += -DEAP_SERVER_PEAP +OBJS += ../src/eap_server/eap_server_peap.o +OBJS += ../src/eap_common/eap_peap_common.o +TLS_FUNCS=y +CONFIG_EAP_MSCHAPV2=y +endif + +ifdef CONFIG_EAP_TTLS +CFLAGS += -DEAP_SERVER_TTLS +OBJS += ../src/eap_server/eap_server_ttls.o +TLS_FUNCS=y +CHAP=y +endif + +ifdef CONFIG_EAP_MSCHAPV2 +CFLAGS += -DEAP_SERVER_MSCHAPV2 +OBJS += ../src/eap_server/eap_server_mschapv2.o +MS_FUNCS=y +endif + +ifdef CONFIG_EAP_GTC +CFLAGS += -DEAP_SERVER_GTC +OBJS += ../src/eap_server/eap_server_gtc.o +endif + +ifdef CONFIG_EAP_SIM +CFLAGS += -DEAP_SERVER_SIM +OBJS += ../src/eap_server/eap_server_sim.o +CONFIG_EAP_SIM_COMMON=y +NEED_AES_CBC=y +endif + +ifdef CONFIG_EAP_AKA +CFLAGS += -DEAP_SERVER_AKA +OBJS += ../src/eap_server/eap_server_aka.o +CONFIG_EAP_SIM_COMMON=y +NEED_SHA256=y +NEED_AES_CBC=y +endif + +ifdef CONFIG_EAP_AKA_PRIME +CFLAGS += -DEAP_SERVER_AKA_PRIME +endif + +ifdef CONFIG_EAP_SIM_COMMON +OBJS += ../src/eap_common/eap_sim_common.o +# Example EAP-SIM/AKA interface for GSM/UMTS authentication. This can be +# replaced with another file implementating the interface specified in +# eap_sim_db.h. +OBJS += ../src/eap_server/eap_sim_db.o +NEED_FIPS186_2_PRF=y +endif + +ifdef CONFIG_EAP_PAX +CFLAGS += -DEAP_SERVER_PAX +OBJS += ../src/eap_server/eap_server_pax.o ../src/eap_common/eap_pax_common.o +endif + +ifdef CONFIG_EAP_PSK +CFLAGS += -DEAP_SERVER_PSK +OBJS += ../src/eap_server/eap_server_psk.o ../src/eap_common/eap_psk_common.o +NEED_AES_OMAC1=y +NEED_AES_ENCBLOCK=y +NEED_AES_EAX=y +endif + +ifdef CONFIG_EAP_SAKE +CFLAGS += -DEAP_SERVER_SAKE +OBJS += ../src/eap_server/eap_server_sake.o ../src/eap_common/eap_sake_common.o +endif + +ifdef CONFIG_EAP_GPSK +CFLAGS += -DEAP_SERVER_GPSK +OBJS += ../src/eap_server/eap_server_gpsk.o ../src/eap_common/eap_gpsk_common.o +ifdef CONFIG_EAP_GPSK_SHA256 +CFLAGS += -DEAP_GPSK_SHA256 +endif +NEED_SHA256=y +NEED_AES_OMAC1=y +endif + +ifdef CONFIG_EAP_PWD +CFLAGS += -DEAP_SERVER_PWD +OBJS += ../src/eap_server/eap_server_pwd.o ../src/eap_common/eap_pwd_common.o +NEED_SHA256=y +endif + +ifdef CONFIG_EAP_EKE +CFLAGS += -DEAP_SERVER_EKE +OBJS += ../src/eap_server/eap_server_eke.o ../src/eap_common/eap_eke_common.o +NEED_DH_GROUPS=y +NEED_DH_GROUPS_ALL=y +endif + +ifdef CONFIG_EAP_VENDOR_TEST +CFLAGS += -DEAP_SERVER_VENDOR_TEST +OBJS += ../src/eap_server/eap_server_vendor_test.o +endif + +ifdef CONFIG_EAP_FAST +CFLAGS += -DEAP_SERVER_FAST +OBJS += ../src/eap_server/eap_server_fast.o +OBJS += ../src/eap_common/eap_fast_common.o +TLS_FUNCS=y +NEED_T_PRF=y +NEED_AES_UNWRAP=y +endif + +ifdef CONFIG_WPS +CFLAGS += -DCONFIG_WPS -DEAP_SERVER_WSC +OBJS += ../src/utils/uuid.o +OBJS += ../src/ap/wps_hostapd.o +OBJS += ../src/eap_server/eap_server_wsc.o ../src/eap_common/eap_wsc_common.o +OBJS += ../src/wps/wps.o +OBJS += ../src/wps/wps_common.o +OBJS += ../src/wps/wps_attr_parse.o +OBJS += ../src/wps/wps_attr_build.o +OBJS += ../src/wps/wps_attr_process.o +OBJS += ../src/wps/wps_dev_attr.o +OBJS += ../src/wps/wps_enrollee.o +OBJS += ../src/wps/wps_registrar.o +NEED_DH_GROUPS=y +NEED_SHA256=y +NEED_BASE64=y +NEED_AES_CBC=y +NEED_MODEXP=y +CONFIG_EAP=y + +ifdef CONFIG_WPS_NFC +CFLAGS += -DCONFIG_WPS_NFC +OBJS += ../src/wps/ndef.o +NEED_WPS_OOB=y +endif + +ifdef NEED_WPS_OOB +CFLAGS += -DCONFIG_WPS_OOB +endif + +ifdef CONFIG_WPS_UPNP +CFLAGS += -DCONFIG_WPS_UPNP +OBJS += ../src/wps/wps_upnp.o +OBJS += ../src/wps/wps_upnp_ssdp.o +OBJS += ../src/wps/wps_upnp_web.o +OBJS += ../src/wps/wps_upnp_event.o +OBJS += ../src/wps/wps_upnp_ap.o +OBJS += ../src/wps/upnp_xml.o +OBJS += ../src/wps/httpread.o +OBJS += ../src/wps/http_client.o +OBJS += ../src/wps/http_server.o +endif + +ifdef CONFIG_WPS_STRICT +CFLAGS += -DCONFIG_WPS_STRICT +OBJS += ../src/wps/wps_validate.o +endif + +ifdef CONFIG_WPS_TESTING +CFLAGS += -DCONFIG_WPS_TESTING +endif + +endif + +ifdef CONFIG_EAP_IKEV2 +CFLAGS += -DEAP_SERVER_IKEV2 +OBJS += ../src/eap_server/eap_server_ikev2.o ../src/eap_server/ikev2.o +OBJS += ../src/eap_common/eap_ikev2_common.o ../src/eap_common/ikev2_common.o +NEED_DH_GROUPS=y +NEED_DH_GROUPS_ALL=y +NEED_MODEXP=y +NEED_CIPHER=y +endif + +ifdef CONFIG_EAP_TNC +CFLAGS += -DEAP_SERVER_TNC +OBJS += ../src/eap_server/eap_server_tnc.o +OBJS += ../src/eap_server/tncs.o +NEED_BASE64=y +ifndef CONFIG_DRIVER_BSD +LIBS += -ldl +endif +endif + +# Basic EAP functionality is needed for EAPOL +OBJS += eap_register.o +OBJS += ../src/eap_server/eap_server.o +OBJS += ../src/eap_common/eap_common.o +OBJS += ../src/eap_server/eap_server_methods.o +OBJS += ../src/eap_server/eap_server_identity.o +CFLAGS += -DEAP_SERVER_IDENTITY + +ifdef CONFIG_EAP +CFLAGS += -DEAP_SERVER +endif + +ifdef CONFIG_PKCS12 +CFLAGS += -DPKCS12_FUNCS +endif + +ifdef MS_FUNCS +OBJS += ../src/crypto/ms_funcs.o +NEED_DES=y +NEED_MD4=y +endif + +ifdef CHAP +OBJS += ../src/eap_common/chap.o +endif + +ifdef TLS_FUNCS +NEED_DES=y +# Shared TLS functions (needed for EAP_TLS, EAP_PEAP, and EAP_TTLS) +CFLAGS += -DEAP_TLS_FUNCS +OBJS += ../src/eap_server/eap_server_tls_common.o +NEED_TLS_PRF=y +endif + +ifndef CONFIG_TLS +CONFIG_TLS=openssl +endif + +ifdef CONFIG_TLSV11 +CFLAGS += -DCONFIG_TLSV11 +endif + +ifdef CONFIG_TLSV12 +CFLAGS += -DCONFIG_TLSV12 +NEED_SHA256=y +endif + +ifeq ($(CONFIG_TLS), openssl) +ifdef TLS_FUNCS +OBJS += ../src/crypto/tls_openssl.o +LIBS += -lssl +endif +OBJS += ../src/crypto/crypto_openssl.o +HOBJS += ../src/crypto/crypto_openssl.o +ifdef NEED_FIPS186_2_PRF +OBJS += ../src/crypto/fips_prf_openssl.o +endif +LIBS += -lcrypto +LIBS_h += -lcrypto +endif + +ifeq ($(CONFIG_TLS), gnutls) +ifdef TLS_FUNCS +OBJS += ../src/crypto/tls_gnutls.o +LIBS += -lgnutls -lgpg-error +endif +OBJS += ../src/crypto/crypto_gnutls.o +HOBJS += ../src/crypto/crypto_gnutls.o +ifdef NEED_FIPS186_2_PRF +OBJS += ../src/crypto/fips_prf_internal.o +SHA1OBJS += ../src/crypto/sha1-internal.o +endif +LIBS += -lgcrypt +LIBS_h += -lgcrypt +CONFIG_INTERNAL_SHA256=y +CONFIG_INTERNAL_RC4=y +CONFIG_INTERNAL_DH_GROUP5=y +endif + +ifeq ($(CONFIG_TLS), schannel) +ifdef TLS_FUNCS +OBJS += ../src/crypto/tls_schannel.o +endif +OBJS += ../src/crypto/crypto_cryptoapi.o +OBJS_p += ../src/crypto/crypto_cryptoapi.o +CONFIG_INTERNAL_SHA256=y +CONFIG_INTERNAL_RC4=y +CONFIG_INTERNAL_DH_GROUP5=y +endif + +ifeq ($(CONFIG_TLS), internal) +ifndef CONFIG_CRYPTO +CONFIG_CRYPTO=internal +endif +ifdef TLS_FUNCS +OBJS += ../src/crypto/crypto_internal-rsa.o +OBJS += ../src/crypto/tls_internal.o +OBJS += ../src/tls/tlsv1_common.o +OBJS += ../src/tls/tlsv1_record.o +OBJS += ../src/tls/tlsv1_cred.o +OBJS += ../src/tls/tlsv1_server.o +OBJS += ../src/tls/tlsv1_server_write.o +OBJS += ../src/tls/tlsv1_server_read.o +OBJS += ../src/tls/asn1.o +OBJS += ../src/tls/rsa.o +OBJS += ../src/tls/x509v3.o +OBJS += ../src/tls/pkcs1.o +OBJS += ../src/tls/pkcs5.o +OBJS += ../src/tls/pkcs8.o +NEED_SHA256=y +NEED_BASE64=y +NEED_TLS_PRF=y +ifdef CONFIG_TLSV12 +NEED_TLS_PRF_SHA256=y +endif +NEED_MODEXP=y +NEED_CIPHER=y +CFLAGS += -DCONFIG_TLS_INTERNAL +CFLAGS += -DCONFIG_TLS_INTERNAL_SERVER +endif +ifdef NEED_CIPHER +NEED_DES=y +OBJS += ../src/crypto/crypto_internal-cipher.o +endif +ifdef NEED_MODEXP +OBJS += ../src/crypto/crypto_internal-modexp.o +OBJS += ../src/tls/bignum.o +endif +ifeq ($(CONFIG_CRYPTO), libtomcrypt) +OBJS += ../src/crypto/crypto_libtomcrypt.o +LIBS += -ltomcrypt -ltfm +LIBS_h += -ltomcrypt -ltfm +CONFIG_INTERNAL_SHA256=y +CONFIG_INTERNAL_RC4=y +CONFIG_INTERNAL_DH_GROUP5=y +endif +ifeq ($(CONFIG_CRYPTO), internal) +OBJS += ../src/crypto/crypto_internal.o +NEED_AES_DEC=y +CFLAGS += -DCONFIG_CRYPTO_INTERNAL +ifdef CONFIG_INTERNAL_LIBTOMMATH +CFLAGS += -DCONFIG_INTERNAL_LIBTOMMATH +ifdef CONFIG_INTERNAL_LIBTOMMATH_FAST +CFLAGS += -DLTM_FAST +endif +else +LIBS += -ltommath +LIBS_h += -ltommath +endif +CONFIG_INTERNAL_AES=y +CONFIG_INTERNAL_DES=y +CONFIG_INTERNAL_SHA1=y +CONFIG_INTERNAL_MD4=y +CONFIG_INTERNAL_MD5=y +CONFIG_INTERNAL_SHA256=y +CONFIG_INTERNAL_RC4=y +CONFIG_INTERNAL_DH_GROUP5=y +endif +ifeq ($(CONFIG_CRYPTO), cryptoapi) +OBJS += ../src/crypto/crypto_cryptoapi.o +OBJS_p += ../src/crypto/crypto_cryptoapi.o +CFLAGS += -DCONFIG_CRYPTO_CRYPTOAPI +CONFIG_INTERNAL_SHA256=y +CONFIG_INTERNAL_RC4=y +endif +endif + +ifeq ($(CONFIG_TLS), none) +ifdef TLS_FUNCS +OBJS += ../src/crypto/tls_none.o +CFLAGS += -DEAP_TLS_NONE +CONFIG_INTERNAL_AES=y +CONFIG_INTERNAL_SHA1=y +CONFIG_INTERNAL_MD5=y +endif +OBJS += ../src/crypto/crypto_none.o +OBJS_p += ../src/crypto/crypto_none.o +CONFIG_INTERNAL_SHA256=y +CONFIG_INTERNAL_RC4=y +endif + +ifndef TLS_FUNCS +OBJS += ../src/crypto/tls_none.o +ifeq ($(CONFIG_TLS), internal) +CONFIG_INTERNAL_AES=y +CONFIG_INTERNAL_SHA1=y +CONFIG_INTERNAL_MD5=y +CONFIG_INTERNAL_RC4=y +endif +endif + +AESOBJS = # none so far +ifdef CONFIG_INTERNAL_AES +AESOBJS += ../src/crypto/aes-internal.o ../src/crypto/aes-internal-enc.o +endif + +ifneq ($(CONFIG_TLS), openssl) +AESOBJS += ../src/crypto/aes-wrap.o +endif +ifdef NEED_AES_EAX +AESOBJS += ../src/crypto/aes-eax.o +NEED_AES_CTR=y +endif +ifdef NEED_AES_CTR +AESOBJS += ../src/crypto/aes-ctr.o +endif +ifdef NEED_AES_ENCBLOCK +AESOBJS += ../src/crypto/aes-encblock.o +endif +ifdef NEED_AES_OMAC1 +AESOBJS += ../src/crypto/aes-omac1.o +endif +ifdef NEED_AES_UNWRAP +ifneq ($(CONFIG_TLS), openssl) +NEED_AES_DEC=y +AESOBJS += ../src/crypto/aes-unwrap.o +endif +endif +ifdef NEED_AES_CBC +NEED_AES_DEC=y +AESOBJS += ../src/crypto/aes-cbc.o +endif +ifdef NEED_AES_DEC +ifdef CONFIG_INTERNAL_AES +AESOBJS += ../src/crypto/aes-internal-dec.o +endif +endif +ifdef NEED_AES +OBJS += $(AESOBJS) +endif + +ifdef NEED_SHA1 +ifneq ($(CONFIG_TLS), openssl) +SHA1OBJS += ../src/crypto/sha1.o +endif +SHA1OBJS += ../src/crypto/sha1-prf.o +ifdef CONFIG_INTERNAL_SHA1 +SHA1OBJS += ../src/crypto/sha1-internal.o +ifdef NEED_FIPS186_2_PRF +SHA1OBJS += ../src/crypto/fips_prf_internal.o +endif +endif +ifneq ($(CONFIG_TLS), openssl) +SHA1OBJS += ../src/crypto/sha1-pbkdf2.o +endif +ifdef NEED_T_PRF +SHA1OBJS += ../src/crypto/sha1-tprf.o +endif +ifdef NEED_TLS_PRF +SHA1OBJS += ../src/crypto/sha1-tlsprf.o +endif +endif + +ifdef NEED_SHA1 +OBJS += $(SHA1OBJS) +endif + +ifneq ($(CONFIG_TLS), openssl) +OBJS += ../src/crypto/md5.o +endif + +ifdef NEED_MD5 +ifdef CONFIG_INTERNAL_MD5 +OBJS += ../src/crypto/md5-internal.o +HOBJS += ../src/crypto/md5-internal.o +endif +endif + +ifdef NEED_MD4 +ifdef CONFIG_INTERNAL_MD4 +OBJS += ../src/crypto/md4-internal.o +endif +endif + +ifdef NEED_DES +ifdef CONFIG_INTERNAL_DES +OBJS += ../src/crypto/des-internal.o +endif +endif + +ifdef NEED_RC4 +ifdef CONFIG_INTERNAL_RC4 +OBJS += ../src/crypto/rc4.o +endif +endif + +ifdef NEED_SHA256 +CFLAGS += -DCONFIG_SHA256 +ifneq ($(CONFIG_TLS), openssl) +OBJS += ../src/crypto/sha256.o +endif +OBJS += ../src/crypto/sha256-prf.o +ifdef CONFIG_INTERNAL_SHA256 +OBJS += ../src/crypto/sha256-internal.o +endif +ifdef NEED_TLS_PRF_SHA256 +OBJS += ../src/crypto/sha256-tlsprf.o +endif +ifdef NEED_HMAC_SHA256_KDF +OBJS += ../src/crypto/sha256-kdf.o +endif +endif +ifdef NEED_SHA384 +CFLAGS += -DCONFIG_SHA384 +endif + +ifdef NEED_DH_GROUPS +OBJS += ../src/crypto/dh_groups.o +endif +ifdef NEED_DH_GROUPS_ALL +CFLAGS += -DALL_DH_GROUPS +endif +ifdef CONFIG_INTERNAL_DH_GROUP5 +ifdef NEED_DH_GROUPS +OBJS += ../src/crypto/dh_group5.o +endif +endif + +ifdef NEED_ECC +CFLAGS += -DCONFIG_ECC +endif + +ifdef CONFIG_NO_RANDOM_POOL +CFLAGS += -DCONFIG_NO_RANDOM_POOL +else +OBJS += ../src/crypto/random.o +HOBJS += ../src/crypto/random.o +HOBJS += ../src/utils/eloop.o +HOBJS += $(SHA1OBJS) +HOBJS += ../src/crypto/md5.o +endif + +ifdef CONFIG_RADIUS_SERVER +CFLAGS += -DRADIUS_SERVER +OBJS += ../src/radius/radius_server.o +endif + +ifdef CONFIG_IPV6 +CFLAGS += -DCONFIG_IPV6 +endif + +ifdef CONFIG_DRIVER_RADIUS_ACL +CFLAGS += -DCONFIG_DRIVER_RADIUS_ACL +endif + +ifdef CONFIG_FULL_DYNAMIC_VLAN +# define CONFIG_FULL_DYNAMIC_VLAN to have hostapd manipulate bridges +# and vlan interfaces for the vlan feature. +CFLAGS += -DCONFIG_FULL_DYNAMIC_VLAN +endif + +ifdef NEED_BASE64 +OBJS += ../src/utils/base64.o +endif + +ifdef NEED_AP_MLME +OBJS += ../src/ap/wmm.o +OBJS += ../src/ap/ap_list.o +OBJS += ../src/ap/ieee802_11.o +OBJS += ../src/ap/hw_features.o +OBJS += ../src/ap/dfs.o +CFLAGS += -DNEED_AP_MLME +endif +ifdef CONFIG_IEEE80211N +OBJS += ../src/ap/ieee802_11_ht.o +endif + +ifdef CONFIG_IEEE80211AC +OBJS += ../src/ap/ieee802_11_vht.o +endif + +ifdef CONFIG_P2P_MANAGER +CFLAGS += -DCONFIG_P2P_MANAGER +OBJS += ../src/ap/p2p_hostapd.o +endif + +ifdef CONFIG_HS20 +CFLAGS += -DCONFIG_HS20 +OBJS += ../src/ap/hs20.o +CONFIG_INTERWORKING=y +endif + +ifdef CONFIG_INTERWORKING +CFLAGS += -DCONFIG_INTERWORKING +OBJS += ../src/common/gas.o +OBJS += ../src/ap/gas_serv.o +endif + +ifdef CONFIG_PROXYARP +CFLAGS += -DCONFIG_PROXYARP +OBJS += ../src/ap/x_snoop.o +OBJS += ../src/ap/dhcp_snoop.o +ifdef CONFIG_IPV6 +OBJS += ../src/ap/ndisc_snoop.o +endif +endif + +OBJS += ../src/drivers/driver_common.o + +ifdef CONFIG_WPA_CLI_EDIT +OBJS_c += ../src/utils/edit.o +else +OBJS_c += ../src/utils/edit_simple.o +endif + +ifdef CONFIG_ACS +CFLAGS += -DCONFIG_ACS +OBJS += ../src/ap/acs.o +LIBS += -lm +endif + +ifdef CONFIG_NO_STDOUT_DEBUG +CFLAGS += -DCONFIG_NO_STDOUT_DEBUG +endif + +ifdef CONFIG_DEBUG_LINUX_TRACING +CFLAGS += -DCONFIG_DEBUG_LINUX_TRACING +endif + +ifdef CONFIG_DEBUG_FILE +CFLAGS += -DCONFIG_DEBUG_FILE +endif + +ifdef CONFIG_SQLITE +CFLAGS += -DCONFIG_SQLITE +LIBS += -lsqlite3 +LIBS_h += -lsqlite3 +endif + +ALL=hostapd hostapd_cli + +all: verify_config $(ALL) + +Q=@ +E=echo +ifeq ($(V), 1) +Q= +E=true +endif +ifeq ($(QUIET), 1) +Q=@ +E=true +endif + +ifdef CONFIG_CODE_COVERAGE +%.o: %.c + @$(E) " CC " $< + $(Q)cd $(dir $@); $(CC) -c -o $(notdir $@) $(CFLAGS) $(notdir $<) +else +%.o: %.c + $(Q)$(CC) -c -o $@ $(CFLAGS) $< + @$(E) " CC " $< +endif + +verify_config: + @if [ ! -r .config ]; then \ + echo 'Building hostapd requires a configuration file'; \ + echo '(.config). See README for more instructions. You can'; \ + echo 'run "cp defconfig .config" to create an example'; \ + echo 'configuration.'; \ + exit 1; \ + fi + +$(DESTDIR)$(BINDIR)/%: % + install -D $(<) $(@) + +install: $(addprefix $(DESTDIR)$(BINDIR)/,$(ALL)) + +../src/drivers/build.hostapd: + @if [ -f ../src/drivers/build.wpa_supplicant ]; then \ + $(MAKE) -C ../src/drivers clean; \ + fi + @touch ../src/drivers/build.hostapd + +BCHECK=../src/drivers/build.hostapd + +hostapd: $(BCHECK) $(OBJS) + $(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS) + @$(E) " LD " $@ + +ifdef CONFIG_WPA_TRACE +OBJS_c += ../src/utils/trace.o +endif +hostapd_cli: $(OBJS_c) + $(Q)$(CC) $(LDFLAGS) -o hostapd_cli $(OBJS_c) $(LIBS_c) + @$(E) " LD " $@ + +NOBJS = nt_password_hash.o ../src/crypto/ms_funcs.o $(SHA1OBJS) +NOBJS += ../src/utils/common.o +ifdef NEED_RC4 +ifdef CONFIG_INTERNAL_RC4 +NOBJS += ../src/crypto/rc4.o +endif +endif +ifdef CONFIG_INTERNAL_MD5 +NOBJS += ../src/crypto/md5-internal.o +endif +NOBJS += ../src/crypto/crypto_openssl.o ../src/utils/os_$(CONFIG_OS).o +NOBJS += ../src/utils/wpa_debug.o +NOBJS += ../src/utils/wpabuf.o +ifdef CONFIG_WPA_TRACE +NOBJS += ../src/utils/trace.o +LIBS_n += -lbfd +endif +ifdef TLS_FUNCS +LIBS_n += -lcrypto +endif + +HOBJS += hlr_auc_gw.o ../src/utils/common.o ../src/utils/wpa_debug.o ../src/utils/os_$(CONFIG_OS).o ../src/utils/wpabuf.o ../src/crypto/milenage.o +HOBJS += ../src/crypto/aes-encblock.o +ifdef CONFIG_INTERNAL_AES +HOBJS += ../src/crypto/aes-internal.o +HOBJS += ../src/crypto/aes-internal-enc.o +endif + +nt_password_hash: $(NOBJS) + $(Q)$(CC) $(LDFLAGS) -o nt_password_hash $(NOBJS) $(LIBS_n) + @$(E) " LD " $@ + +hlr_auc_gw: $(HOBJS) + $(Q)$(CC) $(LDFLAGS) -o hlr_auc_gw $(HOBJS) $(LIBS_h) + @$(E) " LD " $@ + +lcov-html: + lcov -c -d .. > lcov.info + genhtml lcov.info --output-directory lcov-html + +clean: + $(MAKE) -C ../src clean + rm -f core *~ *.o hostapd hostapd_cli nt_password_hash hlr_auc_gw + rm -f *.d *.gcno *.gcda *.gcov + rm -f lcov.info + rm -rf lcov-html + +-include $(OBJS:%.o=%.d) diff --git a/hostapd/README b/hostapd/README new file mode 100644 index 0000000..366b199 --- /dev/null +++ b/hostapd/README @@ -0,0 +1,366 @@ +hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP + Authenticator and RADIUS authentication server +================================================================ + +Copyright (c) 2002-2015, Jouni Malinen and contributors +All Rights Reserved. + +This program is licensed under the BSD license (the one with +advertisement clause removed). + +If you are submitting changes to the project, please see CONTRIBUTIONS +file for more instructions. + + + +License +------- + +This software may be distributed, used, and modified under the terms of +BSD license: + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name(s) of the above-listed copyright holder(s) nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + + +Introduction +============ + +Originally, hostapd was an optional user space component for Host AP +driver. It adds more features to the basic IEEE 802.11 management +included in the kernel driver: using external RADIUS authentication +server for MAC address based access control, IEEE 802.1X Authenticator +and dynamic WEP keying, RADIUS accounting, WPA/WPA2 (IEEE 802.11i/RSN) +Authenticator and dynamic TKIP/CCMP keying. + +The current version includes support for other drivers, an integrated +EAP server (i.e., allow full authentication without requiring +an external RADIUS authentication server), and RADIUS authentication +server for EAP authentication. + + +Requirements +------------ + +Current hardware/software requirements: +- drivers: + Host AP driver for Prism2/2.5/3. + (http://hostap.epitest.fi/) + Please note that station firmware version needs to be 1.7.0 or newer + to work in WPA mode. + + mac80211-based drivers that support AP mode (with driver=nl80211). + This includes drivers for Atheros (ath9k) and Broadcom (b43) + chipsets. + + Any wired Ethernet driver for wired IEEE 802.1X authentication + (experimental code) + + FreeBSD -current (with some kernel mods that have not yet been + committed when hostapd v0.3.0 was released) + BSD net80211 layer (e.g., Atheros driver) + + +Build configuration +------------------- + +In order to be able to build hostapd, you will need to create a build +time configuration file, .config that selects which optional +components are included. See defconfig file for example configuration +and list of available options. + + + +IEEE 802.1X +=========== + +IEEE Std 802.1X-2001 is a standard for port-based network access +control. In case of IEEE 802.11 networks, a "virtual port" is used +between each associated station and the AP. IEEE 802.11 specifies +minimal authentication mechanism for stations, whereas IEEE 802.1X +introduces a extensible mechanism for authenticating and authorizing +users. + +IEEE 802.1X uses elements called Supplicant, Authenticator, Port +Access Entity, and Authentication Server. Supplicant is a component in +a station and it performs the authentication with the Authentication +Server. An access point includes an Authenticator that relays the packets +between a Supplicant and an Authentication Server. In addition, it has a +Port Access Entity (PAE) with Authenticator functionality for +controlling the virtual port authorization, i.e., whether to accept +packets from or to the station. + +IEEE 802.1X uses Extensible Authentication Protocol (EAP). The frames +between a Supplicant and an Authenticator are sent using EAP over LAN +(EAPOL) and the Authenticator relays these frames to the Authentication +Server (and similarly, relays the messages from the Authentication +Server to the Supplicant). The Authentication Server can be colocated with the +Authenticator, in which case there is no need for additional protocol +for EAP frame transmission. However, a more common configuration is to +use an external Authentication Server and encapsulate EAP frame in the +frames used by that server. RADIUS is suitable for this, but IEEE +802.1X would also allow other mechanisms. + +Host AP driver includes PAE functionality in the kernel driver. It +is a relatively simple mechanism for denying normal frames going to +or coming from an unauthorized port. PAE allows IEEE 802.1X related +frames to be passed between the Supplicant and the Authenticator even +on an unauthorized port. + +User space daemon, hostapd, includes Authenticator functionality. It +receives 802.1X (EAPOL) frames from the Supplicant using the wlan#ap +device that is also used with IEEE 802.11 management frames. The +frames to the Supplicant are sent using the same device. + +The normal configuration of the Authenticator would use an external +Authentication Server. hostapd supports RADIUS encapsulation of EAP +packets, so the Authentication Server should be a RADIUS server, like +FreeRADIUS (http://www.freeradius.org/). The Authenticator in hostapd +relays the frames between the Supplicant and the Authentication +Server. It also controls the PAE functionality in the kernel driver by +controlling virtual port authorization, i.e., station-AP +connection, based on the IEEE 802.1X state. + +When a station would like to use the services of an access point, it +will first perform IEEE 802.11 authentication. This is normally done +with open systems authentication, so there is no security. After +this, IEEE 802.11 association is performed. If IEEE 802.1X is +configured to be used, the virtual port for the station is set in +Unauthorized state and only IEEE 802.1X frames are accepted at this +point. The Authenticator will then ask the Supplicant to authenticate +with the Authentication Server. After this is completed successfully, +the virtual port is set to Authorized state and frames from and to the +station are accepted. + +Host AP configuration for IEEE 802.1X +------------------------------------- + +The user space daemon has its own configuration file that can be used to +define AP options. Distribution package contains an example +configuration file (hostapd/hostapd.conf) that can be used as a basis +for configuration. It includes examples of all supported configuration +options and short description of each option. hostapd should be started +with full path to the configuration file as the command line argument, +e.g., './hostapd /etc/hostapd.conf'. If you have more that one wireless +LAN card, you can use one hostapd process for multiple interfaces by +giving a list of configuration files (one per interface) in the command +line. + +hostapd includes a minimal co-located IEEE 802.1X server which can be +used to test IEEE 802.1X authentication. However, it should not be +used in normal use since it does not provide any security. This can be +configured by setting ieee8021x and minimal_eap options in the +configuration file. + +An external Authentication Server (RADIUS) is configured with +auth_server_{addr,port,shared_secret} options. In addition, +ieee8021x and own_ip_addr must be set for this mode. With such +configuration, the co-located Authentication Server is not used and EAP +frames will be relayed using EAPOL between the Supplicant and the +Authenticator and RADIUS encapsulation between the Authenticator and +the Authentication Server. Other than this, the functionality is similar +to the case with the co-located Authentication Server. + +Authentication Server and Supplicant +------------------------------------ + +Any RADIUS server supporting EAP should be usable as an IEEE 802.1X +Authentication Server with hostapd Authenticator. FreeRADIUS +(http://www.freeradius.org/) has been successfully tested with hostapd +Authenticator and both Xsupplicant (http://www.open1x.org) and Windows +XP Supplicants. EAP/TLS was used with Xsupplicant and +EAP/MD5-Challenge with Windows XP. + +http://www.missl.cs.umd.edu/wireless/eaptls/ has useful information +about using EAP/TLS with FreeRADIUS and Xsupplicant (just replace +Cisco access point with Host AP driver, hostapd daemon, and a Prism2 +card ;-). http://www.freeradius.org/doc/EAP-MD5.html has information +about using EAP/MD5 with FreeRADIUS, including instructions for WinXP +configuration. http://www.denobula.com/EAPTLS.pdf has a HOWTO on +EAP/TLS use with WinXP Supplicant. + +Automatic WEP key configuration +------------------------------- + +EAP/TLS generates a session key that can be used to send WEP keys from +an AP to authenticated stations. The Authenticator in hostapd can be +configured to automatically select a random default/broadcast key +(shared by all authenticated stations) with wep_key_len_broadcast +option (5 for 40-bit WEP or 13 for 104-bit WEP). In addition, +wep_key_len_unicast option can be used to configure individual unicast +keys for stations. This requires support for individual keys in the +station driver. + +WEP keys can be automatically updated by configuring rekeying. This +will improve security of the network since same WEP key will only be +used for a limited period of time. wep_rekey_period option sets the +interval for rekeying in seconds. + + +WPA/WPA2 +======== + +Features +-------- + +Supported WPA/IEEE 802.11i features: +- WPA-PSK ("WPA-Personal") +- WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise") +- key management for CCMP, TKIP, WEP104, WEP40 +- RSN/WPA2 (IEEE 802.11i), including PMKSA caching and pre-authentication + +WPA +--- + +The original security mechanism of IEEE 802.11 standard was not +designed to be strong and has proved to be insufficient for most +networks that require some kind of security. Task group I (Security) +of IEEE 802.11 working group (http://www.ieee802.org/11/) has worked +to address the flaws of the base standard and has in practice +completed its work in May 2004. The IEEE 802.11i amendment to the IEEE +802.11 standard was approved in June 2004 and this amendment is likely +to be published in July 2004. + +Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version of the +IEEE 802.11i work (draft 3.0) to define a subset of the security +enhancements that can be implemented with existing wlan hardware. This +is called Wi-Fi Protected Access (WPA). This has now become a +mandatory component of interoperability testing and certification done +by Wi-Fi Alliance. Wi-Fi provides information about WPA at its web +site (http://www.wi-fi.org/OpenSection/protected_access.asp). + +IEEE 802.11 standard defined wired equivalent privacy (WEP) algorithm +for protecting wireless networks. WEP uses RC4 with 40-bit keys, +24-bit initialization vector (IV), and CRC32 to protect against packet +forgery. All these choices have proven to be insufficient: key space is +too small against current attacks, RC4 key scheduling is insufficient +(beginning of the pseudorandom stream should be skipped), IV space is +too small and IV reuse makes attacks easier, there is no replay +protection, and non-keyed authentication does not protect against bit +flipping packet data. + +WPA is an intermediate solution for the security issues. It uses +Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP is a +compromise on strong security and possibility to use existing +hardware. It still uses RC4 for the encryption like WEP, but with +per-packet RC4 keys. In addition, it implements replay protection, +keyed packet authentication mechanism (Michael MIC). + +Keys can be managed using two different mechanisms. WPA can either use +an external authentication server (e.g., RADIUS) and EAP just like +IEEE 802.1X is using or pre-shared keys without need for additional +servers. Wi-Fi calls these "WPA-Enterprise" and "WPA-Personal", +respectively. Both mechanisms will generate a master session key for +the Authenticator (AP) and Supplicant (client station). + +WPA implements a new key handshake (4-Way Handshake and Group Key +Handshake) for generating and exchanging data encryption keys between +the Authenticator and Supplicant. This handshake is also used to +verify that both Authenticator and Supplicant know the master session +key. These handshakes are identical regardless of the selected key +management mechanism (only the method for generating master session +key changes). + + +IEEE 802.11i / WPA2 +------------------- + +The design for parts of IEEE 802.11i that were not included in WPA has +finished (May 2004) and this amendment to IEEE 802.11 was approved in +June 2004. Wi-Fi Alliance is using the final IEEE 802.11i as a new +version of WPA called WPA2. This includes, e.g., support for more +robust encryption algorithm (CCMP: AES in Counter mode with CBC-MAC) +to replace TKIP and optimizations for handoff (reduced number of +messages in initial key handshake, pre-authentication, and PMKSA caching). + +Some wireless LAN vendors are already providing support for CCMP in +their WPA products. There is no "official" interoperability +certification for CCMP and/or mixed modes using both TKIP and CCMP, so +some interoperability issues can be expected even though many +combinations seem to be working with equipment from different vendors. +Testing for WPA2 is likely to start during the second half of 2004. + +hostapd configuration for WPA/WPA2 +---------------------------------- + +TODO + +# Enable WPA. Setting this variable configures the AP to require WPA (either +# WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either +# wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK. +# For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys), +# RADIUS authentication server must be configured, and WPA-EAP must be included +# in wpa_key_mgmt. +# This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0) +# and/or WPA2 (full IEEE 802.11i/RSN): +# bit0 = WPA +# bit1 = IEEE 802.11i/RSN (WPA2) +#wpa=1 + +# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit +# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase +# (8..63 characters) that will be converted to PSK. This conversion uses SSID +# so the PSK changes when ASCII passphrase is used and the SSID is changed. +#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef +#wpa_passphrase=secret passphrase + +# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The +# entries are separated with a space. +#wpa_key_mgmt=WPA-PSK WPA-EAP + +# Set of accepted cipher suites (encryption algorithms) for pairwise keys +# (unicast packets). This is a space separated list of algorithms: +# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i] +# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i] +# Group cipher suite (encryption algorithm for broadcast and multicast frames) +# is automatically selected based on this configuration. If only CCMP is +# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise, +# TKIP will be used as the group cipher. +#wpa_pairwise=TKIP CCMP + +# Time interval for rekeying GTK (broadcast/multicast encryption keys) in +# seconds. +#wpa_group_rekey=600 + +# Time interval for rekeying GMK (master key used internally to generate GTKs +# (in seconds). +#wpa_gmk_rekey=86400 + +# Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up +# roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN +# authentication and key handshake before actually associating with a new AP. +#rsn_preauth=1 +# +# Space separated list of interfaces from which pre-authentication frames are +# accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This list should include all +# interface that are used for connections to other APs. This could include +# wired interfaces and WDS links. The normal wireless data interface towards +# associated stations (e.g., wlan0) should not be added, since +# pre-authentication is only used with APs other than the currently associated +# one. +#rsn_preauth_interfaces=eth0 diff --git a/hostapd/README-WPS b/hostapd/README-WPS new file mode 100644 index 0000000..d5f713a --- /dev/null +++ b/hostapd/README-WPS @@ -0,0 +1,352 @@ +hostapd and Wi-Fi Protected Setup (WPS) +======================================= + +This document describes how the WPS implementation in hostapd can be +configured and how an external component on an AP (e.g., web UI) is +used to enable enrollment of client devices. + + +Introduction to WPS +------------------- + +Wi-Fi Protected Setup (WPS) is a mechanism for easy configuration of a +wireless network. It allows automated generation of random keys (WPA +passphrase/PSK) and configuration of an access point and client +devices. WPS includes number of methods for setting up connections +with PIN method and push-button configuration (PBC) being the most +commonly deployed options. + +While WPS can enable more home networks to use encryption in the +wireless network, it should be noted that the use of the PIN and +especially PBC mechanisms for authenticating the initial key setup is +not very secure. As such, use of WPS may not be suitable for +environments that require secure network access without chance for +allowing outsiders to gain access during the setup phase. + +WPS uses following terms to describe the entities participating in the +network setup: +- access point: the WLAN access point +- Registrar: a device that control a network and can authorize + addition of new devices); this may be either in the AP ("internal + Registrar") or in an external device, e.g., a laptop, ("external + Registrar") +- Enrollee: a device that is being authorized to use the network + +It should also be noted that the AP and a client device may change +roles (i.e., AP acts as an Enrollee and client device as a Registrar) +when WPS is used to configure the access point. + + +More information about WPS is available from Wi-Fi Alliance: +http://www.wi-fi.org/wifi-protected-setup + + +hostapd implementation +---------------------- + +hostapd includes an optional WPS component that can be used as an +internal WPS Registrar to manage addition of new WPS enabled clients +to the network. In addition, WPS Enrollee functionality in hostapd can +be used to allow external WPS Registrars to configure the access +point, e.g., for initial network setup. In addition, hostapd can proxy a +WPS registration between a wireless Enrollee and an external Registrar +(e.g., Microsoft Vista or Atheros JumpStart) with UPnP. + + +hostapd configuration +--------------------- + +WPS is an optional component that needs to be enabled in hostapd build +configuration (.config). Here is an example configuration that +includes WPS support and uses nl80211 driver interface: + +CONFIG_DRIVER_NL80211=y +CONFIG_WPS=y +CONFIG_WPS_UPNP=y + +Following parameter can be used to enable support for NFC config method: + +CONFIG_WPS_NFC=y + + +Following section shows an example runtime configuration +(hostapd.conf) that enables WPS: + +# Configure the driver and network interface +driver=nl80211 +interface=wlan0 + +# WPA2-Personal configuration for the AP +ssid=wps-test +wpa=2 +wpa_key_mgmt=WPA-PSK +wpa_pairwise=CCMP +# Default WPA passphrase for legacy (non-WPS) clients +wpa_passphrase=12345678 +# Enable random per-device PSK generation for WPS clients +# Please note that the file has to exists for hostapd to start (i.e., create an +# empty file as a starting point). +wpa_psk_file=/etc/hostapd.psk + +# Enable control interface for PBC/PIN entry +ctrl_interface=/var/run/hostapd + +# Enable internal EAP server for EAP-WSC (part of Wi-Fi Protected Setup) +eap_server=1 + +# WPS configuration (AP configured, do not allow external WPS Registrars) +wps_state=2 +ap_setup_locked=1 +# If UUID is not configured, it will be generated based on local MAC address. +uuid=87654321-9abc-def0-1234-56789abc0000 +wps_pin_requests=/var/run/hostapd.pin-req +device_name=Wireless AP +manufacturer=Company +model_name=WAP +model_number=123 +serial_number=12345 +device_type=6-0050F204-1 +os_version=01020300 +config_methods=label display push_button keypad + +# if external Registrars are allowed, UPnP support could be added: +#upnp_iface=br0 +#friendly_name=WPS Access Point + + +External operations +------------------- + +WPS requires either a device PIN code (usually, 8-digit number) or a +pushbutton event (for PBC) to allow a new WPS Enrollee to join the +network. hostapd uses the control interface as an input channel for +these events. + +The PIN value used in the commands must be processed by an UI to +remove non-digit characters and potentially, to verify the checksum +digit. "hostapd_cli wps_check_pin " can be used to do such +processing. It returns FAIL if the PIN is invalid, or FAIL-CHECKSUM if +the checksum digit is incorrect, or the processed PIN (non-digit +characters removed) if the PIN is valid. + +When a client device (WPS Enrollee) connects to hostapd (WPS +Registrar) in order to start PIN mode negotiation for WPS, an +identifier (Enrollee UUID) is sent. hostapd will need to be configured +with a device password (PIN) for this Enrollee. This is an operation +that requires user interaction (assuming there are no pre-configured +PINs on the AP for a set of Enrollee). + +The PIN request with information about the device is appended to the +wps_pin_requests file (/var/run/hostapd.pin-req in this example). In +addition, hostapd control interface event is sent as a notification of +a new device. The AP could use, e.g., a web UI for showing active +Enrollees to the user and request a PIN for an Enrollee. + +The PIN request file has one line for every Enrollee that connected to +the AP, but for which there was no PIN. Following information is +provided for each Enrollee (separated with tabulators): +- timestamp (seconds from 1970-01-01) +- Enrollee UUID +- MAC address +- Device name +- Manufacturer +- Model Name +- Model Number +- Serial Number +- Device category + +Example line in the /var/run/hostapd.pin-req file: +1200188391 53b63a98-d29e-4457-a2ed-094d7e6a669c Intel(R) Centrino(R) Intel Corporation Intel(R) Centrino(R) - - 1-0050F204-1 + +Control interface data: +WPS-PIN-NEEDED [UUID-E|MAC Address|Device Name|Manufacturer|Model Name|Model Number|Serial Number|Device Category] +For example: +<2>WPS-PIN-NEEDED [53b63a98-d29e-4457-a2ed-094d7e6a669c|02:12:34:56:78:9a|Device|Manuf|Model|Model Number|Serial Number|1-0050F204-1] + +When the user enters a PIN for a pending Enrollee, e.g., on the web +UI), hostapd needs to be notified of the new PIN over the control +interface. This can be done either by using the UNIX domain socket +-based control interface directly (src/common/wpa_ctrl.c provides +helper functions for using the interface) or by calling hostapd_cli. + +Example command to add a PIN (12345670) for an Enrollee: + +hostapd_cli wps_pin 53b63a98-d29e-4457-a2ed-094d7e6a669c 12345670 + +If the UUID-E is not available (e.g., Enrollee waits for the Registrar +to be selected before connecting), wildcard UUID may be used to allow +the PIN to be used once with any UUID: + +hostapd_cli wps_pin any 12345670 + +To reduce likelihood of PIN being used with other devices or of +forgetting an active PIN available for potential attackers, expiration +time in seconds can be set for the new PIN (value 0 indicates no +expiration): + +hostapd_cli wps_pin any 12345670 300 + +If the MAC address of the enrollee is known, it should be configured +to allow the AP to advertise list of authorized enrollees: + +hostapd_cli wps_pin 53b63a98-d29e-4457-a2ed-094d7e6a669c \ + 12345670 300 00:11:22:33:44:55 + + +After this, the Enrollee can connect to the AP again and complete WPS +negotiation. At that point, a new, random WPA PSK is generated for the +client device and the client can then use that key to connect to the +AP to access the network. + + +If the AP includes a pushbutton, WPS PBC mode can be used. It is +enabled by pushing a button on both the AP and the client at about the +same time (2 minute window). hostapd needs to be notified about the AP +button pushed event over the control interface, e.g., by calling +hostapd_cli: + +hostapd_cli wps_pbc + +At this point, the client has two minutes to complete WPS negotiation +which will generate a new WPA PSK in the same way as the PIN method +described above. + + +When an external Registrar is used, the AP can act as an Enrollee and +use its AP PIN. A static AP PIN (e.g., one one a label in the AP +device) can be configured in hostapd.conf (ap_pin parameter). A more +secure option is to use hostapd_cli wps_ap_pin command to enable the +AP PIN only based on user action (and even better security by using a +random AP PIN for each session, i.e., by using "wps_ap_pin random" +command with a timeout value). Following commands are available for +managing the dynamic AP PIN operations: + +hostapd_cli wps_ap_pin disable +- disable AP PIN (i.e., do not allow external Registrars to use it to + learn the current AP settings or to reconfigure the AP) + +hostapd_cli wps_ap_pin random [timeout] +- generate a random AP PIN and enable it +- if the optional timeout parameter is given, the AP PIN will be enabled + for the specified number of seconds + +hostapd_cli wps_ap_pin get +- fetch the current AP PIN + +hostapd_cli wps_ap_pin set [timeout] +- set the AP PIN and enable it +- if the optional timeout parameter is given, the AP PIN will be enabled + for the specified number of seconds + +hostapd_cli get_config +- display the current configuration + +hostapd_cli wps_config +examples: + hostapd_cli wps_config testing WPA2PSK CCMP 12345678 + hostapd_cli wps_config "no security" OPEN NONE "" + + must be one of the following: OPEN WPAPSK WPA2PSK + must be one of the following: NONE WEP TKIP CCMP + + +Credential generation and configuration changes +----------------------------------------------- + +By default, hostapd generates credentials for Enrollees and processing +AP configuration updates internally. However, it is possible to +control these operations from external programs, if desired. + +The internal credential generation can be disabled with +skip_cred_build=1 option in the configuration. extra_cred option will +then need to be used to provide pre-configured Credential attribute(s) +for hostapd to use. The exact data from this binary file will be sent, +i.e., it will have to include valid WPS attributes. extra_cred can +also be used to add additional networks if the Registrar is used to +configure credentials for multiple networks. + +Processing of received configuration updates can be disabled with +wps_cred_processing=1 option. When this is used, an external program +is responsible for creating hostapd configuration files and processing +configuration updates based on messages received from hostapd over +control interface. This will also include the initial configuration on +first successful registration if the AP is initially set in +unconfigured state. + +Following control interface messages are sent out for external programs: + +WPS-REG-SUCCESS +For example: +<2>WPS-REG-SUCCESS 02:66:a0:ee:17:27 2b7093f1-d6fb-5108-adbb-bea66bb87333 + +This can be used to trigger change from unconfigured to configured +state (random configuration based on the first successful WPS +registration). In addition, this can be used to update AP UI about the +status of WPS registration progress. + + +WPS-NEW-AP-SETTINGS +For example: +<2>WPS-NEW-AP-SETTINGS 10260001011045000c6a6b6d2d7770732d74657374100300020020100f00020008102700403065346230343536633236366665306433396164313535346131663462663731323433376163666462376633393965353466316631623032306164343438623510200006024231cede15101e000844 + +This can be used to update the externally stored AP configuration and +then update hostapd configuration (followed by restarting of hostapd). + + +WPS with NFC +------------ + +WPS can be used with NFC-based configuration method. An NFC tag +containing a password token from the Enrollee can be used to +authenticate the connection instead of the PIN. In addition, an NFC tag +with a configuration token can be used to transfer AP settings without +going through the WPS protocol. + +When the AP acts as an Enrollee, a local NFC tag with a password token +can be used by touching the NFC interface of an external Registrar. The +wps_nfc_token command is used to manage use of the NFC password token +from the AP. "wps_nfc_token enable" enables the use of the AP's NFC +password token (in place of AP PIN) and "wps_nfc_token disable" disables +the NFC password token. + +The NFC password token that is either pre-configured in the +configuration file (wps_nfc_dev_pw_id, wps_nfc_dh_pubkey, +wps_nfc_dh_privkey, wps_nfc_dev_pw) or generated dynamically with +"wps_nfc_token " command. The nfc_pw_token tool from +wpa_supplicant can be used to generate NFC password tokens during +manufacturing (each AP needs to have its own random keys). + +The "wps_nfc_config_token " command can be used to build an +NFC configuration token. The output value from this command is a hexdump +of the current AP configuration (WPS parameter requests this to include +only the WPS attributes; NDEF parameter requests additional NDEF +encapsulation to be included). This data needs to be written to an NFC +tag with an external program. Once written, the NFC configuration token +can be used to touch an NFC interface on a station to provision the +credentials needed to access the network. + +When the NFC device on the AP reads an NFC tag with a MIME media type +"application/vnd.wfa.wsc", the NDEF message payload (with or without +NDEF encapsulation) can be delivered to hostapd using the +following hostapd_cli command: + +wps_nfc_tag_read + +If the NFC tag contains a password token, the token is added to the +internal Registrar. This allows station Enrollee from which the password +token was received to run through WPS protocol to provision the +credential. + +"nfc_get_handover_sel " command can be used to build the +contents of a Handover Select Message for connection handover when this +does not depend on the contents of the Handover Request Message. The +first argument selects the format of the output data and the second +argument selects which type of connection handover is requested (WPS = +Wi-Fi handover as specified in WSC 2.0). + +"nfc_report_handover WPS +" is used to report completed NFC +connection handover. The first parameter indicates whether the local +device initiated or responded to the connection handover and the carrier +records are the selected carrier from the handover request and select +messages as a hexdump. diff --git a/hostapd/android.config b/hostapd/android.config new file mode 100644 index 0000000..938aa54 --- /dev/null +++ b/hostapd/android.config @@ -0,0 +1,184 @@ +# Example hostapd build time configuration +# +# This file lists the configuration options that are used when building the +# hostapd binary. All lines starting with # are ignored. Configuration option +# lines must be commented out complete, if they are not to be included, i.e., +# just setting VARIABLE=n is not disabling that variable. +# +# This file is included in Makefile, so variables like CFLAGS and LIBS can also +# be modified from here. In most cass, these lines should use += in order not +# to override previous values of the variables. + +# Driver interface for Host AP driver +#CONFIG_DRIVER_HOSTAP=y + +# Driver interface for wired authenticator +#CONFIG_DRIVER_WIRED=y + +# Driver interface for drivers using the nl80211 kernel interface +#CONFIG_DRIVER_NL80211=y +# driver_nl80211.c requires a rather new libnl (version 1.1) which may not be +# shipped with your distribution yet. If that is the case, you need to build +# newer libnl version and point the hostapd build to use it. +#LIBNL=/usr/src/libnl +#CFLAGS += -I$(LIBNL)/include +#LIBS += -L$(LIBNL)/lib +CONFIG_LIBNL20=y + +# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) +#CONFIG_DRIVER_BSD=y +#CFLAGS += -I/usr/local/include +#LIBS += -L/usr/local/lib +#LIBS_p += -L/usr/local/lib +#LIBS_c += -L/usr/local/lib + +# Driver interface for no driver (e.g., RADIUS server only) +#CONFIG_DRIVER_NONE=y + +# IEEE 802.11F/IAPP +#CONFIG_IAPP=y + +# WPA2/IEEE 802.11i RSN pre-authentication +#CONFIG_RSN_PREAUTH=y + +# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) +#CONFIG_PEERKEY=y + +# IEEE 802.11w (management frame protection) +# This version is an experimental implementation based on IEEE 802.11w/D1.0 +# draft and is subject to change since the standard has not yet been finalized. +# Driver support is also needed for IEEE 802.11w. +CONFIG_IEEE80211W=y + +# Integrated EAP server +#CONFIG_EAP=y + +# EAP-MD5 for the integrated EAP server +#CONFIG_EAP_MD5=y + +# EAP-TLS for the integrated EAP server +#CONFIG_EAP_TLS=y + +# EAP-MSCHAPv2 for the integrated EAP server +#CONFIG_EAP_MSCHAPV2=y + +# EAP-PEAP for the integrated EAP server +#CONFIG_EAP_PEAP=y + +# EAP-GTC for the integrated EAP server +#CONFIG_EAP_GTC=y + +# EAP-TTLS for the integrated EAP server +#CONFIG_EAP_TTLS=y + +# EAP-SIM for the integrated EAP server +#CONFIG_EAP_SIM=y + +# EAP-AKA for the integrated EAP server +#CONFIG_EAP_AKA=y + +# EAP-AKA' for the integrated EAP server +# This requires CONFIG_EAP_AKA to be enabled, too. +#CONFIG_EAP_AKA_PRIME=y + +# EAP-PAX for the integrated EAP server +#CONFIG_EAP_PAX=y + +# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) +#CONFIG_EAP_PSK=y + +# EAP-SAKE for the integrated EAP server +#CONFIG_EAP_SAKE=y + +# EAP-GPSK for the integrated EAP server +#CONFIG_EAP_GPSK=y +# Include support for optional SHA256 cipher suite in EAP-GPSK +#CONFIG_EAP_GPSK_SHA256=y + +# EAP-FAST for the integrated EAP server +# Note: Default OpenSSL package does not include support for all the +# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, +# the OpenSSL library must be patched (openssl-0.9.9-session-ticket.patch) +# to add the needed functions. +#CONFIG_EAP_FAST=y + +# Wi-Fi Protected Setup (WPS) +CONFIG_WPS=y +# Enable UPnP support for external WPS Registrars +#CONFIG_WPS_UPNP=y + +# EAP-IKEv2 +#CONFIG_EAP_IKEV2=y + +# Trusted Network Connect (EAP-TNC) +#CONFIG_EAP_TNC=y + +# PKCS#12 (PFX) support (used to read private key and certificate file from +# a file that usually has extension .p12 or .pfx) +CONFIG_PKCS12=y + +# RADIUS authentication server. This provides access to the integrated EAP +# server from external hosts using RADIUS. +#CONFIG_RADIUS_SERVER=y + +# Build IPv6 support for RADIUS operations +CONFIG_IPV6=y + +# IEEE Std 802.11r-2008 (Fast BSS Transition) +#CONFIG_IEEE80211R=y + +# Use the hostapd's IEEE 802.11 authentication (ACL), but without +# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211) +#CONFIG_DRIVER_RADIUS_ACL=y + +# IEEE 802.11n (High Throughput) support +CONFIG_IEEE80211N=y + +# Remove debugging code that is printing out debug messages to stdout. +# This can be used to reduce the size of the hostapd considerably if debugging +# code is not needed. +#CONFIG_NO_STDOUT_DEBUG=y + +# Add support for writing debug log to Android logcat instead of standard output +CONFIG_ANDROID_LOG=y + +# Remove support for RADIUS accounting +#CONFIG_NO_ACCOUNTING=y + +# Remove support for RADIUS +CONFIG_NO_RADIUS=y + +# Remove support for VLANs +#CONFIG_NO_VLAN=y + +# Remove support for dumping internal state through control interface commands +# This can be used to reduce binary size at the cost of disabling a debugging +# option. +#CONFIG_NO_DUMP_STATE=y + +# Select wrapper for operatins system and C library specific functions +# unix = UNIX/POSIX like systems (default) +# win32 = Windows systems +# none = Empty template +CONFIG_OS=unix + +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, comment out these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, comment out these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +# Enable AP +CONFIG_AP=y diff --git a/hostapd/config_file.c b/hostapd/config_file.c new file mode 100644 index 0000000..53143f7 --- /dev/null +++ b/hostapd/config_file.c @@ -0,0 +1,3402 @@ +/* + * hostapd / Configuration file parser + * Copyright (c) 2003-2015, Jouni Malinen + * + * This software may be distributed under the terms of the BSD license. + * See README for more details. + */ + +#include "utils/includes.h" +#ifndef CONFIG_NATIVE_WINDOWS +#include +#endif /* CONFIG_NATIVE_WINDOWS */ + +#include "utils/common.h" +#include "utils/uuid.h" +#include "common/ieee802_11_defs.h" +#include "drivers/driver.h" +#include "eap_server/eap.h" +#include "radius/radius_client.h" +#include "ap/wpa_auth.h" +#include "ap/ap_config.h" +#include "config_file.h" + + +#ifndef CONFIG_NO_RADIUS +#ifdef EAP_SERVER +static struct hostapd_radius_attr * +hostapd_parse_radius_attr(const char *value); +#endif /* EAP_SERVER */ +#endif /* CONFIG_NO_RADIUS */ + + +#ifndef CONFIG_NO_VLAN +static int hostapd_config_read_vlan_file(struct hostapd_bss_config *bss, + const char *fname) +{ + FILE *f; + char buf[128], *pos, *pos2; + int line = 0, vlan_id; + struct hostapd_vlan *vlan; + + f = fopen(fname, "r"); + if (!f) { + wpa_printf(MSG_ERROR, "VLAN file '%s' not readable.", fname); + return -1; + } + + while (fgets(buf, sizeof(buf), f)) { + line++; + + if (buf[0] == '#') + continue; + pos = buf; + while (*pos != '\0') { + if (*pos == '\n') { + *pos = '\0'; + break; + } + pos++; + } + if (buf[0] == '\0') + continue; + + if (buf[0] == '*') { + vlan_id = VLAN_ID_WILDCARD; + pos = buf + 1; + } else { + vlan_id = strtol(buf, &pos, 10); + if (buf == pos || vlan_id < 1 || + vlan_id > MAX_VLAN_ID) { + wpa_printf(MSG_ERROR, "Invalid VLAN ID at " + "line %d in '%s'", line, fname); + fclose(f); + return -1; + } + } + + while (*pos == ' ' || *pos == '\t') + pos++; + pos2 = pos; + while (*pos2 != ' ' && *pos2 != '\t' && *pos2 != '\0') + pos2++; + *pos2 = '\0'; + if (*pos == '\0' || os_strlen(pos) > IFNAMSIZ) { + wpa_printf(MSG_ERROR, "Invalid VLAN ifname at line %d " + "in '%s'", line, fname); + fclose(f); + return -1; + } + + vlan = os_zalloc(sizeof(*vlan)); + if (vlan == NULL) { + wpa_printf(MSG_ERROR, "Out of memory while reading " + "VLAN interfaces from '%s'", fname); + fclose(f); + return -1; + } + + vlan->vlan_id = vlan_id; + os_strlcpy(vlan->ifname, pos, sizeof(vlan->ifname)); + vlan->next = bss->vlan; + bss->vlan = vlan; + } + + fclose(f); + + return 0; +} +#endif /* CONFIG_NO_VLAN */ + + +static int hostapd_acl_comp(const void *a, const void *b) +{ + const struct mac_acl_entry *aa = a; + const struct mac_acl_entry *bb = b; + return os_memcmp(aa->addr, bb->addr, sizeof(macaddr)); +} + + +static int hostapd_config_read_maclist(const char *fname, + struct mac_acl_entry **acl, int *num) +{ + FILE *f; + char buf[128], *pos; + int line = 0; + u8 addr[ETH_ALEN]; + struct mac_acl_entry *newacl; + int vlan_id; + + if (!fname) + return 0; + + f = fopen(fname, "r"); + if (!f) { + wpa_printf(MSG_ERROR, "MAC list file '%s' not found.", fname); + return -1; + } + + while (fgets(buf, sizeof(buf), f)) { + int i, rem = 0; + + line++; + + if (buf[0] == '#') + continue; + pos = buf; + while (*pos != '\0') { + if (*pos == '\n') { + *pos = '\0'; + break; + } + pos++; + } + if (buf[0] == '\0') + continue; + pos = buf; + if (buf[0] == '-') { + rem = 1; + pos++; + } + + if (hwaddr_aton(pos, addr)) { + wpa_printf(MSG_ERROR, "Invalid MAC address '%s' at " + "line %d in '%s'", pos, line, fname); + fclose(f); + return -1; + } + + if (rem) { + i = 0; + while (i < *num) { + if (os_memcmp((*acl)[i].addr, addr, ETH_ALEN) == + 0) { + os_remove_in_array(*acl, *num, + sizeof(**acl), i); + (*num)--; + } else + i++; + } + continue; + } + vlan_id = 0; + pos = buf; + while (*pos != '\0' && *pos != ' ' && *pos != '\t') + pos++; + while (*pos == ' ' || *pos == '\t') + pos++; + if (*pos != '\0') + vlan_id = atoi(pos); + + newacl = os_realloc_array(*acl, *num + 1, sizeof(**acl)); + if (newacl == NULL) { + wpa_printf(MSG_ERROR, "MAC list reallocation failed"); + fclose(f); + return -1; + } + + *acl = newacl; + os_memcpy((*acl)[*num].addr, addr, ETH_ALEN); + (*acl)[*num].vlan_id = vlan_id; + (*num)++; + } + + fclose(f); + + qsort(*acl, *num, sizeof(**acl), hostapd_acl_comp); + + return 0; +} + + +#ifdef EAP_SERVER +static int hostapd_config_read_eap_user(const char *fname, + struct hostapd_bss_config *conf) +{ + FILE *f; + char buf[512], *pos, *start, *pos2; + int line = 0, ret = 0, num_methods; + struct hostapd_eap_user *user = NULL, *tail = NULL, *new_user = NULL; + + if (!fname) + return 0; + + if (os_strncmp(fname, "sqlite:", 7) == 0) { + os_free(conf->eap_user_sqlite); + conf->eap_user_sqlite = os_strdup(fname + 7); + return 0; + } + + f = fopen(fname, "r"); + if (!f) { + wpa_printf(MSG_ERROR, "EAP user file '%s' not found.", fname); + return -1; + } + + /* Lines: "user" METHOD,METHOD2 "password" (password optional) */ + while (fgets(buf, sizeof(buf), f)) { + line++; + + if (buf[0] == '#') + continue; + pos = buf; + while (*pos != '\0') { + if (*pos == '\n') { + *pos = '\0'; + break; + } + pos++; + } + if (buf[0] == '\0') + continue; + +#ifndef CONFIG_NO_RADIUS + if (user && os_strncmp(buf, "radius_accept_attr=", 19) == 0) { + struct hostapd_radius_attr *attr, *a; + attr = hostapd_parse_radius_attr(buf + 19); + if (attr == NULL) { + wpa_printf(MSG_ERROR, "Invalid radius_auth_req_attr: %s", + buf + 19); + user = NULL; /* already in the BSS list */ + goto failed; + } + if (user->accept_attr == NULL) { + user->accept_attr = attr; + } else { + a = user->accept_attr; + while (a->next) + a = a->next; + a->next = attr; + } + continue; + } +#endif /* CONFIG_NO_RADIUS */ + + user = NULL; + + if (buf[0] != '"' && buf[0] != '*') { + wpa_printf(MSG_ERROR, "Invalid EAP identity (no \" in " + "start) on line %d in '%s'", line, fname); + goto failed; + } + + user = os_zalloc(sizeof(*user)); + if (user == NULL) { + wpa_printf(MSG_ERROR, "EAP user allocation failed"); + goto failed; + } + user->force_version = -1; + + if (buf[0] == '*') { + pos = buf; + } else { + pos = buf + 1; + start = pos; + while (*pos != '"' && *pos != '\0') + pos++; + if (*pos == '\0') { + wpa_printf(MSG_ERROR, "Invalid EAP identity " + "(no \" in end) on line %d in '%s'", + line, fname); + goto failed; + } + + user->identity = os_malloc(pos - start); + if (user->identity == NULL) { + wpa_printf(MSG_ERROR, "Failed to allocate " + "memory for EAP identity"); + goto failed; + } + os_memcpy(user->identity, start, pos - start); + user->identity_len = pos - start; + + if (pos[0] == '"' && pos[1] == '*') { + user->wildcard_prefix = 1; + pos++; + } + } + pos++; + while (*pos == ' ' || *pos == '\t') + pos++; + + if (*pos == '\0') { + wpa_printf(MSG_ERROR, "No EAP method on line %d in " + "'%s'", line, fname); + goto failed; + } + + start = pos; + while (*pos != ' ' && *pos != '\t' && *pos != '\0') + pos++; + if (*pos == '\0') { + pos = NULL; + } else { + *pos = '\0'; + pos++; + } + num_methods = 0; + while (*start) { + char *pos3 = os_strchr(start, ','); + if (pos3) { + *pos3++ = '\0'; + } + user->methods[num_methods].method = + eap_server_get_type( + start, + &user->methods[num_methods].vendor); + if (user->methods[num_methods].vendor == + EAP_VENDOR_IETF && + user->methods[num_methods].method == EAP_TYPE_NONE) + { + if (os_strcmp(start, "TTLS-PAP") == 0) { + user->ttls_auth |= EAP_TTLS_AUTH_PAP; + goto skip_eap; + } + if (os_strcmp(start, "TTLS-CHAP") == 0) { + user->ttls_auth |= EAP_TTLS_AUTH_CHAP; + goto skip_eap; + } + if (os_strcmp(start, "TTLS-MSCHAP") == 0) { + user->ttls_auth |= + EAP_TTLS_AUTH_MSCHAP; + goto skip_eap; + } + if (os_strcmp(start, "TTLS-MSCHAPV2") == 0) { + user->ttls_auth |= + EAP_TTLS_AUTH_MSCHAPV2; + goto skip_eap; + } + if (os_strcmp(start, "MACACL") == 0) { + user->macacl = 1; + goto skip_eap; + } + wpa_printf(MSG_ERROR, "Unsupported EAP type " + "'%s' on line %d in '%s'", + start, line, fname); + goto failed; + } + + num_methods++; + if (num_methods >= EAP_MAX_METHODS) + break; + skip_eap: + if (pos3 == NULL) + break; + start = pos3; + } + if (num_methods == 0 && user->ttls_auth == 0 && !user->macacl) { + wpa_printf(MSG_ERROR, "No EAP types configured on " + "line %d in '%s'", line, fname); + goto failed; + } + + if (pos == NULL) + goto done; + + while (*pos == ' ' || *pos == '\t') + pos++; + if (*pos == '\0') + goto done; + + if (os_strncmp(pos, "[ver=0]", 7) == 0) { + user->force_version = 0; + goto done; + } + + if (os_strncmp(pos, "[ver=1]", 7) == 0) { + user->force_version = 1; + goto done; + } + + if (os_strncmp(pos, "[2]", 3) == 0) { + user->phase2 = 1; + goto done; + } + + if (*pos == '"') { + pos++; + start = pos; + while (*pos != '"' && *pos != '\0') + pos++; + if (*pos == '\0') { + wpa_printf(MSG_ERROR, "Invalid EAP password " + "(no \" in end) on line %d in '%s'", + line, fname); + goto failed; + } + + user->password = os_malloc(pos - start); + if (user->password == NULL) { + wpa_printf(MSG_ERROR, "Failed to allocate " + "memory for EAP password"); + goto failed; + } + os_memcpy(user->password, start, pos - start); + user->password_len = pos - start; + + pos++; + } else if (os_strncmp(pos, "hash:", 5) == 0) { + pos += 5; + pos2 = pos; + while (*pos2 != '\0' && *pos2 != ' ' && + *pos2 != '\t' && *pos2 != '#') + pos2++; + if (pos2 - pos != 32) { + wpa_printf(MSG_ERROR, "Invalid password hash " + "on line %d in '%s'", line, fname); + goto failed; + } + user->password = os_malloc(16); + if (user->password == NULL) { + wpa_printf(MSG_ERROR, "Failed to allocate " + "memory for EAP password hash"); + goto failed; + } + if (hexstr2bin(pos, user->password, 16) < 0) { + wpa_printf(MSG_ERROR, "Invalid hash password " + "on line %d in '%s'", line, fname); + goto failed; + } + user->password_len = 16; + user->password_hash = 1; + pos = pos2; + } else { + pos2 = pos; + while (*pos2 != '\0' && *pos2 != ' ' && + *pos2 != '\t' && *pos2 != '#') + pos2++; + if ((pos2 - pos) & 1) { + wpa_printf(MSG_ERROR, "Invalid hex password " + "on line %d in '%s'", line, fname); + goto failed; + } + user->password = os_malloc((pos2 - pos) / 2); + if (user->password == NULL) { + wpa_printf(MSG_ERROR, "Failed to allocate " + "memory for EAP password"); + goto failed; + } + if (hexstr2bin(pos, user->password, + (pos2 - pos) / 2) < 0) { + wpa_printf(MSG_ERROR, "Invalid hex password " + "on line %d in '%s'", line, fname); + goto failed; + } + user->password_len = (pos2 - pos) / 2; + pos = pos2; + } + + while (*pos == ' ' || *pos == '\t') + pos++; + if (os_strncmp(pos, "[2]", 3) == 0) { + user->phase2 = 1; + } + + done: + if (tail == NULL) { + tail = new_user = user; + } else { + tail->next = user; + tail = user; + } + continue; + + failed: + if (user) + hostapd_config_free_eap_user(user); + ret = -1; + break; + } + + fclose(f); + + if (ret == 0) { + user = conf->eap_user; + while (user) { + struct hostapd_eap_user *prev; + + prev = user; + user = user->next; + hostapd_config_free_eap_user(prev); + } + conf->eap_user = new_user; + } + + return ret; +} +#endif /* EAP_SERVER */ + + +#ifndef CONFIG_NO_RADIUS +static int +hostapd_config_read_radius_addr(struct hostapd_radius_server **server, + int *num_server, const char *val, int def_port, + struct hostapd_radius_server **curr_serv) +{ + struct hostapd_radius_server *nserv; + int ret; + static int server_index = 1; + + nserv = os_realloc_array(*server, *num_server + 1, sizeof(*nserv)); + if (nserv == NULL) + return -1; + + *server = nserv; + nserv = &nserv[*num_server]; + (*num_server)++; + (*curr_serv) = nserv; + + os_memset(nserv, 0, sizeof(*nserv)); + nserv->port = def_port; + ret = hostapd_parse_ip_addr(val, &nserv->addr); + nserv->index = server_index++; + + return ret; +} + + +static struct hostapd_radius_attr * +hostapd_parse_radius_attr(const char *value) +{ + const char *pos; + char syntax; + struct hostapd_radius_attr *attr; + size_t len; + + attr = os_zalloc(sizeof(*attr)); + if (attr == NULL) + return NULL; + + attr->type = atoi(value); + + pos = os_strchr(value, ':'); + if (pos == NULL) { + attr->val = wpabuf_alloc(1); + if (attr->val == NULL) { + os_free(attr); + return NULL; + } + wpabuf_put_u8(attr->val, 0); + return attr; + } + + pos++; + if (pos[0] == '\0' || pos[1] != ':') { + os_free(attr); + return NULL; + } + syntax = *pos++; + pos++; + + switch (syntax) { + case 's': + attr->val = wpabuf_alloc_copy(pos, os_strlen(pos)); + break; + case 'x': + len = os_strlen(pos); + if (len & 1) + break; + len /= 2; + attr->val = wpabuf_alloc(len); + if (attr->val == NULL) + break; + if (hexstr2bin(pos, wpabuf_put(attr->val, len), len) < 0) { + wpabuf_free(attr->val); + os_free(attr); + return NULL; + } + break; + case 'd': + attr->val = wpabuf_alloc(4); + if (attr->val) + wpabuf_put_be32(attr->val, atoi(pos)); + break; + default: + os_free(attr); + return NULL; + } + + if (attr->val == NULL) { + os_free(attr); + return NULL; + } + + return attr; +} + + +static int hostapd_parse_das_client(struct hostapd_bss_config *bss, + const char *val) +{ + char *secret; + + secret = os_strchr(val, ' '); + if (secret == NULL) + return -1; + + secret++; + + if (hostapd_parse_ip_addr(val, &bss->radius_das_client_addr)) + return -1; + + os_free(bss->radius_das_shared_secret); + bss->radius_das_shared_secret = (u8 *) os_strdup(secret); + if (bss->radius_das_shared_secret == NULL) + return -1; + bss->radius_das_shared_secret_len = os_strlen(secret); + + return 0; +} +#endif /* CONFIG_NO_RADIUS */ + + +static int hostapd_config_parse_key_mgmt(int line, const char *value) +{ + int val = 0, last; + char *start, *end, *buf; + + buf = os_strdup(value); + if (buf == NULL) + return -1; + start = buf; + + while (*start != '\0') { + while (*start == ' ' || *start == '\t') + start++; + if (*start == '\0') + break; + end = start; + while (*end != ' ' && *end != '\t' && *end != '\0') + end++; + last = *end == '\0'; + *end = '\0'; + if (os_strcmp(start, "WPA-PSK") == 0) + val |= WPA_KEY_MGMT_PSK; + else if (os_strcmp(start, "WPA-EAP") == 0) + val |= WPA_KEY_MGMT_IEEE8021X; +#ifdef CONFIG_IEEE80211R + else if (os_strcmp(start, "FT-PSK") == 0) + val |= WPA_KEY_MGMT_FT_PSK; + else if (os_strcmp(start, "FT-EAP") == 0) + val |= WPA_KEY_MGMT_FT_IEEE8021X; +#endif /* CONFIG_IEEE80211R */ +#ifdef CONFIG_IEEE80211W + else if (os_strcmp(start, "WPA-PSK-SHA256") == 0) + val |= WPA_KEY_MGMT_PSK_SHA256; + else if (os_strcmp(start, "WPA-EAP-SHA256") == 0) + val |= WPA_KEY_MGMT_IEEE8021X_SHA256; +#endif /* CONFIG_IEEE80211W */ +#ifdef CONFIG_SAE + else if (os_strcmp(start, "SAE") == 0) + val |= WPA_KEY_MGMT_SAE; + else if (os_strcmp(start, "FT-SAE") == 0) + val |= WPA_KEY_MGMT_FT_SAE; +#endif /* CONFIG_SAE */ +#ifdef CONFIG_SUITEB + else if (os_strcmp(start, "WPA-EAP-SUITE-B") == 0) + val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B; +#endif /* CONFIG_SUITEB */ +#ifdef CONFIG_SUITEB192 + else if (os_strcmp(start, "WPA-EAP-SUITE-B-192") == 0) + val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192; +#endif /* CONFIG_SUITEB192 */ + else { + wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'", + line, start); + os_free(buf); + return -1; + } + + if (last) + break; + start = end + 1; + } + + os_free(buf); + if (val == 0) { + wpa_printf(MSG_ERROR, "Line %d: no key_mgmt values " + "configured.", line); + return -1; + } + + return val; +} + + +static int hostapd_config_parse_cipher(int line, const char *value) +{ + int val = wpa_parse_cipher(value); + if (val < 0) { + wpa_printf(MSG_ERROR, "Line %d: invalid cipher '%s'.", + line, value); + return -1; + } + if (val == 0) { + wpa_printf(MSG_ERROR, "Line %d: no cipher values configured.", + line); + return -1; + } + return val; +} + + +static int hostapd_config_read_wep(struct hostapd_wep_keys *wep, int keyidx, + char *val) +{ + size_t len = os_strlen(val); + + if (keyidx < 0 || keyidx > 3 || wep->key[keyidx] != NULL) + return -1; + + if (val[0] == '"') { + if (len < 2 || val[len - 1] != '"') + return -1; + len -= 2; + wep->key[keyidx] = os_malloc(len); + if (wep->key[keyidx] == NULL) + return -1; + os_memcpy(wep->key[keyidx], val + 1, len); + wep->len[keyidx] = len; + } else { + if (len & 1) + return -1; + len /= 2; + wep->key[keyidx] = os_malloc(len); + if (wep->key[keyidx] == NULL) + return -1; + wep->len[keyidx] = len; + if (hexstr2bin(val, wep->key[keyidx], len) < 0) + return -1; + } + + wep->keys_set++; + + return 0; +} + + +static int hostapd_parse_intlist(int **int_list, char *val) +{ + int *list; + int count; + char *pos, *end; + + os_free(*int_list); + *int_list = NULL; + + pos = val; + count = 0; + while (*pos != '\0') { + if (*pos == ' ') + count++; + pos++; + } + + list = os_malloc(sizeof(int) * (count + 2)); + if (list == NULL) + return -1; + pos = val; + count = 0; + while (*pos != '\0') { + end = os_strchr(pos, ' '); + if (end) + *end = '\0'; + + list[count++] = atoi(pos); + if (!end) + break; + pos = end + 1; + } + list[count] = -1; + + *int_list = list; + return 0; +} + + +static int hostapd_config_bss(struct hostapd_config *conf, const char *ifname) +{ + struct hostapd_bss_config **all, *bss; + + if (*ifname == '\0') + return -1; + + all = os_realloc_array(conf->bss, conf->num_bss + 1, + sizeof(struct hostapd_bss_config *)); + if (all == NULL) { + wpa_printf(MSG_ERROR, "Failed to allocate memory for " + "multi-BSS entry"); + return -1; + } + conf->bss = all; + + bss = os_zalloc(sizeof(*bss)); + if (bss == NULL) + return -1; + bss->radius = os_zalloc(sizeof(*bss->radius)); + if (bss->radius == NULL) { + wpa_printf(MSG_ERROR, "Failed to allocate memory for " + "multi-BSS RADIUS data"); + os_free(bss); + return -1; + } + + conf->bss[conf->num_bss++] = bss; + conf->last_bss = bss; + + hostapd_config_defaults_bss(bss); + os_strlcpy(bss->iface, ifname, sizeof(bss->iface)); + os_memcpy(bss->ssid.vlan, bss->iface, IFNAMSIZ + 1); + + return 0; +} + + +/* convert floats with one decimal place to value*10 int, i.e., + * "1.5" will return 15 */ +static int hostapd_config_read_int10(const char *value) +{ + int i, d; + char *pos; + + i = atoi(value); + pos = os_strchr(value, '.'); + d = 0; + if (pos) { + pos++; + if (*pos >= '0' && *pos <= '9') + d = *pos - '0'; + } + + return i * 10 + d; +} + + +static int valid_cw(int cw) +{ + return (cw == 1 || cw == 3 || cw == 7 || cw == 15 || cw == 31 || + cw == 63 || cw == 127 || cw == 255 || cw == 511 || cw == 1023); +} + + +enum { + IEEE80211_TX_QUEUE_DATA0 = 0, /* used for EDCA AC_VO data */ + IEEE80211_TX_QUEUE_DATA1 = 1, /* used for EDCA AC_VI data */ + IEEE80211_TX_QUEUE_DATA2 = 2, /* used for EDCA AC_BE data */ + IEEE80211_TX_QUEUE_DATA3 = 3 /* used for EDCA AC_BK data */ +}; + +static int hostapd_config_tx_queue(struct hostapd_config *conf, char *name, + char *val) +{ + int num; + char *pos; + struct hostapd_tx_queue_params *queue; + + /* skip 'tx_queue_' prefix */ + pos = name + 9; + if (os_strncmp(pos, "data", 4) == 0 && + pos[4] >= '0' && pos[4] <= '9' && pos[5] == '_') { + num = pos[4] - '0'; + pos += 6; + } else if (os_strncmp(pos, "after_beacon_", 13) == 0 || + os_strncmp(pos, "beacon_", 7) == 0) { + wpa_printf(MSG_INFO, "DEPRECATED: '%s' not used", name); + return 0; + } else { + wpa_printf(MSG_ERROR, "Unknown tx_queue name '%s'", pos); + return -1; + } + + if (num >= NUM_TX_QUEUES) { + /* for backwards compatibility, do not trigger failure */ + wpa_printf(MSG_INFO, "DEPRECATED: '%s' not used", name); + return 0; + } + + queue = &conf->tx_queue[num]; + + if (os_strcmp(pos, "aifs") == 0) { + queue->aifs = atoi(val); + if (queue->aifs < 0 || queue->aifs > 255) { + wpa_printf(MSG_ERROR, "Invalid AIFS value %d", + queue->aifs); + return -1; + } + } else if (os_strcmp(pos, "cwmin") == 0) { + queue->cwmin = atoi(val); + if (!valid_cw(queue->cwmin)) { + wpa_printf(MSG_ERROR, "Invalid cwMin value %d", + queue->cwmin); + return -1; + } + } else if (os_strcmp(pos, "cwmax") == 0) { + queue->cwmax = atoi(val); + if (!valid_cw(queue->cwmax)) { + wpa_printf(MSG_ERROR, "Invalid cwMax value %d", + queue->cwmax); + return -1; + } + } else if (os_strcmp(pos, "burst") == 0) { + queue->burst = hostapd_config_read_int10(val); + } else { + wpa_printf(MSG_ERROR, "Unknown tx_queue field '%s'", pos); + return -1; + } + + return 0; +} + + +#ifdef CONFIG_IEEE80211R +static int add_r0kh(struct hostapd_bss_config *bss, char *value) +{ + struct ft_remote_r0kh *r0kh; + char *pos, *next; + + r0kh = os_zalloc(sizeof(*r0kh)); + if (r0kh == NULL) + return -1; + + /* 02:01:02:03:04:05 a.example.com 000102030405060708090a0b0c0d0e0f */ + pos = value; + next = os_strchr(pos, ' '); + if (next) + *next++ = '\0'; + if (next == NULL || hwaddr_aton(pos, r0kh->addr)) { + wpa_printf(MSG_ERROR, "Invalid R0KH MAC address: '%s'", pos); + os_free(r0kh); + return -1; + } + + pos = next; + next = os_strchr(pos, ' '); + if (next) + *next++ = '\0'; + if (next == NULL || next - pos > FT_R0KH_ID_MAX_LEN) { + wpa_printf(MSG_ERROR, "Invalid R0KH-ID: '%s'", pos); + os_free(r0kh); + return -1; + } + r0kh->id_len = next - pos - 1; + os_memcpy(r0kh->id, pos, r0kh->id_len); + + pos = next; + if (hexstr2bin(pos, r0kh->key, sizeof(r0kh->key))) { + wpa_printf(MSG_ERROR, "Invalid R0KH key: '%s'", pos); + os_free(r0kh); + return -1; + } + + r0kh->next = bss->r0kh_list; + bss->r0kh_list = r0kh; + + return 0; +} + + +static int add_r1kh(struct hostapd_bss_config *bss, char *value) +{ + struct ft_remote_r1kh *r1kh; + char *pos, *next; + + r1kh = os_zalloc(sizeof(*r1kh)); + if (r1kh == NULL) + return -1; + + /* 02:01:02:03:04:05 02:01:02:03:04:05 + * 000102030405060708090a0b0c0d0e0f */ + pos = value; + next = os_strchr(pos, ' '); + if (next) + *next++ = '\0'; + if (next == NULL || hwaddr_aton(pos, r1kh->addr)) { + wpa_printf(MSG_ERROR, "Invalid R1KH MAC address: '%s'", pos); + os_free(r1kh); + return -1; + } + + pos = next; + next = os_strchr(pos, ' '); + if (next) + *next++ = '\0'; + if (next == NULL || hwaddr_aton(pos, r1kh->id)) { + wpa_printf(MSG_ERROR, "Invalid R1KH-ID: '%s'", pos); + os_free(r1kh); + return -1; + } + + pos = next; + if (hexstr2bin(pos, r1kh->key, sizeof(r1kh->key))) { + wpa_printf(MSG_ERROR, "Invalid R1KH key: '%s'", pos); + os_free(r1kh); + return -1; + } + + r1kh->next = bss->r1kh_list; + bss->r1kh_list = r1kh; + + return 0; +} +#endif /* CONFIG_IEEE80211R */ + + +#ifdef CONFIG_IEEE80211N +static int hostapd_config_ht_capab(struct hostapd_config *conf, + const char *capab) +{ + if (os_strstr(capab, "[LDPC]")) + conf->ht_capab |= HT_CAP_INFO_LDPC_CODING_CAP; + if (os_strstr(capab, "[HT40-]")) { + conf->ht_capab |= HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET; + conf->secondary_channel = -1; + } + if (os_strstr(capab, "[HT40+]")) { + conf->ht_capab |= HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET; + conf->secondary_channel = 1; + } + if (os_strstr(capab, "[SMPS-STATIC]")) { + conf->ht_capab &= ~HT_CAP_INFO_SMPS_MASK; + conf->ht_capab |= HT_CAP_INFO_SMPS_STATIC; + } + if (os_strstr(capab, "[SMPS-DYNAMIC]")) { + conf->ht_capab &= ~HT_CAP_INFO_SMPS_MASK; + conf->ht_capab |= HT_CAP_INFO_SMPS_DYNAMIC; + } + if (os_strstr(capab, "[GF]")) + conf->ht_capab |= HT_CAP_INFO_GREEN_FIELD; + if (os_strstr(capab, "[SHORT-GI-20]")) + conf->ht_capab |= HT_CAP_INFO_SHORT_GI20MHZ; + if (os_strstr(capab, "[SHORT-GI-40]")) + conf->ht_capab |= HT_CAP_INFO_SHORT_GI40MHZ; + if (os_strstr(capab, "[TX-STBC]")) + conf->ht_capab |= HT_CAP_INFO_TX_STBC; + if (os_strstr(capab, "[RX-STBC1]")) { + conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK; + conf->ht_capab |= HT_CAP_INFO_RX_STBC_1; + } + if (os_strstr(capab, "[RX-STBC12]")) { + conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK; + conf->ht_capab |= HT_CAP_INFO_RX_STBC_12; + } + if (os_strstr(capab, "[RX-STBC123]")) { + conf->ht_capab &= ~HT_CAP_INFO_RX_STBC_MASK; + conf->ht_capab |= HT_CAP_INFO_RX_STBC_123; + } + if (os_strstr(capab, "[DELAYED-BA]")) + conf->ht_capab |= HT_CAP_INFO_DELAYED_BA; + if (os_strstr(capab, "[MAX-AMSDU-7935]")) + conf->ht_capab |= HT_CAP_INFO_MAX_AMSDU_SIZE; + if (os_strstr(capab, "[DSSS_CCK-40]")) + conf->ht_capab |= HT_CAP_INFO_DSSS_CCK40MHZ; + if (os_strstr(capab, "[40-INTOLERANT]")) + conf->ht_capab |= HT_CAP_INFO_40MHZ_INTOLERANT; + if (os_strstr(capab, "[LSIG-TXOP-PROT]")) + conf->ht_capab |= HT_CAP_INFO_LSIG_TXOP_PROTECT_SUPPORT; + + return 0; +} +#endif /* CONFIG_IEEE80211N */ + + +#ifdef CONFIG_IEEE80211AC +static int hostapd_config_vht_capab(struct hostapd_config *conf, + const char *capab) +{ + if (os_strstr(capab, "[MAX-MPDU-7991]")) + conf->vht_capab |= VHT_CAP_MAX_MPDU_LENGTH_7991; + if (os_strstr(capab, "[MAX-MPDU-11454]")) + conf->vht_capab |= VHT_CAP_MAX_MPDU_LENGTH_11454; + if (os_strstr(capab, "[VHT160]")) + conf->vht_capab |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ; + if (os_strstr(capab, "[VHT160-80PLUS80]")) + conf->vht_capab |= VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ; + if (os_strstr(capab, "[RXLDPC]")) + conf->vht_capab |= VHT_CAP_RXLDPC; + if (os_strstr(capab, "[SHORT-GI-80]")) + conf->vht_capab |= VHT_CAP_SHORT_GI_80; + if (os_strstr(capab, "[SHORT-GI-160]")) + conf->vht_capab |= VHT_CAP_SHORT_GI_160; + if (os_strstr(capab, "[TX-STBC-2BY1]")) + conf->vht_capab |= VHT_CAP_TXSTBC; + if (os_strstr(capab, "[RX-STBC-1]")) + conf->vht_capab |= VHT_CAP_RXSTBC_1; + if (os_strstr(capab, "[RX-STBC-12]")) + conf->vht_capab |= VHT_CAP_RXSTBC_2; + if (os_strstr(capab, "[RX-STBC-123]")) + conf->vht_capab |= VHT_CAP_RXSTBC_3; + if (os_strstr(capab, "[RX-STBC-1234]")) + conf->vht_capab |= VHT_CAP_RXSTBC_4; + if (os_strstr(capab, "[SU-BEAMFORMER]")) + conf->vht_capab |= VHT_CAP_SU_BEAMFORMER_CAPABLE; + if (os_strstr(capab, "[SU-BEAMFORMEE]")) + conf->vht_capab |= VHT_CAP_SU_BEAMFORMEE_CAPABLE; + if (os_strstr(capab, "[BF-ANTENNA-2]") && + (conf->vht_capab & VHT_CAP_SU_BEAMFORMEE_CAPABLE)) + conf->vht_capab |= (1 << VHT_CAP_BEAMFORMEE_STS_OFFSET); + if (os_strstr(capab, "[SOUNDING-DIMENSION-2]") && + (conf->vht_capab & VHT_CAP_SU_BEAMFORMER_CAPABLE)) + conf->vht_capab |= (1 << VHT_CAP_SOUNDING_DIMENSION_OFFSET); + if (os_strstr(capab, "[MU-BEAMFORMER]")) + conf->vht_capab |= VHT_CAP_MU_BEAMFORMER_CAPABLE; + if (os_strstr(capab, "[MU-BEAMFORMEE]")) + conf->vht_capab |= VHT_CAP_MU_BEAMFORMEE_CAPABLE; + if (os_strstr(capab, "[VHT-TXOP-PS]")) + conf->vht_capab |= VHT_CAP_VHT_TXOP_PS; + if (os_strstr(capab, "[HTC-VHT]")) + conf->vht_capab |= VHT_CAP_HTC_VHT; + if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP7]")) + conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX; + else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP6]")) + conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_6; + else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP5]")) + conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_5; + else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP4]")) + conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_4; + else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP3]")) + conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_3; + else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP2]")) + conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_2; + else if (os_strstr(capab, "[MAX-A-MPDU-LEN-EXP1]")) + conf->vht_capab |= VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_1; + if (os_strstr(capab, "[VHT-LINK-ADAPT2]") && + (conf->vht_capab & VHT_CAP_HTC_VHT)) + conf->vht_capab |= VHT_CAP_VHT_LINK_ADAPTATION_VHT_UNSOL_MFB; + if (os_strstr(capab, "[VHT-LINK-ADAPT3]") && + (conf->vht_capab & VHT_CAP_HTC_VHT)) + conf->vht_capab |= VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB; + if (os_strstr(capab, "[RX-ANTENNA-PATTERN]")) + conf->vht_capab |= VHT_CAP_RX_ANTENNA_PATTERN; + if (os_strstr(capab, "[TX-ANTENNA-PATTERN]")) + conf->vht_capab |= VHT_CAP_TX_ANTENNA_PATTERN; + return 0; +} +#endif /* CONFIG_IEEE80211AC */ + + +#ifdef CONFIG_INTERWORKING +static int parse_roaming_consortium(struct hostapd_bss_config *bss, char *pos, + int line) +{ + size_t len = os_strlen(pos); + u8 oi[MAX_ROAMING_CONSORTIUM_LEN]; + + struct hostapd_roaming_consortium *rc; + + if ((len & 1) || len < 2 * 3 || len / 2 > MAX_ROAMING_CONSORTIUM_LEN || + hexstr2bin(pos, oi, len / 2)) { + wpa_printf(MSG_ERROR, "Line %d: invalid roaming_consortium " + "'%s'", line, pos); + return -1; + } + len /= 2; + + rc = os_realloc_array(bss->roaming_consortium, + bss->roaming_consortium_count + 1, + sizeof(struct hostapd_roaming_consortium)); + if (rc == NULL) + return -1; + + os_memcpy(rc[bss->roaming_consortium_count].oi, oi, len); + rc[bss->roaming_consortium_count].len = len; + + bss->roaming_consortium = rc; + bss->roaming_consortium_count++; + + return 0; +} + + +static int parse_lang_string(struct hostapd_lang_string **array, + unsigned int *count, char *pos) +{ + char *sep, *str = NULL; + size_t clen, nlen, slen; + struct hostapd_lang_string *ls; + int ret = -1; + + if (*pos == '"' || (*pos == 'P' && pos[1] == '"')) { + str = wpa_config_parse_string(pos, &slen); + if (!str) + return -1; + pos = str; + } + + sep = os_strchr(pos, ':'); + if (sep == NULL) + goto fail; + *sep++ = '\0'; + + clen = os_strlen(pos); + if (clen < 2 || clen > sizeof(ls->lang)) + goto fail; + nlen = os_strlen(sep); + if (nlen > 252) + goto fail; + + ls = os_realloc_array(*array, *count + 1, + sizeof(struct hostapd_lang_string)); + if (ls == NULL) + goto fail; + + *array = ls; + ls = &(*array)[*count]; + (*count)++; + + os_memset(ls->lang, 0, sizeof(ls->lang)); + os_memcpy(ls->lang, pos, clen); + ls->name_len = nlen; + os_memcpy(ls->name, sep, nlen); + + ret = 0; +fail: + os_free(str); + return ret; +} + + +static int parse_venue_name(struct hostapd_bss_config *bss, char *pos, + int line) +{ + if (parse_lang_string(&bss->venue_name, &bss->venue_name_count, pos)) { + wpa_printf(MSG_ERROR, "Line %d: Invalid venue_name '%s'", + line, pos); + return -1; + } + return 0; +} + + +static int parse_3gpp_cell_net(struct hostapd_bss_config *bss, char *buf, + int line) +{ + size_t count; + char *pos; + u8 *info = NULL, *ipos; + + /* format: [;][;...] */ + + count = 1; + for (pos = buf; *pos; pos++) { + if ((*pos < '0' || *pos > '9') && *pos != ';' && *pos != ',') + goto fail; + if (*pos == ';') + count++; + } + if (1 + count * 3 > 0x7f) + goto fail; + + info = os_zalloc(2 + 3 + count * 3); + if (info == NULL) + return -1; + + ipos = info; + *ipos++ = 0; /* GUD - Version 1 */ + *ipos++ = 3 + count * 3; /* User Data Header Length (UDHL) */ + *ipos++ = 0; /* PLMN List IEI */ + /* ext(b8) | Length of PLMN List value contents(b7..1) */ + *ipos++ = 1 + count * 3; + *ipos++ = count; /* Number of PLMNs */ + + pos = buf; + while (pos && *pos) { + char *mcc, *mnc; + size_t mnc_len; + + mcc = pos; + mnc = os_strchr(pos, ','); + if (mnc == NULL) + goto fail; + *mnc++ = '\0'; + pos = os_strchr(mnc, ';'); + if (pos) + *pos++ = '\0'; + + mnc_len = os_strlen(mnc); + if (os_strlen(mcc) != 3 || (mnc_len != 2 && mnc_len != 3)) + goto fail; + + /* BC coded MCC,MNC */ + /* MCC digit 2 | MCC digit 1 */ + *ipos++ = ((mcc[1] - '0') << 4) | (mcc[0] - '0'); + /* MNC digit 3 | MCC digit 3 */ + *ipos++ = (((mnc_len == 2) ? 0xf0 : ((mnc[2] - '0') << 4))) | + (mcc[2] - '0'); + /* MNC digit 2 | MNC digit 1 */ + *ipos++ = ((mnc[1] - '0') << 4) | (mnc[0] - '0'); + } + + os_free(bss->anqp_3gpp_cell_net); + bss->anqp_3gpp_cell_net = info; + bss->anqp_3gpp_cell_net_len = 2 + 3 + 3 * count; + wpa_hexdump(MSG_MSGDUMP, "3GPP Cellular Network information", + bss->anqp_3gpp_cell_net, bss->anqp_3gpp_cell_net_len); + + return 0; + +fail: + wpa_printf(MSG_ERROR, "Line %d: Invalid anqp_3gpp_cell_net: %s", + line, buf); + os_free(info); + return -1; +} + + +static int parse_nai_realm(struct hostapd_bss_config *bss, char *buf, int line) +{ + struct hostapd_nai_realm_data *realm; + size_t i, j, len; + int *offsets; + char *pos, *end, *rpos; + + offsets = os_calloc(bss->nai_realm_count * MAX_NAI_REALMS, + sizeof(int)); + if (offsets == NULL) + return -1; + + for (i = 0; i < bss->nai_realm_count; i++) { + realm = &bss->nai_realm_data[i]; + for (j = 0; j < MAX_NAI_REALMS; j++) { + offsets[i * MAX_NAI_REALMS + j] = + realm->realm[j] ? + realm->realm[j] - realm->realm_buf : -1; + } + } + + realm = os_realloc_array(bss->nai_realm_data, bss->nai_realm_count + 1, + sizeof(struct hostapd_nai_realm_data)); + if (realm == NULL) { + os_free(offsets); + return -1; + } + bss->nai_realm_data = realm; + + /* patch the pointers after realloc */ + for (i = 0; i < bss->nai_realm_count; i++) { + realm = &bss->nai_realm_data[i]; + for (j = 0; j < MAX_NAI_REALMS; j++) { + int offs = offsets[i * MAX_NAI_REALMS + j]; + if (offs >= 0) + realm->realm[j] = realm->realm_buf + offs; + else + realm->realm[j] = NULL; + } + } + os_free(offsets); + + realm = &bss->nai_realm_data[bss->nai_realm_count]; + os_memset(realm, 0, sizeof(*realm)); + + pos = buf; + realm->encoding = atoi(pos); + pos = os_strchr(pos, ','); + if (pos == NULL) + goto fail; + pos++; + + end = os_strchr(pos, ','); + if (end) { + len = end - pos; + *end = '\0'; + } else { + len = os_strlen(pos); + } + + if (len > MAX_NAI_REALMLEN) { + wpa_printf(MSG_ERROR, "Too long a realm string (%d > max %d " + "characters)", (int) len, MAX_NAI_REALMLEN); + goto fail; + } + os_memcpy(realm->realm_buf, pos, len); + + if (end) + pos = end + 1; + else + pos = NULL; + + while (pos && *pos) { + struct hostapd_nai_realm_eap *eap; + + if (realm->eap_method_count >= MAX_NAI_EAP_METHODS) { + wpa_printf(MSG_ERROR, "Too many EAP methods"); + goto fail; + } + + eap = &realm->eap_method[realm->eap_method_count]; + realm->eap_method_count++; + + end = os_strchr(pos, ','); + if (end == NULL) + end = pos + os_strlen(pos); + + eap->eap_method = atoi(pos); + for (;;) { + pos = os_strchr(pos, '['); + if (pos == NULL || pos > end) + break; + pos++; + if (eap->num_auths >= MAX_NAI_AUTH_TYPES) { + wpa_printf(MSG_ERROR, "Too many auth params"); + goto fail; + } + eap->auth_id[eap->num_auths] = atoi(pos); + pos = os_strchr(pos, ':'); + if (pos == NULL || pos > end) + goto fail; + pos++; + eap->auth_val[eap->num_auths] = atoi(pos); + pos = os_strchr(pos, ']'); + if (pos == NULL || pos > end) + goto fail; + pos++; + eap->num_auths++; + } + + if (*end != ',') + break; + + pos = end + 1; + } + + /* Split realm list into null terminated realms */ + rpos = realm->realm_buf; + i = 0; + while (*rpos) { + if (i >= MAX_NAI_REALMS) { + wpa_printf(MSG_ERROR, "Too many realms"); + goto fail; + } + realm->realm[i++] = rpos; + rpos = os_strchr(rpos, ';'); + if (rpos == NULL) + break; + *rpos++ = '\0'; + } + + bss->nai_realm_count++; + + return 0; + +fail: + wpa_printf(MSG_ERROR, "Line %d: invalid nai_realm '%s'", line, buf); + return -1; +} + + +static int parse_qos_map_set(struct hostapd_bss_config *bss, + char *buf, int line) +{ + u8 qos_map_set[16 + 2 * 21], count = 0; + char *pos = buf; + int val; + + for (;;) { + if (count == sizeof(qos_map_set)) { + wpa_printf(MSG_ERROR, "Line %d: Too many qos_map_set " + "parameters '%s'", line, buf); + return -1; + } + + val = atoi(pos); + if (val > 255 || val < 0) { + wpa_printf(MSG_ERROR, "Line %d: Invalid qos_map_set " + "'%s'", line, buf); + return -1; + } + + qos_map_set[count++] = val; + pos = os_strchr(pos, ','); + if (!pos) + break; + pos++; + } + + if (count < 16 || count & 1) { + wpa_printf(MSG_ERROR, "Line %d: Invalid qos_map_set '%s'", + line, buf); + return -1; + } + + os_memcpy(bss->qos_map_set, qos_map_set, count); + bss->qos_map_set_len = count; + + return 0; +} + +#endif /* CONFIG_INTERWORKING */ + + +#ifdef CONFIG_HS20 +static int hs20_parse_conn_capab(struct hostapd_bss_config *bss, char *buf, + int line) +{ + u8 *conn_cap; + char *pos; + + if (bss->hs20_connection_capability_len >= 0xfff0) + return -1; + + conn_cap = os_realloc(bss->hs20_connection_capability, + bss->hs20_connection_capability_len + 4); + if (conn_cap == NULL) + return -1; + + bss->hs20_connection_capability = conn_cap; + conn_cap += bss->hs20_connection_capability_len; + pos = buf; + conn_cap[0] = atoi(pos); + pos = os_strchr(pos, ':'); + if (pos == NULL) + return -1; + pos++; + WPA_PUT_LE16(conn_cap + 1, atoi(pos)); + pos = os_strchr(pos, ':'); + if (pos == NULL) + return -1; + pos++; + conn_cap[3] = atoi(pos); + bss->hs20_connection_capability_len += 4; + + return 0; +} + + +static int hs20_parse_wan_metrics(struct hostapd_bss_config *bss, char *buf, + int line) +{ + u8 *wan_metrics; + char *pos; + + /* :
: