Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/wpa/dist Import wpa_supplicant and hostapd
details: https://anonhg.NetBSD.org/src/rev/a5e131ba663d
branches: trunk
changeset: 788665:a5e131ba663d
user: adam <adam%NetBSD.org@localhost>
date: Wed Jul 17 21:34:10 2013 +0000
description:
Import wpa_supplicant and hostapd
diffstat:
external/bsd/wpa/dist/hostapd/ChangeLog | 24 ++
external/bsd/wpa/dist/hostapd/hlr_auc_gw.c | 46 ++++-
external/bsd/wpa/dist/hostapd/hostapd.eap_user | 6 +
external/bsd/wpa/dist/src/ap/drv_callbacks.c | 9 +-
external/bsd/wpa/dist/src/common/version.h | 2 +-
external/bsd/wpa/dist/src/crypto/tls_openssl.c | 16 +-
external/bsd/wpa/dist/src/eap_common/eap_defs.h | 2 +-
external/bsd/wpa/dist/src/eap_common/eap_pwd_common.c | 2 +-
external/bsd/wpa/dist/src/eap_peer/eap.c | 22 ++-
external/bsd/wpa/dist/src/eap_peer/eap_aka.c | 4 +-
external/bsd/wpa/dist/src/eap_peer/eap_sim.c | 9 +-
external/bsd/wpa/dist/src/eap_server/eap_server_aka.c | 19 +-
external/bsd/wpa/dist/src/eap_server/eap_server_sim.c | 6 +-
external/bsd/wpa/dist/src/eap_server/eap_server_ttls.c | 16 +-
external/bsd/wpa/dist/src/eap_server/eap_sim_db.c | 75 +++++--
external/bsd/wpa/dist/src/eap_server/eap_sim_db.h | 17 +-
external/bsd/wpa/dist/src/eapol_supp/eapol_supp_sm.c | 5 +-
external/bsd/wpa/dist/src/p2p/p2p.c | 77 ++++++-
external/bsd/wpa/dist/src/p2p/p2p_go_neg.c | 11 +
external/bsd/wpa/dist/src/p2p/p2p_i.h | 2 +-
external/bsd/wpa/dist/src/p2p/p2p_invitation.c | 3 +-
external/bsd/wpa/dist/src/p2p/p2p_pd.c | 10 +-
external/bsd/wpa/dist/src/rsn_supp/pmksa_cache.c | 24 ++-
external/bsd/wpa/dist/src/rsn_supp/wpa.c | 12 +-
external/bsd/wpa/dist/src/wps/wps_common.c | 2 +-
external/bsd/wpa/dist/src/wps/wps_enrollee.c | 10 +-
external/bsd/wpa/dist/src/wps/wps_registrar.c | 14 +-
external/bsd/wpa/dist/wpa_supplicant/ChangeLog | 76 ++++++++
external/bsd/wpa/dist/wpa_supplicant/config.c | 23 +-
external/bsd/wpa/dist/wpa_supplicant/config_file.c | 34 +++-
external/bsd/wpa/dist/wpa_supplicant/config_ssid.h | 4 +
external/bsd/wpa/dist/wpa_supplicant/ctrl_iface.c | 81 +-------
external/bsd/wpa/dist/wpa_supplicant/ctrl_iface.h | 15 -
external/bsd/wpa/dist/wpa_supplicant/dbus/dbus_new.c | 11 +-
external/bsd/wpa/dist/wpa_supplicant/dbus/dbus_new_handlers.c | 40 ++++-
external/bsd/wpa/dist/wpa_supplicant/dbus/dbus_new_handlers.h | 4 +
external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_background.8 | 2 +-
external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_cli.8 | 2 +-
external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_gui.8 | 2 +-
external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_passphrase.8 | 2 +-
external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_priv.8 | 2 +-
external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_supplicant.8 | 2 +-
external/bsd/wpa/dist/wpa_supplicant/doc/docbook/wpa_supplicant.conf.5 | 2 +-
external/bsd/wpa/dist/wpa_supplicant/events.c | 7 +-
external/bsd/wpa/dist/wpa_supplicant/interworking.c | 1 +
external/bsd/wpa/dist/wpa_supplicant/p2p_supplicant.c | 56 ++++-
external/bsd/wpa/dist/wpa_supplicant/scan.c | 19 +-
external/bsd/wpa/dist/wpa_supplicant/sme.c | 2 +
external/bsd/wpa/dist/wpa_supplicant/wpa_gui-qt4/wpagui.cpp | 6 +-
external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant.c | 95 +++++++++-
external/bsd/wpa/dist/wpa_supplicant/wpa_supplicant_i.h | 16 +
external/bsd/wpa/dist/wpa_supplicant/wps_supplicant.c | 10 +-
52 files changed, 703 insertions(+), 256 deletions(-)
diffs (truncated from 2122 to 300 lines):
diff -r f1407d28d796 -r a5e131ba663d external/bsd/wpa/dist/hostapd/ChangeLog
--- a/external/bsd/wpa/dist/hostapd/ChangeLog Wed Jul 17 21:29:01 2013 +0000
+++ b/external/bsd/wpa/dist/hostapd/ChangeLog Wed Jul 17 21:34:10 2013 +0000
@@ -1,5 +1,29 @@
ChangeLog for hostapd
+2012-11-06 - v1.1
+ * Fix EAPOL processing when STA switches between multi-BSSes.
+ * EAP-TLS server: Fix a bug with TLS Message Length validation that
+ could result in the process terminating.
+ * Fix memory allocation failure handling in EAP-TTLS/MSCHAPv2 server.
+ * Fix EAP-FAST with OpenSSL 1.0.1.
+ * Fix WPA GTK rekeying with multiple VLANs.
+ * EAP-pwd: Increase maximum number of hunting-and-pecking iterations,
+ which results in less authentication attempts failing.
+ * hlr_auc_gw: Use 5 bit IND for SQN updates. The length of IND can be
+ configured on the command line with the new -i<IND len> parameter.
+ -i0 would make hlr_auc_gw behave the same as the prev implementation.
+ * EAP-AKA'
+ - Update to RFC 5448 in the leading characters used in the username.
+ This will make EAP-AKA' not interoperate between the earlier draft
+ version and the new version.
+ - server: Fix identity for MK derivation, when the EAP client is using
+ pseudonym.
+ * WPS:
+ - Fix nonce comparisons to compare all bytes, not just the first byte.
+ - Fix NFC password token building with WPS 2.0 to avoid wpabuf
+ overflow and application abort if NFC out-of-band mechanism is used
+ with WPS 2.0 enabled.
+
2012-04-18 - v1.0
* Add channel selection support in hostapd. See hostapd.conf.
* Add support for IEEE 802.11v Time Advertisement mechanism with UTC
diff -r f1407d28d796 -r a5e131ba663d external/bsd/wpa/dist/hostapd/hlr_auc_gw.c
--- a/external/bsd/wpa/dist/hostapd/hlr_auc_gw.c Wed Jul 17 21:29:01 2013 +0000
+++ b/external/bsd/wpa/dist/hostapd/hlr_auc_gw.c Wed Jul 17 21:34:10 2013 +0000
@@ -40,7 +40,11 @@
* text file in IMSI:Kc:SRES:RAND format, IMSI in ASCII, other fields as hex
* strings. This is used to simulate an HLR/AuC. As such, it is not very useful
* for real life authentication, but it is useful both as an example
- * implementation and for EAP-SIM testing.
+ * implementation and for EAP-SIM/AKA/AKA' testing.
+ *
+ * SQN generation follows the not time-based Profile 2 described in
+ * 3GPP TS 33.102 Annex C.3.2. The length of IND is 5 bits by default, but this
+ * can be changed with a command line options if needed.
*/
#include "includes.h"
@@ -53,6 +57,7 @@
static const char *default_socket_path = "/tmp/hlr_auc_gw.sock";
static const char *socket_path;
static int serv_sock = -1;
+static int ind_len = 5;
/* GSM triplets */
struct gsm_triplet {
@@ -466,6 +471,28 @@
}
+static void inc_sqn(u8 *sqn)
+{
+ u64 val, seq, ind;
+
+ /*
+ * SQN = SEQ | IND = SEQ1 | SEQ2 | IND
+ *
+ * The mechanism used here is not time-based, so SEQ2 is void and
+ * SQN = SEQ1 | IND. The length of IND is ind_len bits and the length
+ * of SEQ1 is 48 - ind_len bits.
+ */
+
+ /* Increment both SEQ and IND by one */
+ val = ((u64) WPA_GET_BE32(sqn) << 16) | ((u64) WPA_GET_BE16(sqn + 4));
+ seq = (val >> ind_len) + 1;
+ ind = (val + 1) & ((1 << ind_len) - 1);
+ val = (seq << ind_len) | ind;
+ WPA_PUT_BE32(sqn, val >> 16);
+ WPA_PUT_BE16(sqn + 4, val & 0xffff);
+}
+
+
static void aka_req_auth(int s, struct sockaddr_un *from, socklen_t fromlen,
char *imsi)
{
@@ -485,7 +512,7 @@
if (random_get_bytes(_rand, EAP_AKA_RAND_LEN) < 0)
return;
res_len = EAP_AKA_RES_MAX_LEN;
- inc_byte_array(m->sqn, 6);
+ inc_sqn(m->sqn);
printf("AKA: Milenage with SQN=%02x%02x%02x%02x%02x%02x\n",
m->sqn[0], m->sqn[1], m->sqn[2],
m->sqn[3], m->sqn[4], m->sqn[5]);
@@ -649,14 +676,16 @@
"\n"
"usage:\n"
"hlr_auc_gw [-h] [-s<socket path>] [-g<triplet file>] "
- "[-m<milenage file>]\n"
+ "[-m<milenage file>] \\\n"
+ " [-i<IND len in bits>]\n"
"\n"
"options:\n"
" -h = show this usage help\n"
" -s<socket path> = path for UNIX domain socket\n"
" (default: %s)\n"
" -g<triplet file> = path for GSM authentication triplets\n"
- " -m<milenage file> = path for Milenage keys\n",
+ " -m<milenage file> = path for Milenage keys\n"
+ " -i<IND len in bits> = IND length for SQN (default: 5)\n",
default_socket_path);
}
@@ -670,7 +699,7 @@
socket_path = default_socket_path;
for (;;) {
- c = getopt(argc, argv, "g:hm:s:");
+ c = getopt(argc, argv, "g:hi:m:s:");
if (c < 0)
break;
switch (c) {
@@ -680,6 +709,13 @@
case 'h':
usage();
return 0;
+ case 'i':
+ ind_len = atoi(optarg);
+ if (ind_len < 0 || ind_len > 32) {
+ printf("Invalid IND length\n");
+ return -1;
+ }
+ break;
case 'm':
milenage_file = optarg;
break;
diff -r f1407d28d796 -r a5e131ba663d external/bsd/wpa/dist/hostapd/hostapd.eap_user
--- a/external/bsd/wpa/dist/hostapd/hostapd.eap_user Wed Jul 17 21:29:01 2013 +0000
+++ b/external/bsd/wpa/dist/hostapd/hostapd.eap_user Wed Jul 17 21:34:10 2013 +0000
@@ -69,6 +69,9 @@
"3"* SIM,TTLS,TLS,PEAP,AKA
"4"* AKA,TTLS,TLS,PEAP,SIM
"5"* SIM,TTLS,TLS,PEAP,AKA
+"6"* AKA'
+"7"* AKA'
+"8"* AKA'
# Wildcard for all other identities
* PEAP,TTLS,TLS,SIM,AKA
@@ -89,3 +92,6 @@
"3"* SIM [2]
"4"* AKA [2]
"5"* SIM [2]
+"6"* AKA' [2]
+"7"* AKA' [2]
+"8"* AKA' [2]
diff -r f1407d28d796 -r a5e131ba663d external/bsd/wpa/dist/src/ap/drv_callbacks.c
--- a/external/bsd/wpa/dist/src/ap/drv_callbacks.c Wed Jul 17 21:29:01 2013 +0000
+++ b/external/bsd/wpa/dist/src/ap/drv_callbacks.c Wed Jul 17 21:34:10 2013 +0000
@@ -461,12 +461,15 @@
const u8 *data, size_t data_len)
{
struct hostapd_iface *iface = hapd->iface;
+ struct sta_info *sta;
size_t j;
for (j = 0; j < iface->num_bss; j++) {
- if (ap_get_sta(iface->bss[j], src)) {
- hapd = iface->bss[j];
- break;
+ if ((sta = ap_get_sta(iface->bss[j], src))) {
+ if (sta->flags & WLAN_STA_ASSOC) {
+ hapd = iface->bss[j];
+ break;
+ }
}
}
diff -r f1407d28d796 -r a5e131ba663d external/bsd/wpa/dist/src/common/version.h
--- a/external/bsd/wpa/dist/src/common/version.h Wed Jul 17 21:29:01 2013 +0000
+++ b/external/bsd/wpa/dist/src/common/version.h Wed Jul 17 21:34:10 2013 +0000
@@ -5,6 +5,6 @@
#define VERSION_STR_POSTFIX ""
#endif /* VERSION_STR_POSTFIX */
-#define VERSION_STR "1.0" VERSION_STR_POSTFIX
+#define VERSION_STR "1.1" VERSION_STR_POSTFIX
#endif /* VERSION_H */
diff -r f1407d28d796 -r a5e131ba663d external/bsd/wpa/dist/src/crypto/tls_openssl.c
--- a/external/bsd/wpa/dist/src/crypto/tls_openssl.c Wed Jul 17 21:29:01 2013 +0000
+++ b/external/bsd/wpa/dist/src/crypto/tls_openssl.c Wed Jul 17 21:34:10 2013 +0000
@@ -2785,6 +2785,7 @@
{
const EVP_CIPHER *c;
const EVP_MD *h;
+ int md_size;
if (conn == NULL || conn->ssl == NULL ||
conn->ssl->enc_read_ctx == NULL ||
@@ -2798,9 +2799,20 @@
#else
h = conn->ssl->read_hash;
#endif
-
+ if (h)
+ md_size = EVP_MD_size(h);
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+ else if (conn->ssl->s3)
+ md_size = conn->ssl->s3->tmp.new_mac_secret_size;
+#endif
+ else
+ return -1;
+
+ wpa_printf(MSG_DEBUG, "OpenSSL: keyblock size: key_len=%d MD_size=%d "
+ "IV_len=%d", EVP_CIPHER_key_length(c), md_size,
+ EVP_CIPHER_iv_length(c));
return 2 * (EVP_CIPHER_key_length(c) +
- EVP_MD_size(h) +
+ md_size +
EVP_CIPHER_iv_length(c));
}
diff -r f1407d28d796 -r a5e131ba663d external/bsd/wpa/dist/src/eap_common/eap_defs.h
--- a/external/bsd/wpa/dist/src/eap_common/eap_defs.h Wed Jul 17 21:29:01 2013 +0000
+++ b/external/bsd/wpa/dist/src/eap_common/eap_defs.h Wed Jul 17 21:34:10 2013 +0000
@@ -66,7 +66,7 @@
EAP_TYPE_PSK = 47 /* RFC 4764 */,
EAP_TYPE_SAKE = 48 /* RFC 4763 */,
EAP_TYPE_IKEV2 = 49 /* RFC 5106 */,
- EAP_TYPE_AKA_PRIME = 50 /* draft-arkko-eap-aka-kdf-10.txt */,
+ EAP_TYPE_AKA_PRIME = 50 /* RFC 5448 */,
EAP_TYPE_GPSK = 51 /* RFC 5433 */,
EAP_TYPE_PWD = 52 /* RFC 5931 */,
EAP_TYPE_EXPANDED = 254 /* RFC 3748 */
diff -r f1407d28d796 -r a5e131ba663d external/bsd/wpa/dist/src/eap_common/eap_pwd_common.c
--- a/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.c Wed Jul 17 21:29:01 2013 +0000
+++ b/external/bsd/wpa/dist/src/eap_common/eap_pwd_common.c Wed Jul 17 21:34:10 2013 +0000
@@ -160,7 +160,7 @@
os_memset(prfbuf, 0, primebytelen);
ctr = 0;
while (1) {
- if (ctr > 10) {
+ if (ctr > 30) {
wpa_printf(MSG_INFO, "EAP-pwd: unable to find random "
"point on curve for group %d, something's "
"fishy", num);
diff -r f1407d28d796 -r a5e131ba663d external/bsd/wpa/dist/src/eap_peer/eap.c
--- a/external/bsd/wpa/dist/src/eap_peer/eap.c Wed Jul 17 21:29:01 2013 +0000
+++ b/external/bsd/wpa/dist/src/eap_peer/eap.c Wed Jul 17 21:34:10 2013 +0000
@@ -881,7 +881,7 @@
static int eap_sm_imsi_identity(struct eap_sm *sm,
struct eap_peer_config *conf)
{
- int aka = 0;
+ enum { EAP_SM_SIM, EAP_SM_AKA, EAP_SM_AKA_PRIME } method = EAP_SM_SIM;
char imsi[100];
size_t imsi_len;
struct eap_method_type *m = conf->eap_methods;
@@ -903,8 +903,14 @@
for (i = 0; m && (m[i].vendor != EAP_VENDOR_IETF ||
m[i].method != EAP_TYPE_NONE); i++) {
if (m[i].vendor == EAP_VENDOR_IETF &&
+ m[i].method == EAP_TYPE_AKA_PRIME) {
+ method = EAP_SM_AKA_PRIME;
+ break;
+ }
+
+ if (m[i].vendor == EAP_VENDOR_IETF &&
m[i].method == EAP_TYPE_AKA) {
- aka = 1;
+ method = EAP_SM_AKA;
break;
}
}
@@ -917,7 +923,17 @@
return -1;
}
- conf->identity[0] = aka ? '0' : '1';
+ switch (method) {
+ case EAP_SM_SIM:
+ conf->identity[0] = '1';
+ break;
+ case EAP_SM_AKA:
+ conf->identity[0] = '0';
+ break;
+ case EAP_SM_AKA_PRIME:
+ conf->identity[0] = '6';
+ break;
+ }
os_memcpy(conf->identity + 1, imsi, imsi_len);
conf->identity_len = 1 + imsi_len;
diff -r f1407d28d796 -r a5e131ba663d external/bsd/wpa/dist/src/eap_peer/eap_aka.c
--- a/external/bsd/wpa/dist/src/eap_peer/eap_aka.c Wed Jul 17 21:29:01 2013 +0000
+++ b/external/bsd/wpa/dist/src/eap_peer/eap_aka.c Wed Jul 17 21:34:10 2013 +0000
@@ -1,6 +1,6 @@
/*
Home |
Main Index |
Thread Index |
Old Index