| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
While the EAPOL-Key MIC derivation was already changed from SHA256 to
SHA384 for the Suite B 192-bit AKM, KDF had not been updated similarly.
Fix this by using HMAC-SHA384 instead of HMAC-SHA256 when deriving PTK
from PMK when using the Suite B 192-bit AKM.
Signed-off-by: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The new CONFIG_NO_RC4=y build option can be used to remove all internal
hostapd and wpa_supplicant uses of RC4. It should be noted that external
uses (e.g., within a TLS library) do not get disabled when doing this.
This removes capability of supporting WPA/TKIP, dynamic WEP keys with
IEEE 802.1X, WEP shared key authentication, and MSCHAPv2 password
changes.
Signed-off-by: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
|
| |
This is needed when enabling TLSv1.2 support for EAP-FAST since the
SSL_export_keying_material() call does not support the needed parameters
for TLS PRF and the external-to-OpenSSL PRF needs to be used instead.
Signed-off-by: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
|
| |
This adds CONFIG_ELOOP_POLL=y and CONFIG_ELOOP_EPOLL=y options to
hostapd build options similarly to how these were implemented for
wpa_supplicant.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
| |
|
|
|
|
| |
This patch introduces infrastructure needed for FST module tests.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
| |
|
|
|
|
| |
This patch integrates the FST into the hostapd.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
| |
If BOARD_HOSTAPD_PRIVATE_LIB is not used on an Android build, we will
need to replace both the p2p functions *and* wpa_driver_nl80211_driver_cmd
in order to successfully link. Let's make the name more generic so it is
more obvious what it is used for.
Suggested-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Kevin Cernekee <cernekee@google.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When hostapd or wpa_supplicant is run in debug more with key material
prints allowed (-K on the command line), it is possible for passwords
and keying material to show up in debug prints. Since some of the debug
cases end up allocating a temporary buffer from the heap for processing
purposes, a copy of such password may remain in heap. Clear these
temporary buffers explicitly to avoid causing issues for hwsim test
cases that verify contents of memory against unexpected keys.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
| |
|
|
|
|
|
|
| |
This replaces the internal CBC mode implementation in
aes_128_cbc_encrypt() and aes_128_cbc_decrypt() with the OpenSSL
implementation for CONFIG_TLS=openssl builds.
Signed-off-by: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
|
| |
Commit 983c6a606bc839248ea0c69090e60c095a655bc6 ('OpenSSL: Replace
internal HMAC-MD5 implementation') forgot to make inclusion of md5.o
conditional for hlr_auc_gw build.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
| |
|
|
|
|
|
|
|
| |
SChannel/CryptoAPI as a TLS/crypto library alternative was never
completed. Critical functionality is missing and there are bugs in this
implementation. Since there are no known plans of completing this
support, it is better to remove this code.
Signed-off-by: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
|
| |
This replaces the implementation in aes-wrap.c and aes-unwrap.c with
OpenSSL AES_wrap_key() and AES_unwrap_key() functions when building
hostapd or wpa_supplicant with OpenSSL.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
| |
|
|
|
|
|
| |
Use OpenSSL HMAC_* functions to implement HMAC-MD5 instead of depending
on the src/crypto/md5.c implementation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
| |
|
|
|
|
|
| |
WPA-EAP-SUITE-B-192 can now be used to select 192-bit level Suite B into
use as the key management method.
Signed-off-by: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
| |
For now, this is only implemented with OpenSSL.
Signed-off-by: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
|
|
|
| |
NSS as a TLS/crypto library alternative was never completed and this
barely functional code does not even build with the current NSS version.
Taken into account that there has not been much interest in working on
this crypto wrapper over the years, it is better to just remove this
code rather than try to get it into somewhat more functional state.
Signed-off-by: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
| |
Introduce wpa_supplicant/hostapd hw features.
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
|
| |
|
|
|
|
|
| |
This makes the Android.mk for hostapd match the Makefile changes for
optional Hotspot 2.0 support.
Signed-off-by: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
|
|
| |
The new AKM uses a different mechanism of deriving the PMKID based on
KCK instead of PMK. hostapd was already doing this after the KCK had
been derived, but wpa_supplicant functionality needs to be moved from
processing of EAPOL-Key frame 1/4 to 3/4 to have the KCK available.
Signed-off-by: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The new "bss_load_update_period" parameter can be used to configure
hostapd to advertise its BSS Load element in Beacon and Probe Response
frames. This parameter is in the units of BUs (Beacon Units).
When enabled, the STA Count and the Channel Utilization value will be
updated periodically in the BSS Load element. The AAC is set to 0 sinze
explicit admission control is not supported. Channel Utilization is
calculated based on the channel survey information from the driver and
as such, requires a driver that supports providing that information for
the current operating channel.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
|
| |
|
|
| |
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| |
|
|
|
|
|
| |
This avoids large number of undesired compiler warnings since Android
build system is added -Wextra.
Signed-off-by: Greg Hackmann <ghackmann@google.com>
|
| |
|
|
|
|
|
|
|
| |
There is not much point in building devices with WPS 1.0 only supported
nowadays. As such, there is not sufficient justification for maintaining
extra complexity for the CONFIG_WPS2 build option either. Remove this by
enabling WSC 2.0 support unconditionally.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Previously, EAP-SIM/AKA/AKA' did not work with number of crypto
libraries (GnuTLS, CryptoAPI, NSS) since the required FIPS 186-2 PRF
function was not implemented. This resulted in somewhat confusing error
messages since the placeholder functions were silently returning an
error. Fix this by using the internal implementation of FIP 186-2 PRF
(including internal SHA-1 implementation) with crypto libraries that do
not implement this in case EAP-SIM/AKA/AKA' is included in the build.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
| |
|
|
| |
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
|
| |
|
|
| |
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| |
|
|
| |
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| |
|
|
|
|
|
|
| |
Need to use common EAP_GPSK_SHA256 define for this instead of the
server-specific EAP_SERVER_GPSK_SHA256 which was not really used
anywhere.
Signed-hostap: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
|
|
|
| |
This debugging mechanism has now been deprecated by the control
interface commands that can be used to fetch same internal information
from hostapd in a more convenient way. Leave the empty USR1 signal
handler and configuration file parameter for backwards compatibility.
They can be removed in future versions of hostapd.
Signed-hostap: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
| |
This brings in commit 0648c3b8f5c38bc2206758738278e074f6f5b11b changes
to add Linux tracing option for hostapd.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
|
| |
|
|
|
|
|
| |
This brings in commit fd2f2d0489635d590930bc0945fbc438ba1387e2 changes
to remove optional gnutls-extra dependency.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
|
| |
|
|
| |
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| |
|
|
| |
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| |
|
|
| |
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| |
|
|
|
|
| |
We now use an OpenSSL ENGINE to support keystore functionality.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| |
|
|
| |
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| |
|
|
|
|
|
|
| |
Add definitions of the Android specific directories used for control
interface sockets so that hostapd_cli can connect to the Android
hostapd.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
|
| |
|
|
| |
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| |
|
|
| |
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
|
| |
|
|
|
|
|
| |
This fixes Android build after commit
e76da5052980f301fe61f2fc0e1e7a5789716061 that added the new dfs.c file.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
|
| |
|
|
|
|
| |
This adds a new password-based EAP method defined in RFC 6124.
Signed-hostap: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
|
|
| |
This updates hostapd to build using the new keystore header file
location and adds a note that the old frameworks/base/cmds/keystore can
be removed at some point in the future when old Android releases do not
need to be supported.
Signed-hostap: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
|
| |
Replace CONFIG_IEEE80211V with CONFIG_WNM to get more consistent build
options for WNM-Sleep Mode operations. This is similar to the Makefile
change in commit ad3872a3720df13d8fc1a4345a5f0a8c3a204b4e.
Signed-hostap: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
| |
This brings the Android makefiles a bit closer to the Makefile changes
that had been missed in the past.
Signed-hostap: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
|
|
|
| |
This allows FFC groups to be used with SAE. Though, these groups are not
included in the default sae_groups value based on what is available
since the FFC groups have the additional requirement of using a safe
prime with the current implementation (or specification of the group
order).
Signed-hostap: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
| |
This makes the SAE implementation independent of the crypto/bignum
library.
Signed-hostap: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
| |
This adds derivation of PWE and the needed commit values so that the
full SAE commit message can be built.
Signed-hostap: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
| |
This is needed to fix the builds after commit
ee431d77a51b361b4697f2b737bcf46a1860a6fe.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
| |
The UFD (USB flash drive) configuration method was deprecated in WSC
2.0. Since this is not known to be used, remove the UFD implementation
from hostapd and wpa_supplicant to allow the WPS implementation to be
cleaned up. This removes the now unused OOB operations and ctrl_iface
commands that had already been deprecated by the new NFC operations.
Signed-hostap: Jouni Malinen <j@w1.fi>
|
| |
|
|
|
|
|
|
|
|
| |
The old WPS interface for using NFC has no known deployments and even
the binary libraries referenced here are not easily available anymore.
Since the new interface for using NFC with WPS covers the same
functionality, remove the old implementation to clean up WPS
implementation.
Signed-hostap: Jouni Malinen <j@w1.fi>
|
